I'm trying to build rpm's that work with yum's checksig. I've tried e.g. rpmbuild -ba --sign wulfstat.spec (after setting up .rpmacros to contain directions to my gpg keyring and user name and telling it to use gpg). The rpm builds correctly and prompts me correctly for my gpg pass phrase to generate the required signature. I've also tried adding a signature to existing rpm's via e.g. -- rgb@ganesh|B:1208>rpm --addsign wulfstat-1.0.1-1.i386.rpm Enter pass phrase: Pass phrase is good. wulfstat-1.0.1-1.i386.rpm: warning: wulfstat-1.0.1-1.i386.rpm: was already signed by key ID e5637298, skipping Note that the rpmbuild signature was already there, and rpm was smart enough not to add it twice. However, when I CHECK the signature, rpm doesn't like it. Note that I've already used (as per rpm man page) rpm --export -a > gpg.pubkey and rpm --import gpg.pubkey so that [root@ganesh wulfware]# rpm -qa gpg-pubkey\* gpg-pubkey-e5637298-3eba9129 gpg-pubkey-72de25fe-3b79e9fe gpg-pubkey-4f2a6fd2-3f9d9d3b shows that rpm on this system knows about e5637298's public key. It SHOULD then be able to check the signature in the rpm and verify it, but neither rpm nor yum-arch -c can (apparently) do so: rgb@ganesh|B:1209>rpm --checksig wulfstat-1.0.1-1.i386.rpm wulfstat-1.0.1-1.i386.rpm: (SHA1) DSA sha1 md5 GPG NOT OK I'm trying to set up a way of using yum as a distribution mechanism for a related set of personally maintained packages, and this is the only remaining stumbling block. Obviously I could use gpgcheck = 0, but it seems equally obviously better/smarter to learn to build rpm's that gpgcheck correctly. So, what am I doing wrong, or leaving out? rgb -- Robert G. Brown http://www.phy.duke.edu/~rgb/ Duke University Dept. of Physics, Box 90305 Durham, N.C. 27708-0305 Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb@xxxxxxxxxxxx
