[Gluster-users] Gluster EPEL _5_ packages not signed
Grant Byers
gbyers at indue.com.au
Mon Mar 10 01:00:11 UTC 2014
Kaleb,
See comment #12 in the following bugzilla ;
https://bugzilla.redhat.com/show_bug.cgi?id=436812
Apparently EL5 doesn't like V4 keys. Appears the trick is to put something like the following in your ~/.rpmmacros on your EL5 build box ;
%__gpg_sign_cmd %{__gpg} \
gpg --batch --no-verbose --no-armor --passphrase-fd 3 --no-secmem-warning \
-u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}
I tested this by signing an EL5 RPM I created on an EL6 box with a V4 key and it worked.
A Sharpie works well too, but people are going to question why one of your forearms is much larger than the other.
Regards,
Grant
-----Original Message-----
From: Kaleb Keithley [mailto:kkeithle at redhat.com]
Sent: Sunday, 9 March 2014 5:02 AM
To: Grant Byers
Cc: gluster-users at gluster.org
Subject: Re: [Gluster-users] Gluster EPEL _5_ packages not signed
>
> Are you sure yum is barfing on the signature?
...
error: rpmts_HdrFromFdno: Header V4 RSA/SHA1 signature: BAD, key ID 4ab22bb3
...
Dunno. You tell me. (But it sure looks like it's the signature to me.)
> Yum on EL5 will barf if your
> repo uses anything stronger than sha1 (sha) for checksums. The default is
> sha256 when using createrepo to build the metadata.
I've always used MD5 hashes to create the epel-5 repos, so...
>
> FWIW, I sign all of our internal EL5 packages and have no problem at all. If
> it's not the repo itself, perhaps it is key strength. I'd be happy to test
> an RPM on EL5 if you're willing to sign it. Perhaps an --addsign?
>
There's my mistake – all this time I've been signing them with a Sharpie felt
tip pen. ;-)
http://kkeithle.fedorapeople.org/for_grant/ has signed el5 RPMs. They don't
install for me on my CentOS 5.10 system, but you are welcome to try.
--
Kaleb
More information about the Gluster-users
mailing list