"Package is not signed..."

From: "Chris St. Pierre" <stpierre@xxxxxxxxxxxxxxxx>
Date: Fri, 30 Jun 2006 10:02:32 -0500 (CDT)

I've created an RPM and signed it, and I'm trying to distribute it to
my various RHEL boxes. I've got a Yum repository going, and the boxes
are communicating properly with it, but when I try to install the
package, I get:

Downloading headers to solve dependencies...
#######################################
Downloading headers to solve dependencies...
########################################
heartbeat-2.0.5-1.i386.rpm: ########################## Done.
The package heartbeat-2.0.5-1 is not signed with a GPG signature.
Aborting...
Package heartbeat-2.0.5-1 does not have a GPG signature.
Aborting...

But I signed the package myself, and the following commands succeed:

$ rpm -Kv heartbeat-2.0.5-1.i386.rpm
heartbeat-2.0.5-1.i386.rpm:
Header V3 DSA signature: OK, key ID d42e7aef
Header SHA1 digest: OK (4ebcf1aaf7832fae00e9c78a3c09b812e379f935)
MD5 digest: OK (c15a01b644c5514ac9b73cfff7d8f644)
V3 DSA signature: OK, key ID d42e7aef
$ rpm --checksig heartbeat-2.0.5-1.i386.rpm
heartbeat-2.0.5-1.i386.rpm: (sha1) dsa sha1 md5 gpg OK

Note particularly that, in the case of --checksig, it reports that the
gpg signature is OK! I'm running fully updated copies of RHEL 4:

$ rpm -qv up2date
up2date-4.4.67-4

The only similar problems I've found on google were with packages that
weren't, in fact, signed, but rpm --checksig and -Kv return very
different text in those cases.

I've tried regenerating the Yum repository headers as well in case
up2date was looking at those, but that didn't solve the problem.

Thoughts? Thanks!

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Prev by Date: RE: libcrypto names
Next by Date: Re: Normal to have 14 httpd processes?
Previous by thread: libcrypto names
Next by thread: RE: "Package is not signed..."
Index(es):
- Date
- Thread

Relevant Pages

RE: "Package is not signed..."
... Subject: "Package is not signed..." ... I've created an RPM and signed it, and I'm trying to distribute it to ... Downloading headers to solve dependencies... ... The package heartbeat-2.0.5-1 is not signed with a GPG signature. ...
(RedHat)
RE: "Package is not signed..."
... Did you copy the key necessary for verification of package signature to ... I've created an RPM and signed it, and I'm trying to distribute it to ... Downloading headers to solve dependencies... ... The package heartbeat-2.0.5-1 is not signed with a GPG signature. ...
(RedHat)
[PATCH 1/2] kbuil: add deb-pkg target
... # To prepare kbuild for more kernel packaging formats move all packaging ... # In top-level Makefile introduce generic support for all package ... Included the old rpm target for backward ... # and builddeb scripts. ...
(Linux-Kernel)
Re: Conventions for NFS sharing of binaries
... Do you have distro & local packages with same name? ... mount it r/w on your "master installation machine" (with RPM management). ... If you replace a package with a different one with the same name, hmm, you ...
(comp.os.linux.misc)
Re: ./configure command
... The package is not available. ... machines which don't even have an OS at all, let alone RPM, ... There is not a "the tool to package and install on Fedora". ... If he wants to avoid trouble, ...
(Fedora)