"Package is not signed..."
Chris St. Pierre
stpierre at NebrWesleyan.edu
Fri Jun 30 15:02:32 UTC 2006
I've created an RPM and signed it, and I'm trying to distribute it to
my various RHEL boxes. I've got a Yum repository going, and the boxes
are communicating properly with it, but when I try to install the
package, I get:
Downloading headers to solve dependencies...
#######################################
Downloading headers to solve dependencies...
########################################
heartbeat-2.0.5-1.i386.rpm: ########################## Done.
The package heartbeat-2.0.5-1 is not signed with a GPG signature.
Aborting...
Package heartbeat-2.0.5-1 does not have a GPG signature.
Aborting...
But I signed the package myself, and the following commands succeed:
$ rpm -Kv heartbeat-2.0.5-1.i386.rpm
heartbeat-2.0.5-1.i386.rpm:
Header V3 DSA signature: OK, key ID d42e7aef
Header SHA1 digest: OK (4ebcf1aaf7832fae00e9c78a3c09b812e379f935)
MD5 digest: OK (c15a01b644c5514ac9b73cfff7d8f644)
V3 DSA signature: OK, key ID d42e7aef
$ rpm --checksig heartbeat-2.0.5-1.i386.rpm
heartbeat-2.0.5-1.i386.rpm: (sha1) dsa sha1 md5 gpg OK
Note particularly that, in the case of --checksig, it reports that the
gpg signature is OK! I'm running fully updated copies of RHEL 4:
$ rpm -qv up2date
up2date-4.4.67-4
The only similar problems I've found on google were with packages that
weren't, in fact, signed, but rpm --checksig and -Kv return very
different text in those cases.
I've tried regenerating the Yum repository headers as well in case
up2date was looking at those, but that didn't solve the problem.
Thoughts? Thanks!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
More information about the redhat-list
mailing list