[rhn-users] Resigning rpms for AS3 with RHN Satellite 3.2
Doerbeck, Christoph
Christoph.Doerbeck at FMR.COM
Tue Sep 28 13:41:51 UTC 2004
Yes,
I have a number of custom built RPMs resigned with the same
key which install just fine out of the same channel.
I have now narrowed the scope of my dilemma down to 2 packages
from the vender which appear to have been built on a
different host than the others.
If I resign them on a AS3 based host they immediately fail
a rpm --checksig.
If I resign them on a AS21 based host they pass a rpm --checksig,
but after being transferred to AS3, they once again fail.
##################### ON AS21 host
[root at lmmk39 rpms]# rpm --resign XXXXX-3.2-0.i686.rpm
Enter pass phrase:
Pass phrase is good.
XXXXX-3.2.i686.rpm:
gpg: WARNING: --honor-http-proxy is a deprecated option.
gpg: please use "--keyserver-options honor-http-proxy" instead
[root at lmmk39 rpms]# rpm --checksig -vv XXXXX-3.2-0.i686.rpm
D: Expected size: 9076769 = lead(96)+sigs(233)+pad(7)+data(9076433)
D: Actual size: 9076769
XXXXX-3.2-0.i686.rpm:
MD5 sum OK: 47d2769632a696d1f9626be56e5daf13
gpg: WARNING: --honor-http-proxy is a deprecated option.
gpg: please use "--keyserver-options honor-http-proxy" instead
gpg: Signature made Tue Sep 28 09:31:51 2004 EDT using DSA key ID
5848EAC4
gpg: Good signature from "Christoph xxxxxxxxx <christoph at foo.com>"
#################### MOVE AS21 RESIGNED RPM TO AS3
[root at tuxlabmro2 rhel3_i686]# rpm --checksig /tmp/XXXXX-3.2-0.i686.rpm
error: /tmp/XXXXX-3.2-0.i686.rpm: rpmReadSignature failed: region
trailer: BAD, tag 61 type 7 offset 48 count 16
#################### START WITH CLEAN RPM, RESIGN ON AS3
[root at tuxlabmro2 rpms]# rpm -checksig -vv XXXXX-3.2-0.i686.rpm
D: Expected size: 9076633 = lead(96)+sigs(100)+pad(4)+data(9076433)
D: Actual size: 9076601
XXXXX-3.2-0.i686.rpm:
MD5 digest: OK (47d2769632a696d1f9626be56e5daf13)
[root at tuxlabmro2 rpms]# rpm --resign XXXXX-3.2-0.i686.rpm
Enter pass phrase:
Pass phrase is good.
XXXXX-3.2-0.i686.rpm:
[root at tuxlabmro2 rpms]# rpm -checksig -vv XXXXX-3.2-0.i686.rpm
error: XXXXX-3.2-0.i686.rpm: rpmReadSignature failed: region trailer:
BAD, tag 61 type 7 offset 48 count 16
Christoph
-----Original Message-----
From: Daniel Wittenberg [mailto:daniel-wittenberg at starken.com]
Sent: Tuesday, September 28, 2004 8:58 AM
To: Red Hat Network Users List
Subject: Re: [rhn-users] Resigning rpms for AS3 with RHN Satellite 3.2
Have you imported the gpg key on the client?
Dan
On Tue, 2004-09-28 at 08:36 -0400, Doerbeck, Christoph wrote:
> Greetings all,
>
> I am experiencing the following problem. I have several RPMs for a
> 3rd party product. I want to distribute that product via my RHN
> Satellite 3.2
> server.
>
> I resign the packages on the Satellite server (running AS 21 with rpm
> 4.04 I believe)
> using the 'rpm --resign' command. I'm prompted for my gpg pass
> phrase, and
> the packages are successfully resigned. rpm --checksig verifies that
> the packages
> has a good md5 sum. I then use rhnpush to put the packages
> into a custom child channel. No problems....
>
> Then, I go to a RHN client system (running AS3 with rpm 4.2) and try
> to up2date the packages.
> up2date then responds that the package is corrupt.
>
> I have found a few references to problems resigning packages between
> rpm x.x and
> y.y, but I have not found thorough summary of the problem. Does
> anyone have a
> complete characterization of this issue and what the "proper" solution
> should be.
>
> I'm currently in the process of exporting my gpg keys to a AS 3 host
> and will attempt
> resigning the packages there.
>
> Christoph
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
--
======================
Daniel Wittenberg
RHCE
President/CTO
The Starken Group Ltd.
http://www.starken.com
_______________________________________________
rhn-users mailing list
rhn-users at redhat.com
https://www.redhat.com/mailman/listinfo/rhn-users
More information about the rhn-users
mailing list