Did you specify the gpgkey= for your custom repo. What you did should have worked but you may want to try specifying the location of your key in the repo definition. On 6/30/06, Chris St. Pierre <stpierre@xxxxxxxxxxxxxxxx> wrote:
Yes, I put the public key in /usr/share/rhn and used rpm --import to import it. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Fri, 30 Jun 2006, A.Fadyushin@xxxxxxxxxxxx wrote: >Did you copy the key necessary for verification of package signature to >the boxes where the signed RPM is to be installed? > >Alexey Fadyushin. >Brainbench MVP for Linux >http://www.brainbench.com > >> -----Original Message----- >> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- >> bounces@xxxxxxxxxx] On Behalf Of Chris St. Pierre >> Sent: Friday, June 30, 2006 7:03 PM >> To: redhat-list@xxxxxxxxxx >> Subject: "Package is not signed..." >> >> I've created an RPM and signed it, and I'm trying to distribute it to >> my various RHEL boxes. I've got a Yum repository going, and the boxes >> are communicating properly with it, but when I try to install the >> package, I get: >> >> Downloading headers to solve dependencies... >> ####################################### >> Downloading headers to solve dependencies... >> ######################################## >> heartbeat-2.0.5-1.i386.rpm: ########################## Done. >> The package heartbeat-2.0.5-1 is not signed with a GPG signature. >> Aborting... >> Package heartbeat-2.0.5-1 does not have a GPG signature. >> Aborting... >> >> But I signed the package myself, and the following commands succeed: >> >> $ rpm -Kv heartbeat-2.0.5-1.i386.rpm >> heartbeat-2.0.5-1.i386.rpm: >> Header V3 DSA signature: OK, key ID d42e7aef >> Header SHA1 digest: OK (4ebcf1aaf7832fae00e9c78a3c09b812e379f935) >> MD5 digest: OK (c15a01b644c5514ac9b73cfff7d8f644) >> V3 DSA signature: OK, key ID d42e7aef >> $ rpm --checksig heartbeat-2.0.5-1.i386.rpm >> heartbeat-2.0.5-1.i386.rpm: (sha1) dsa sha1 md5 gpg OK >> >> Note particularly that, in the case of --checksig, it reports that the >> gpg signature is OK! I'm running fully updated copies of RHEL 4: >> >> $ rpm -qv up2date >> up2date-4.4.67-4 >> >> The only similar problems I've found on google were with packages that >> weren't, in fact, signed, but rpm --checksig and -Kv return very >> different text in those cases. >> >> I've tried regenerating the Yum repository headers as well in case >> up2date was looking at those, but that didn't solve the problem. >> >> Thoughts? Thanks! >> >> Chris St. Pierre >> Unix Systems Administrator >> Nebraska Wesleyan University >> >> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >> https://www.redhat.com/mailman/listinfo/redhat-list > >-- >redhat-list mailing list >unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
