Bug 91525
| Summary: | can't add signature to RPM | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Jason Verch <jason.verch> | ||||
| Component: | rpm | Assignee: | Jeff Johnson <jbj> | ||||
| Status: | CLOSED WORKSFORME | QA Contact: | Mike McLean <mikem> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 2.1 | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2003-06-19 17:17:01 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Can you siupply package that was signed and the public key for the signature? Thanks ... Created attachment 92491 [details]
the rpm that fails to get signed
Here is what I did.. I attached the RPM in question. [root@nmuedsl01 kernel]# rpm -K /tmp/lgtoman-6.1.3-1.i386.rpm /tmp/lgtoman-6.1.3-1.i386.rpm: md5 OK [root@nmuedsl01 kernel]# rpm --addsign /tmp/lgtoman-6.1.3-1.i386.rpm Enter pass phrase: Pass phrase is good. /tmp/lgtoman-6.1.3-1.i386.rpm: [root@nmuedsl01 kernel]# rpm -K /tmp/lgtoman-6.1.3-1.i386.rpm error: /tmp/lgtoman-6.1.3-1.i386.rpm: No signature available [root@nmuedsl01 kernel]# rpm --version RPM version 4.0.4 Sorry for the multiple updates.. Here is the public key of the signer. [root@nmuedsl01 tmp]# gpg --armor --export root -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBD2sYt0RBAC0WZuL8UiPBPtexUGEwHjvNrOvMBe/4DkOxz9lxdwmEjycNJ96 dqFnjycm7GmFBAzWZl6ZjdLs2UqYuSC8CaMaKStxF+FkXX2GKvvoZMpSi9T9ejnW U/8fznIQrwo7fTBblyV6EhYPD2pfPc/aG5u+TGgbdGcMbZc+sU+ewdklpwCgr8tM WAEHlFmLVPUJ+gBJVuevfc8D/3f2HPAoQ2kt07NrNvpiuQsfCzmudJoeCB9jzMde x2nlt1r6VmnXErb35wbTjwn+EYD15YtveHYiVvM5B821cznSgKkb/NQOvNxjiITH dcRQhevG8sZYTfGPaEkLntLVXURJqhIdvCo4V+ErXIriCTvB9iDGe1TNpNy7jkyi n3+SA/9c3jDWe0QhC3NViS00Kbkpyo+pbvbAcs+fweA09BgTtxsbAkkuaplJfR8y 9cSl90R8T3vkduqWRubR78ZCFWxz51SOhRqwJy/mi4f3xDDQ9P7N6gje72Q3YRcn LCb/XL7A1sgghIuCH21gYxw5Jij6K/u/bTMkp7jSTxNWmQh7frQeUm9vdCBVc2Vy IChSb290KSA8cm9vdEBncy5jb20+iFcEExECABcFAj2sYt0FCwcKAwQDFQMCAxYC AQIXgAAKCRAlDu78vBGK1cgcAJ9pEEwsk9D9lQhfI9Dn1OWGmiBXWQCfbZbqytUN 1QR1A9FBJzrsvdBkjSu5AQ0EPaxi3hAEAJ/gCmEldZ4x8ZeiEofac+ZZEZOUssF1 87MAPL8+WY5rvaXsRHDbIP2ITK1Z4P4DGY6jVpUFGsqbsjuVWHBrICiNtpVCwybP RRoOR8FWy7w3qOunfycy6QL8EhnaFNO8xxW9MfdWrP391dYIQ6qaJbBcumpbIG5E UvCRkkJEV20LAAMFBACHC7b7x5ZZ6N81tW1a+H1kVFTFRxAq3ZMuWDsGa07TXMJH Vg6NB77dxmqcVGhNEfopmUX4bB9gSRkRQJCrrVBhmvan6a7GoWJV0qC9eBwLp0r+ +XsfYSGL63kaID4On6EQwgdPdCp6+435RwxL4C3L24ofgWiyyRCz0YeX5X+2zIhG BBgRAgAGBQI9rGLeAAoJECUO7vy8EYrVlUYAnRsWCGInXqp3pCBFhMWIwWIPPi7p AKCGgwaiKE5+ZnTW8QA8hlGAL6WizA== =0tvE -----END PGP PUBLIC KEY BLOCK----- Hmmm, I don't exactly see "complete munging", see below.
