On 03/11/2014 09:18 PM, Martín Marqués wrote:
I'm recompiling some packages for CentOS (actually CentOS or RHEL) 5 and 6, and it's the first time I sign them with gpg. Everything worked fine until I have to install them via yum (worked on EL6 but not on EL5). I've already fixed %__gpg_sign_cmd to use --force-v3-sigs, but I get the same error. The packages are signed with the company's gpg key using: $ rpm --resign *.rpm My .rpmmacros looks like this: %_signature gpg %_gpg_name My Key To Sign %__gpg_sign_cmd %{__gpg} \ gpg --force-v3-sigs --digest-algo=sha1 --batch --no-verbose --no-armor \ --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" \ -sbo %{__signature_filename} %{__plaintext_filename} I did the same procedure for EL5 and EL6 repositories. But only on CentOS 6 rpms get installed with yum, while on CentOS 5 the signature fails, but it's not clear to me in which way. From yum I get errors like this (key is hidden): error: rpmts_HdrFromFdno: Header V3 RSA/SHA1 signature: BAD, key ID xxxxxxx Checking on the packages downloaded I get similar errors: $ rpm --checksig MyRPMPackage-0.0.1-1.el5.x86_64.rpm MyRPMPackage-0.0.1-1.el5.x86_64.rpm: RSA sha1 MD5 PGP md5 NOT OK What am I doing wrong here?
Probably nothing, technically speaking. Its just that support for RSA signatures is hopelessly buggy in rpm 4.4.x. Key larger than 1024bit is one possible cause of the problem.
Me, I wouldn't bother fighting it. DSA signatures are far more hasslefree on that version.
- Panu - _______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxxxxx http://lists.rpm.org/mailman/listinfo/rpm-list