Description of problem: I'm trying to sign the RPM packages from the OpenOffice.org project, as downloaded from their website (in the OOo_2.4.1_LinuxIntel_install_en-US.tar.gz archive). But after trying to "rpmsign --resign" a package, the signature can't be checked : Before: $ rpm -K openoffice.org-base-2.4.1-9310.i586.rpm openoffice.org-base-2.4.1-9310.i586.rpm: md5 OK Signing: $ rpmsign --resign openoffice.org-base-2.4.1-9310.i586.rpm Enter pass phrase: Pass phrase is good. openoffice.org-base-2.4.1-9310.i586.rpm: gpg: WARNING: standard input reopened gpg: WARNING: standard input reopened After: $ rpm -K openoffice.org-base-2.4.1-9310.i586.rpm openoffice.org-base-2.4.1-9310.i586.rpm: (SHA1) DSA md5 gpg NOT OK $ rpm -Kvvv openoffice.org-base-2.4.1-9310.i586.rpm D: Expected size: 3292793 = lead(96)+sigs(276)+pad(4)+data(3292417) D: Actual size: 3292793 D: opening db index /var/lib/rpm/Packages rdonly mode=0x0 D: locked db index /var/lib/rpm/Packages D: opening db index /var/lib/rpm/Pubkeys rdonly mode=0x0 D: read h# 11185 Header sanity check: OK D: ========== DSA pubkey id 21a62396 1b4259b3 (h#11185) openoffice.org-base-2.4.1-9310.i586.rpm: Header V4 DSA signature: NOKEY, key ID 1b4259b3 MD5 digest: OK (7d91a042b4140b6b813fc25d65ed4e0e) V4 DSA signature: OK, key ID 1b4259b3 D: closed db index /var/lib/rpm/Pubkeys D: closed db index /var/lib/rpm/Packages D: May free Score board((nil)) It says NOKEY, but the key is in the DB: $ rpm -qa | grep 1b4259b3 gpg-pubkey-1b4259b3-41ee395e And signing works fine with other packages. I suspect it's an upstream RPM problem, but since there is no upstream bugzilla for RPM yet... Version-Release number of selected component (if applicable): rpm-4.4.2.3-2.fc9.i386 OOo_2.4.1_LinuxIntel_install_en-US.tar.gz How reproducible: always
This is the basic problem: $ rpm -qp --qf "%{RPMVERSION}\n" openoffice.org-core01-2.4.1-9310.i586.rpm 3.0.6 Rpm >= 4.x cannot be used to (re)sign rpm v3 packages. That it tries to do so and actually corrupts the package while at it is of course a bug, and an ages old one at that. This has been fixed in rpm.org HEAD and 4.4.x branch (post 4.4.2.3) already in the sense that they refuse to touch the package and exit with an error code, only an error message is missing.
rpm-4.4.2.3-3.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing-newkey update rpm'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-11390
rpm-4.4.2.3-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.