"Package is not signed..."

Chris St. Pierre stpierre at NebrWesleyan.edu
Fri Jun 30 17:52:57 UTC 2006 

Yes, I put the public key in /usr/share/rhn and used rpm --import to
import it.

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

On Fri, 30 Jun 2006, A.Fadyushin at it-centre.ru wrote:

>Did you copy the key necessary for verification of package signature to
>the boxes where the signed RPM is to be installed?
>
>Alexey Fadyushin.
>Brainbench MVP for Linux
>http://www.brainbench.com
>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
>> bounces at redhat.com] On Behalf Of Chris St. Pierre
>> Sent: Friday, June 30, 2006 7:03 PM
>> To: redhat-list at redhat.com
>> Subject: "Package is not signed..."
>> 
>> I've created an RPM and signed it, and I'm trying to distribute it to
>> my various RHEL boxes.  I've got a Yum repository going, and the boxes
>> are communicating properly with it, but when I try to install the
>> package, I get:
>> 
>> Downloading headers to solve dependencies...
>> #######################################
>> Downloading headers to solve dependencies...
>> ########################################
>> heartbeat-2.0.5-1.i386.rpm: ########################## Done.
>> The package heartbeat-2.0.5-1 is not signed with a GPG signature.
>> Aborting...
>> Package heartbeat-2.0.5-1 does not have a GPG signature.
>>  Aborting...
>> 
>> But I signed the package myself, and the following commands succeed:
>> 
>> $ rpm -Kv heartbeat-2.0.5-1.i386.rpm
>> heartbeat-2.0.5-1.i386.rpm:
>>     Header V3 DSA signature: OK, key ID d42e7aef
>>     Header SHA1 digest: OK (4ebcf1aaf7832fae00e9c78a3c09b812e379f935)
>>     MD5 digest: OK (c15a01b644c5514ac9b73cfff7d8f644)
>>     V3 DSA signature: OK, key ID d42e7aef
>> $ rpm --checksig heartbeat-2.0.5-1.i386.rpm
>> heartbeat-2.0.5-1.i386.rpm: (sha1) dsa sha1 md5 gpg OK
>> 
>> Note particularly that, in the case of --checksig, it reports that the
>> gpg signature is OK!  I'm running fully updated copies of RHEL 4:
>> 
>> $ rpm -qv up2date
>> up2date-4.4.67-4
>> 
>> The only similar problems I've found on google were with packages that
>> weren't, in fact, signed, but rpm --checksig and -Kv return very
>> different text in those cases.
>> 
>> I've tried regenerating the Yum repository headers as well in case
>> up2date was looking at those, but that didn't solve the problem.
>> 
>> Thoughts?  Thanks!
>> 
>> Chris St. Pierre
>> Unix Systems Administrator
>> Nebraska Wesleyan University
>> 
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>
>-- 
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list