This service will be undergoing maintenance at 20:00 UTC, 2017-04-03. It is expected to last about 30 minutes
Bug 91525 - can't add signature to RPM
can't add signature to RPM
Status: CLOSED WORKSFORME
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: rpm (Show other bugs)
2.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
Mike McLean
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-05-23 15:26 EDT by Jason Verch
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-06-19 13:17:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
the rpm that fails to get signed (287.64 KB, application/octet-stream)
2003-06-19 12:01 EDT, Jason Verch
no flags Details

  None (edit)
Description Jason Verch 2003-05-23 15:26:42 EDT
From Bugzilla Helper:


User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 
7.02 Bork-edition  [en]




Description of problem:


Trying to add rpm with rhnpush complains there is no signature.


Trying to sign package with 4.0.4 or 4.1 completely munges signature and md5 
sum.






Version-Release number of selected component (if applicable):


4.0.4/4.1




How reproducible:


Always




Steps to Reproduce:


1. rpm --addsign <rpm>


2.


3.


    




Actual Results:  seems to succeed but then rpm -K complains.






Additional info:
Comment 1 Jeff Johnson 2003-06-19 11:32:14 EDT
Can you siupply package that was signed and the public key for
the signature? Thanks ...
Comment 2 Jason Verch 2003-06-19 12:01:52 EDT
Created attachment 92491 [details]
the rpm that fails to get signed
Comment 3 Jason Verch 2003-06-19 12:03:32 EDT
Here is what I did.. I attached the RPM in question.

[root@nmuedsl01 kernel]# rpm -K /tmp/lgtoman-6.1.3-1.i386.rpm 
/tmp/lgtoman-6.1.3-1.i386.rpm: md5 OK
[root@nmuedsl01 kernel]# rpm --addsign /tmp/lgtoman-6.1.3-1.i386.rpm 
Enter pass phrase: 
Pass phrase is good.
/tmp/lgtoman-6.1.3-1.i386.rpm:
[root@nmuedsl01 kernel]# rpm -K /tmp/lgtoman-6.1.3-1.i386.rpm 
error: /tmp/lgtoman-6.1.3-1.i386.rpm: No signature available
[root@nmuedsl01 kernel]# rpm --version
RPM version 4.0.4
Comment 4 Jason Verch 2003-06-19 12:04:22 EDT
Sorry for the multiple updates.. Here is the public key of the signer.
[root@nmuedsl01 tmp]# gpg --armor --export root@gs.com
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBD2sYt0RBAC0WZuL8UiPBPtexUGEwHjvNrOvMBe/4DkOxz9lxdwmEjycNJ96
dqFnjycm7GmFBAzWZl6ZjdLs2UqYuSC8CaMaKStxF+FkXX2GKvvoZMpSi9T9ejnW
U/8fznIQrwo7fTBblyV6EhYPD2pfPc/aG5u+TGgbdGcMbZc+sU+ewdklpwCgr8tM
WAEHlFmLVPUJ+gBJVuevfc8D/3f2HPAoQ2kt07NrNvpiuQsfCzmudJoeCB9jzMde
x2nlt1r6VmnXErb35wbTjwn+EYD15YtveHYiVvM5B821cznSgKkb/NQOvNxjiITH
dcRQhevG8sZYTfGPaEkLntLVXURJqhIdvCo4V+ErXIriCTvB9iDGe1TNpNy7jkyi
n3+SA/9c3jDWe0QhC3NViS00Kbkpyo+pbvbAcs+fweA09BgTtxsbAkkuaplJfR8y
9cSl90R8T3vkduqWRubR78ZCFWxz51SOhRqwJy/mi4f3xDDQ9P7N6gje72Q3YRcn
LCb/XL7A1sgghIuCH21gYxw5Jij6K/u/bTMkp7jSTxNWmQh7frQeUm9vdCBVc2Vy
IChSb290KSA8cm9vdEBncy5jb20+iFcEExECABcFAj2sYt0FCwcKAwQDFQMCAxYC
AQIXgAAKCRAlDu78vBGK1cgcAJ9pEEwsk9D9lQhfI9Dn1OWGmiBXWQCfbZbqytUN
1QR1A9FBJzrsvdBkjSu5AQ0EPaxi3hAEAJ/gCmEldZ4x8ZeiEofac+ZZEZOUssF1
87MAPL8+WY5rvaXsRHDbIP2ITK1Z4P4DGY6jVpUFGsqbsjuVWHBrICiNtpVCwybP
RRoOR8FWy7w3qOunfycy6QL8EhnaFNO8xxW9MfdWrP391dYIQ6qaJbBcumpbIG5E
UvCRkkJEV20LAAMFBACHC7b7x5ZZ6N81tW1a+H1kVFTFRxAq3ZMuWDsGa07TXMJH
Vg6NB77dxmqcVGhNEfopmUX4bB9gSRkRQJCrrVBhmvan6a7GoWJV0qC9eBwLp0r+
+XsfYSGL63kaID4On6EQwgdPdCp6+435RwxL4C3L24ofgWiyyRCz0YeX5X+2zIhG
BBgRAgAGBQI9rGLeAAoJECUO7vy8EYrVlUYAnRsWCGInXqp3pCBFhMWIwWIPPi7p
AKCGgwaiKE5+ZnTW8QA8hlGAL6WizA==
=0tvE
-----END PGP PUBLIC KEY BLOCK-----
Comment 5 Jeff Johnson 2003-06-19 12:13:16 EDT
Hmmm, I don't exactly see "complete munging", see below.