I you tell me exactly what version-release of rpm you are
useing to sign, and exactly which version-release you are
using to verify, then I will try to reproduce the problem.
bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm
D: Expected size: 294546 = lead(96)+sigs(181)+pad(3)+data(294266)
D: Actual size: 294546
D: opening db index /var/lib/rpm/Packages rdonly mode=0x0
D: locked db index /var/lib/rpm/Packages
D: opening db index /var/lib/rpm/Pubkeys rdonly mode=0x0
lgtoman-6.1.3-1.i386.rpm:
MD5 digest: OK (15753c597462c59665fb3c39a2a5c656)
V3 DSA signature: NOKEY, key ID bc118ad5
D: closed db index /var/lib/rpm/Pubkeys
D: closed db index /var/lib/rpm/Packages
bash$ sudo rpm --import lgtoman.pubkey
bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm
D: Expected size: 294546 = lead(96)+sigs(181)+pad(3)+data(294266)
D: Actual size: 294546
D: opening db index /var/lib/rpm/Packages rdonly mode=0x0
D: locked db index /var/lib/rpm/Packages
D: opening db index /var/lib/rpm/Pubkeys rdonly mode=0x0
D: read h# 1201 Header sanity check: OK
D: ========== DSA pubkey id 250eeefcbc118ad5
lgtoman-6.1.3-1.i386.rpm:
MD5 digest: OK (15753c597462c59665fb3c39a2a5c656)
V3 DSA signature: OK, key ID bc118ad5
D: closed db index /var/lib/rpm/Pubkeys
D: closed db index /var/lib/rpm/Packages
I'm using rpm-4.0.4-7x and when I run an rpm -Kvv I get very different results.. # rpm -Kvv lgtoman-6.1.3-1.i386.rpm D: Expected size: 294514 = lead(96)+sigs(149)+pad(3)+data(294266) D: Actual size: 294546 error: lgtoman-6.1.3-1.i386.rpm: No signature available What version of RPM are you using? I'm guessing you are using a newer version. We are running Advanced Server so I don't really have a stopped in mid thought.. We are running AS so I don't really have an option on what version of rpm to use. Reproduced:
bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm
D: Expected size: 294514 = lead(96)+sigs(149)+pad(3)+data(294266)
D: Actual size: 294546
error: lgtoman-6.1.3-1.i386.rpm: No signature available
bash$ rpm -q rpm
rpm-4.0.4-7x
And verifed fixed (afaik this *is* the version of rpm in AS2.1-final):
bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm
D: Expected size: 294546 = lead(96)+sigs(181)+pad(3)+data(294266)
D: Actual size: 294546
D: opening db index /var/lib/rpm/Packages rdonly mode=0x0
D: locked db index /var/lib/rpm/Packages
D: opening db index /var/lib/rpm/Pubkeys rdonly mode=0x0
D: read h# 1201 Header sanity check: OK
D: ========== DSA pubkey id 250eeefcbc118ad5
lgtoman-6.1.3-1.i386.rpm:
MD5 digest: OK (15753c597462c59665fb3c39a2a5c656)
V3 DSA signature: OK, key ID bc118ad5
D: closed db index /var/lib/rpm/Pubkeys
D: closed db index /var/lib/rpm/Packages
yarmouth:~ 551 bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm
D: Expected size: 294546 = lead(96)+sigs(181)+pad(3)+data(294266)
D: Actual size: 294546
:signature packet: algo 17, keyid 250EEEFCBC118AD5
version 3, created 1056037675, md5len 5, sigclass 00
digest algo 2, begin of digest 5c d9
data: [159 bits]
data: [159 bits]
lgtoman-6.1.3-1.i386.rpm:
MD5 sum OK: 15753c597462c59665fb3c39a2a5c656
gpg: Signature made Thu 19 Jun 2003 11:47:55 AM EDT using DSA key ID BC118AD5
gpg: Can't check signature: public key not found
bash$ rpm -q rpm-4.0.4-7x.20
rpm-4.0.4-7x.20
So ask your favorite Red Hat contact to get you a copy of rpm-4.0.4-7x.20
from AS2.1-final. If they don't respond correctly, reopen this bug and
I'll get you the packages myself ;-).
Fantastic! Updated the machine I was doing the signing on to 4.0.4-7x.20 and... # rpm -Kvv lgtoman-6.1.3-1.i386.rpm D: Expected size: 294546 = lead(96)+sigs(181)+pad(3)+data(294266) D: Actual size: 294546 lgtoman-6.1.3-1.i386.rpm: MD5 sum OK: 15753c597462c59665fb3c39a2a5c656 gpg: Signature made Thu 19 Jun 2003 11:47:55 AM EDT using DSA key ID BC118AD5 gpg: Good signature from "Root User (Root) <root>" Thanks! Still, if you're going to sign packages, *please* use rpm-4.1 or later. The issue is that rpm-4.1 produces both header-only and (traditional) header+payload signatures. Unfortunately, AS2.1 is on the wrong side of the change, so there's no easy way for me to get an upgrade into AS2.1, there are beacoup non-rpm issues like python and ABI compatibility that have not yet been addressed. Otherwise, I'm quite sure rpm-4.0.4-7x.20 will serve your needs perfectly (or at least as well as any other version of rpm before). |
From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.02 Bork-edition [en] Description of problem: Trying to add rpm with rhnpush complains there is no signature. Trying to sign package with 4.0.4 or 4.1 completely munges signature and md5 sum. Version-Release number of selected component (if applicable): 4.0.4/4.1 How reproducible: Always Steps to Reproduce: 1. rpm --addsign <rpm> 2. 3. Actual Results: seems to succeed but then rpm -K complains. Additional info: