Kaleb, See comment #12 in the following bugzilla ; https://bugzilla.redhat.com/show_bug.cgi?id=436812 Apparently EL5 doesn't like V4 keys. Appears the trick is to put something like the following in your ~/.rpmmacros on your EL5 build box ; %__gpg_sign_cmd %{__gpg} \ gpg --batch --no-verbose --no-armor --passphrase-fd 3 --no-secmem-warning \ -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename} I tested this by signing an EL5 RPM I created on an EL6 box with a V4 key and it worked. A Sharpie works well too, but people are going to question why one of your forearms is much larger than the other. Regards, Grant -----Original Message----- From: Kaleb Keithley [mailto:kkeithle@xxxxxxxxxx] Sent: Sunday, 9 March 2014 5:02 AM To: Grant Byers Cc: gluster-users@xxxxxxxxxxx Subject: Re: Gluster EPEL _5_ packages not signed > > Are you sure yum is barfing on the signature? ... error: rpmts_HdrFromFdno: Header V4 RSA/SHA1 signature: BAD, key ID 4ab22bb3 ... Dunno. You tell me. (But it sure looks like it's the signature to me.) > Yum on EL5 will barf if your > repo uses anything stronger than sha1 (sha) for checksums. The default is > sha256 when using createrepo to build the metadata. I've always used MD5 hashes to create the epel-5 repos, so... > > FWIW, I sign all of our internal EL5 packages and have no problem at all. If > it's not the repo itself, perhaps it is key strength. I'd be happy to test > an RPM on EL5 if you're willing to sign it. Perhaps an --addsign? > There's my mistake – all this time I've been signing them with a Sharpie felt tip pen. ;-) http://kkeithle.fedorapeople.org/for_grant/ has signed el5 RPMs. They don't install for me on my CentOS 5.10 system, but you are welcome to try. -- Kaleb _______________________________________________ Gluster-users mailing list Gluster-users@xxxxxxxxxxx http://supercolony.gluster.org/mailman/listinfo/gluster-users
