I'm recompiling some packages for CentOS (actually CentOS or RHEL) 5
and 6, and it's the first time I sign them with gpg. Everything worked
fine until I have to install them via yum (worked on EL6 but not on
EL5). I've already fixed %__gpg_sign_cmd to use --force-v3-sigs, but I
get the same error.
The packages are signed with the company's gpg key using:
$ rpm --resign *.rpm
My .rpmmacros looks like this:
%_signature gpg
%_gpg_name My Key To Sign
%__gpg_sign_cmd %{__gpg} \
gpg --force-v3-sigs --digest-algo=sha1 --batch --no-verbose --no-armor \
--passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" \
-sbo %{__signature_filename} %{__plaintext_filename}
I did the same procedure for EL5 and EL6 repositories. But only on
CentOS 6 rpms get installed with yum, while on CentOS 5 the signature
fails, but it's not clear to me in which way.
>From yum I get errors like this (key is hidden):
error: rpmts_HdrFromFdno: Header V3 RSA/SHA1 signature: BAD, key ID xxxxxxx
Checking on the packages downloaded I get similar errors:
$ rpm --checksig MyRPMPackage-0.0.1-1.el5.x86_64.rpm
MyRPMPackage-0.0.1-1.el5.x86_64.rpm: RSA sha1 MD5 PGP md5 NOT OK
What am I doing wrong here?
--
Martín Marqués http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxxxxx
http://lists.rpm.org/mailman/listinfo/rpm-list
