Bug 91525
Summary: | can't add signature to RPM | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Jason Verch <jason.verch> | ||||
Component: | rpm | Assignee: | Jeff Johnson <jbj> | ||||
Status: | CLOSED WORKSFORME | QA Contact: | Mike McLean <mikem> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 2.1 | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2003-06-19 17:17:01 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Jason Verch
2003-05-23 19:26:42 UTC
Can you siupply package that was signed and the public key for the signature? Thanks ... Created attachment 92491 [details]
the rpm that fails to get signed
Here is what I did.. I attached the RPM in question. [root@nmuedsl01 kernel]# rpm -K /tmp/lgtoman-6.1.3-1.i386.rpm /tmp/lgtoman-6.1.3-1.i386.rpm: md5 OK [root@nmuedsl01 kernel]# rpm --addsign /tmp/lgtoman-6.1.3-1.i386.rpm Enter pass phrase: Pass phrase is good. /tmp/lgtoman-6.1.3-1.i386.rpm: [root@nmuedsl01 kernel]# rpm -K /tmp/lgtoman-6.1.3-1.i386.rpm error: /tmp/lgtoman-6.1.3-1.i386.rpm: No signature available [root@nmuedsl01 kernel]# rpm --version RPM version 4.0.4 Sorry for the multiple updates.. Here is the public key of the signer. [root@nmuedsl01 tmp]# gpg --armor --export root -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBD2sYt0RBAC0WZuL8UiPBPtexUGEwHjvNrOvMBe/4DkOxz9lxdwmEjycNJ96 dqFnjycm7GmFBAzWZl6ZjdLs2UqYuSC8CaMaKStxF+FkXX2GKvvoZMpSi9T9ejnW U/8fznIQrwo7fTBblyV6EhYPD2pfPc/aG5u+TGgbdGcMbZc+sU+ewdklpwCgr8tM WAEHlFmLVPUJ+gBJVuevfc8D/3f2HPAoQ2kt07NrNvpiuQsfCzmudJoeCB9jzMde x2nlt1r6VmnXErb35wbTjwn+EYD15YtveHYiVvM5B821cznSgKkb/NQOvNxjiITH dcRQhevG8sZYTfGPaEkLntLVXURJqhIdvCo4V+ErXIriCTvB9iDGe1TNpNy7jkyi n3+SA/9c3jDWe0QhC3NViS00Kbkpyo+pbvbAcs+fweA09BgTtxsbAkkuaplJfR8y 9cSl90R8T3vkduqWRubR78ZCFWxz51SOhRqwJy/mi4f3xDDQ9P7N6gje72Q3YRcn LCb/XL7A1sgghIuCH21gYxw5Jij6K/u/bTMkp7jSTxNWmQh7frQeUm9vdCBVc2Vy IChSb290KSA8cm9vdEBncy5jb20+iFcEExECABcFAj2sYt0FCwcKAwQDFQMCAxYC AQIXgAAKCRAlDu78vBGK1cgcAJ9pEEwsk9D9lQhfI9Dn1OWGmiBXWQCfbZbqytUN 1QR1A9FBJzrsvdBkjSu5AQ0EPaxi3hAEAJ/gCmEldZ4x8ZeiEofac+ZZEZOUssF1 87MAPL8+WY5rvaXsRHDbIP2ITK1Z4P4DGY6jVpUFGsqbsjuVWHBrICiNtpVCwybP RRoOR8FWy7w3qOunfycy6QL8EhnaFNO8xxW9MfdWrP391dYIQ6qaJbBcumpbIG5E UvCRkkJEV20LAAMFBACHC7b7x5ZZ6N81tW1a+H1kVFTFRxAq3ZMuWDsGa07TXMJH Vg6NB77dxmqcVGhNEfopmUX4bB9gSRkRQJCrrVBhmvan6a7GoWJV0qC9eBwLp0r+ +XsfYSGL63kaID4On6EQwgdPdCp6+435RwxL4C3L24ofgWiyyRCz0YeX5X+2zIhG BBgRAgAGBQI9rGLeAAoJECUO7vy8EYrVlUYAnRsWCGInXqp3pCBFhMWIwWIPPi7p AKCGgwaiKE5+ZnTW8QA8hlGAL6WizA== =0tvE -----END PGP PUBLIC KEY BLOCK----- Hmmm, I don't exactly see "complete munging", see below. I you tell me exactly what version-release of rpm you are useing to sign, and exactly which version-release you are using to verify, then I will try to reproduce the problem. bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm D: Expected size: 294546 = lead(96)+sigs(181)+pad(3)+data(294266) D: Actual size: 294546 D: opening db index /var/lib/rpm/Packages rdonly mode=0x0 D: locked db index /var/lib/rpm/Packages D: opening db index /var/lib/rpm/Pubkeys rdonly mode=0x0 lgtoman-6.1.3-1.i386.rpm: MD5 digest: OK (15753c597462c59665fb3c39a2a5c656) V3 DSA signature: NOKEY, key ID bc118ad5 D: closed db index /var/lib/rpm/Pubkeys D: closed db index /var/lib/rpm/Packages bash$ sudo rpm --import lgtoman.pubkey bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm D: Expected size: 294546 = lead(96)+sigs(181)+pad(3)+data(294266) D: Actual size: 294546 D: opening db index /var/lib/rpm/Packages rdonly