I you tell me exactly what version-release of rpm you are
useing to sign, and exactly which version-release you are
using to verify, then I will try to reproduce the problem.

bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm 
D: Expected size:       294546 = lead(96)+sigs(181)+pad(3)+data(294266)
D:   Actual size:       294546
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Pubkeys rdonly mode=0x0
lgtoman-6.1.3-1.i386.rpm:
    MD5 digest: OK (15753c597462c59665fb3c39a2a5c656)
    V3 DSA signature: NOKEY, key ID bc118ad5
D: closed   db index       /var/lib/rpm/Pubkeys
D: closed   db index       /var/lib/rpm/Packages
bash$ sudo rpm --import lgtoman.pubkey 
bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm 
D: Expected size:       294546 = lead(96)+sigs(181)+pad(3)+data(294266)
D:   Actual size:       294546
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Pubkeys rdonly mode=0x0
D:  read h#    1201 Header sanity check: OK
D: ========== DSA pubkey id 250eeefcbc118ad5
lgtoman-6.1.3-1.i386.rpm:
    MD5 digest: OK (15753c597462c59665fb3c39a2a5c656)
    V3 DSA signature: OK, key ID bc118ad5
D: closed   db index       /var/lib/rpm/Pubkeys
D: closed   db index       /var/lib/rpm/Packages
Comment 6 Jason Verch 2003-06-19 12:55:48 EDT
I'm using rpm-4.0.4-7x and when I run an rpm -Kvv I get very different results..

# rpm -Kvv lgtoman-6.1.3-1.i386.rpm 
D: Expected size:       294514 = lead(96)+sigs(149)+pad(3)+data(294266)
D:   Actual size:       294546
error: lgtoman-6.1.3-1.i386.rpm: No signature available

What version of RPM are you using? I'm guessing you are using a newer version. 
We are running Advanced Server so I don't really have a 
Comment 7 Jason Verch 2003-06-19 12:56:32 EDT
stopped in mid thought.. We are running AS so I don't really have an option on 
what version of rpm to use.
Comment 8 Jeff Johnson 2003-06-19 13:17:01 EDT
Reproduced:

bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm 
D: Expected size:       294514 = lead(96)+sigs(149)+pad(3)+data(294266)
D:   Actual size:       294546
error: lgtoman-6.1.3-1.i386.rpm: No signature available
bash$ rpm -q rpm
rpm-4.0.4-7x

And verifed fixed (afaik this *is* the version of rpm in AS2.1-final):

bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm 
D: Expected size:       294546 = lead(96)+sigs(181)+pad(3)+data(294266)
D:   Actual size:       294546
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Pubkeys rdonly mode=0x0
D:  read h#    1201 Header sanity check: OK
D: ========== DSA pubkey id 250eeefcbc118ad5
lgtoman-6.1.3-1.i386.rpm:
    MD5 digest: OK (15753c597462c59665fb3c39a2a5c656)
    V3 DSA signature: OK, key ID bc118ad5
D: closed   db index       /var/lib/rpm/Pubkeys
D: closed   db index       /var/lib/rpm/Packages
yarmouth:~ 551 bash$ rpm -Kvv lgtoman-6.1.3-1.i386.rpm 
D: Expected size:       294546 = lead(96)+sigs(181)+pad(3)+data(294266)
D:   Actual size:       294546
:signature packet: algo 17, keyid 250EEEFCBC118AD5
        version 3, created 1056037675, md5len 5, sigclass 00
        digest algo 2, begin of digest 5c d9
        data: [159 bits]
        data: [159 bits]
lgtoman-6.1.3-1.i386.rpm:
MD5 sum OK: 15753c597462c59665fb3c39a2a5c656
gpg: Signature made Thu 19 Jun 2003 11:47:55 AM EDT using DSA key ID BC118AD5
gpg: Can't check signature: public key not found
bash$ rpm -q rpm-4.0.4-7x.20
rpm-4.0.4-7x.20

So ask your favorite Red Hat contact to get you a copy of rpm-4.0.4-7x.20
from AS2.1-final. If they don't respond correctly, reopen this bug and
I'll get you the packages myself ;-).
Comment 9 Jason Verch 2003-06-19 13:24:29 EDT
Fantastic! Updated the machine I was doing the signing on to 4.0.4-7x.20 and...

# rpm -Kvv lgtoman-6.1.3-1.i386.rpm 
D: Expected size:       294546 = lead(96)+sigs(181)+pad(3)+data(294266)
D:   Actual size:       294546
lgtoman-6.1.3-1.i386.rpm:
MD5 sum OK: 15753c597462c59665fb3c39a2a5c656
gpg: Signature made Thu 19 Jun 2003 11:47:55 AM EDT using DSA key ID BC118AD5
gpg: Good signature from "Root User (Root) <root@gs.com>"

Thanks!
Comment 10 Jeff Johnson 2003-06-19 13:37:43 EDT
Still, if you're going to sign packages, *please* use
rpm-4.1 or later. The issue is that rpm-4.1 produces
both header-only and (traditional) header+payload
signatures. Unfortunately, AS2.1 is on the wrong side
of the change, so there's no easy way for me to get an
upgrade into AS2.1, there are beacoup non-rpm issues like
python and ABI compatibility that have not yet been addressed.

Otherwise, I'm quite sure rpm-4.0.4-7x.20 will serve your needs
perfectly (or at least as well as any other version of rpm before).

Note You need to log in before you can comment on or make changes to this bug.