"Package is not signed..."
Russell Harrison
rtlm10 at gmail.com
Mon Jul 3 17:05:46 UTC 2006
Did you specify the gpgkey= for your custom repo. What you did should have
worked but you may want to try specifying the location of your key in the
repo definition.
On 6/30/06, Chris St. Pierre <stpierre at nebrwesleyan.edu> wrote:
>
> Yes, I put the public key in /usr/share/rhn and used rpm --import to
> import it.
>
> Chris St. Pierre
> Unix Systems Administrator
> Nebraska Wesleyan University
>
> On Fri, 30 Jun 2006, A.Fadyushin at it-centre.ru wrote:
>
> >Did you copy the key necessary for verification of package signature to
> >the boxes where the signed RPM is to be installed?
> >
> >Alexey Fadyushin.
> >Brainbench MVP for Linux
> >http://www.brainbench.com
> >
> >> -----Original Message-----
> >> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> >> bounces at redhat.com] On Behalf Of Chris St. Pierre
> >> Sent: Friday, June 30, 2006 7:03 PM
> >> To: redhat-list at redhat.com
> >> Subject: "Package is not signed..."
> >>
> >> I've created an RPM and signed it, and I'm trying to distribute it to
> >> my various RHEL boxes. I've got a Yum repository going, and the boxes
> >> are communicating properly with it, but when I try to install the
> >> package, I get:
> >>
> >> Downloading headers to solve dependencies...
> >> #######################################
> >> Downloading headers to solve dependencies...
> >> ########################################
> >> heartbeat-2.0.5-1.i386.rpm: ########################## Done.
> >> The package heartbeat-2.0.5-1 is not signed with a GPG signature.
> >> Aborting...
> >> Package heartbeat-2.0.5-1 does not have a GPG signature.
> >> Aborting...
> >>
> >> But I signed the package myself, and the following commands succeed:
> >>
> >> $ rpm -Kv heartbeat-2.0.5-1.i386.rpm
> >> heartbeat-2.0.5-1.i386.rpm:
> >> Header V3 DSA signature: OK, key ID d42e7aef
> >> Header SHA1 digest: OK (4ebcf1aaf7832fae00e9c78a3c09b812e379f935)
> >> MD5 digest: OK (c15a01b644c5514ac9b73cfff7d8f644)
> >> V3 DSA signature: OK, key ID d42e7aef
> >> $ rpm --checksig heartbeat-2.0.5-1.i386.rpm
> >> heartbeat-2.0.5-1.i386.rpm: (sha1) dsa sha1 md5 gpg OK
> >>
> >> Note particularly that, in the case of --checksig, it reports that the
> >> gpg signature is OK! I'm running fully updated copies of RHEL 4:
> >>
> >> $ rpm -qv up2date
> >> up2date-4.4.67-4
> >>
> >> The only similar problems I've found on google were with packages that
> >> weren't, in fact, signed, but rpm --checksig and -Kv return very
> >> different text in those cases.
> >>
> >> I've tried regenerating the Yum repository headers as well in case
> >> up2date was looking at those, but that didn't solve the problem.
> >>
> >> Thoughts? Thanks!
> >>
> >> Chris St. Pierre
> >> Unix Systems Administrator
> >> Nebraska Wesleyan University
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >--
> >redhat-list mailing list
> >unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list