Bug 463482 - rpm signing cannot be checked on openoffice.org upstream packages
rpm signing cannot be checked on openoffice.org upstream packages
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Panu Matilainen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-23 13:31 EDT by Aurelien Bompard
Modified: 2009-01-07 04:29 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-07 04:29:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Aurelien Bompard 2008-09-23 13:31:26 EDT
Description of problem:
I'm trying to sign the RPM packages from the OpenOffice.org project, as downloaded from their website (in the OOo_2.4.1_LinuxIntel_install_en-US.tar.gz archive).
But after trying to "rpmsign --resign" a package, the signature can't be checked :

Before:
$ rpm -K openoffice.org-base-2.4.1-9310.i586.rpm                                                                                
openoffice.org-base-2.4.1-9310.i586.rpm: md5 OK

Signing:
$ rpmsign --resign openoffice.org-base-2.4.1-9310.i586.rpm
Enter pass phrase:
Pass phrase is good.
openoffice.org-base-2.4.1-9310.i586.rpm:
gpg: WARNING: standard input reopened
gpg: WARNING: standard input reopened

After:
$ rpm -K openoffice.org-base-2.4.1-9310.i586.rpm
openoffice.org-base-2.4.1-9310.i586.rpm: (SHA1) DSA md5 gpg NOT OK
$ rpm -Kvvv openoffice.org-base-2.4.1-9310.i586.rpm
D: Expected size:      3292793 = lead(96)+sigs(276)+pad(4)+data(3292417)
D:   Actual size:      3292793
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Pubkeys rdonly mode=0x0
D:  read h#   11185 Header sanity check: OK
D: ========== DSA pubkey id 21a62396 1b4259b3 (h#11185)
openoffice.org-base-2.4.1-9310.i586.rpm:
    Header V4 DSA signature: NOKEY, key ID 1b4259b3
    MD5 digest: OK (7d91a042b4140b6b813fc25d65ed4e0e)
    V4 DSA signature: OK, key ID 1b4259b3
D: closed   db index       /var/lib/rpm/Pubkeys
D: closed   db index       /var/lib/rpm/Packages
D: May free Score board((nil))

It says NOKEY, but the key is in the DB:
$ rpm -qa | grep 1b4259b3
gpg-pubkey-1b4259b3-41ee395e

And signing works fine with other packages.

I suspect it's an upstream RPM problem, but since there is no upstream bugzilla for RPM yet...

Version-Release number of selected component (if applicable):
rpm-4.4.2.3-2.fc9.i386
OOo_2.4.1_LinuxIntel_install_en-US.tar.gz

How reproducible:
always
Comment 1 Panu Matilainen 2008-09-24 04:40:14 EDT
This is the basic problem:
$ rpm -qp --qf "%{RPMVERSION}\n" openoffice.org-core01-2.4.1-9310.i586.rpm
3.0.6

Rpm >= 4.x cannot be used to (re)sign rpm v3 packages. That it tries to do so and actually corrupts the package while at it is of course a bug, and an ages old one at that. This has been fixed in rpm.org HEAD and 4.4.x branch (post 4.4.2.3) already in the sense that they refuse to touch the package and exit with an error code, only an error message is missing.
Comment 2 Fedora Update System 2008-12-17 19:37:09 EST
rpm-4.4.2.3-3.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing-newkey update rpm'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-11390
Comment 3 Fedora Update System 2009-01-07 04:28:36 EST
rpm-4.4.2.3-3.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.