mode=0x0 D: locked db index /var/lib/rpm/Packages D: opening db index /var/lib/rpm/Pubkeys rdonly mode=0x0 D: read h# 1201 Header sanity check: OK D: ========== DSA pubkey id 250eeefcbc118ad5 lgtoman-6.1.3-1.i386.rpm: MD5 digest: OK (15753c597462c59665fb3c39a2a5c656) V3 DSA signature: OK, key ID bc118ad5 D: closed db index /var/lib/rpm/Pubkeys D: closed db index /var/lib/rpm/Packages I'm using rpm-4.0.4-7x and when I run an rpm -Kvv I get very different results.. # rpm -Kvv lgtoman-6.1.3-1.i386.rpm D: Expected size: 294514 = lead(96)+sigs(149)+pad(3)+data(294266) D: Actual size: 294546 error: lgtoman-6.1.3-1.i386.rpm: No signature available What version of RPM are you using? I'm guessing you are using a newer version. We are running Advanced Server so I don't really have a stopped in mid thought.. We are running AS so I don't really have an option on what version of rpm to use. Reproduced: bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm D: Expected size: 294514 = lead(96)+sigs(149)+pad(3)+data(294266) D: Actual size: 294546 error: lgtoman-6.1.3-1.i386.rpm: No signature available bash$ rpm -q rpm rpm-4.0.4-7x And verifed fixed (afaik this *is* the version of rpm in AS2.1-final): bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm D: Expected size: 294546 = lead(96)+sigs(181)+pad(3)+data(294266) D: Actual size: 294546 D: opening db index /var/lib/rpm/Packages rdonly mode=0x0 D: locked db index /var/lib/rpm/Packages D: opening db index /var/lib/rpm/Pubkeys rdonly mode=0x0 D: read h# 1201 Header sanity check: OK D: ========== DSA pubkey id 250eeefcbc118ad5 lgtoman-6.1.3-1.i386.rpm: MD5 digest: OK (15753c597462c59665fb3c39a2a5c656) V3 DSA signature: OK, key ID bc118ad5 D: closed db index /var/lib/rpm/Pubkeys D: closed db index /var/lib/rpm/Packages yarmouth:~ 551 bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm D: Expected size: 294546 = lead(96)+sigs(181)+pad(3)+data(294266) D: Actual size: 294546 :signature packet: algo 17, keyid 250EEEFCBC118AD5 version 3, created 1056037675, md5len 5, sigclass 00 digest algo 2, begin of digest 5c d9 data: [159 bits] data: [159 bits] lgtoman-6.1.3-1.i386.rpm: MD5 sum OK: 15753c597462c59665fb3c39a2a5c656 gpg: Signature made Thu 19 Jun 2003 11:47:55 AM EDT using DSA key ID BC118AD5 gpg: Can't check signature: public key not found bash$ rpm -q rpm-4.0.4-7x.20 rpm-4.0.4-7x.20 So ask your favorite Red Hat contact to get you a copy of rpm-4.0.4-7x.20 from AS2.1-final. If they don't respond correctly, reopen this bug and I'll get you the packages myself ;-). Fantastic! Updated the machine I was doing the signing on to 4.0.4-7x.20 and... # rpm -Kvv lgtoman-6.1.3-1.i386.rpm D: Expected size: 294546 = lead(96)+sigs(181)+pad(3)+data(294266) D: Actual size: 294546 lgtoman-6.1.3-1.i386.rpm: MD5 sum OK: 15753c597462c59665fb3c39a2a5c656 gpg: Signature made Thu 19 Jun 2003 11:47:55 AM EDT using DSA key ID BC118AD5 gpg: Good signature from "Root User (Root) <root>" Thanks! Still, if you're going to sign packages, *please* use rpm-4.1 or later. The issue is that rpm-4.1 produces both header-only and (traditional) header+payload signatures. Unfortunately, AS2.1 is on the wrong side of the change, so there's no easy way for me to get an upgrade into AS2.1, there are beacoup non-rpm issues like python and ABI compatibility that have not yet been addressed. Otherwise, I'm quite sure rpm-4.0.4-7x.20 will serve your needs perfectly (or at least as well as any other version of rpm before). |