Re: Problems with signatures on CentOS5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/11/2014 09:18 PM, Martín Marqués wrote:
I'm recompiling some packages for CentOS (actually CentOS or RHEL) 5
and 6, and it's the first time I sign them with gpg. Everything worked
fine until I have to install them via yum (worked on EL6 but not on
EL5). I've already fixed %__gpg_sign_cmd to use --force-v3-sigs, but I
get the same error.

The packages are signed with the company's gpg key using:

$ rpm --resign *.rpm

My .rpmmacros looks like this:

%_signature gpg
%_gpg_name My Key To Sign
%__gpg_sign_cmd %{__gpg} \
     gpg --force-v3-sigs --digest-algo=sha1 --batch --no-verbose --no-armor \
     --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" \
     -sbo %{__signature_filename} %{__plaintext_filename}

I did the same procedure for EL5 and EL6 repositories. But only on
CentOS 6 rpms get installed with yum, while on CentOS 5 the signature
fails, but it's not clear to me in which way.

 From yum I get errors like this (key is hidden):

error: rpmts_HdrFromFdno: Header V3 RSA/SHA1 signature: BAD, key ID xxxxxxx

Checking on the packages downloaded I get similar errors:

$ rpm --checksig MyRPMPackage-0.0.1-1.el5.x86_64.rpm
MyRPMPackage-0.0.1-1.el5.x86_64.rpm: RSA sha1 MD5 PGP md5 NOT OK

What am I doing wrong here?

Probably nothing, technically speaking. Its just that support for RSA signatures is hopelessly buggy in rpm 4.4.x. Key larger than 1024bit is one possible cause of the problem.

Me, I wouldn't bother fighting it. DSA signatures are far more hasslefree on that version.

	- Panu -




_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxxxxx
http://lists.rpm.org/mailman/listinfo/rpm-list





[Index of Archives]     [RPM Ecosystem]     [Linux Kernel]     [Red Hat Install]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat]     [Gimp]     [Yosemite News]     [IETF Discussion]

  Powered by Linux