Problems with signatures on CentOS5

Martín Marqués martin at 2ndquadrant.com
Tue Mar 11 19:18:45 UTC 2014


I'm recompiling some packages for CentOS (actually CentOS or RHEL) 5
and 6, and it's the first time I sign them with gpg. Everything worked
fine until I have to install them via yum (worked on EL6 but not on
EL5). I've already fixed %__gpg_sign_cmd to use --force-v3-sigs, but I
get the same error.

The packages are signed with the company's gpg key using:

$ rpm --resign *.rpm

My .rpmmacros looks like this:

%_signature gpg
%_gpg_name My Key To Sign
%__gpg_sign_cmd %{__gpg} \
    gpg --force-v3-sigs --digest-algo=sha1 --batch --no-verbose --no-armor \
    --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" \
    -sbo %{__signature_filename} %{__plaintext_filename}

I did the same procedure for EL5 and EL6 repositories. But only on
CentOS 6 rpms get installed with yum, while on CentOS 5 the signature
fails, but it's not clear to me in which way.

>From yum I get errors like this (key is hidden):

error: rpmts_HdrFromFdno: Header V3 RSA/SHA1 signature: BAD, key ID xxxxxxx

Checking on the packages downloaded I get similar errors:

$ rpm --checksig MyRPMPackage-0.0.1-1.el5.x86_64.rpm
MyRPMPackage-0.0.1-1.el5.x86_64.rpm: RSA sha1 MD5 PGP md5 NOT OK

What am I doing wrong here?

-- 
Martín Marqués http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services


More information about the Rpm-list mailing list