Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] problems signing rpms
  • From: Rainer Lay <rainer.Lay@xxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 05 Mar 2004 11:31:48 +0100
  • Message-id: <40485714.7030808@xxxxxxxxxxxxxxxxxxxxxxxxxx>


Robert Schiele wrote:
On Fri, Mar 05, 2004 at 10:08:10AM +0100, Rainer Lay wrote:

Hi,

whem I am signing rpms, the signed seems to be not OK:

faui6r [rpm-rainer/SRPMS] 46% rpm -K /tmp/rpm-rainer/RPMS/i586/iftop-0.16-0.pm.1.i586.rpm
/tmp/rpm-rainer/RPMS/i586/iftop-0.16-0.pm.1.i586.rpm: sha1 md5 OK
faui6r [rpm-rainer/SRPMS] 47% rpm --addsign /tmp/rpm-rainer/RPMS/i586/iftop-0.16-0.pm.1.i586.rpm
Enter pass phrase:
Das Passwort ist richtig.
/tmp/rpm-rainer/RPMS/i586/iftop-0.16-0.pm.1.i586.rpm:
faui6r [rpm-rainer/SRPMS] 48% rpm -K /tmp/rpm-rainer/RPMS/i586/iftop-0.16-0.pm.1.i586.rpm
/tmp/rpm-rainer/RPMS/i586/iftop-0.16-0.pm.1.i586.rpm: (SHA1) DSA sha1 md5 GPG NOT OK


Whats wrong?
My key ID is 0xCD3140CD
This key is imported with
rpm --import rainer.asc

rpm is version rpm-4.1.1-71

Any hints?


RPM also had problems with my key. It did not issue any errors or warnings on
importing it, but could not handle it. It didn't even get the key id right.
After some investigation of the problem I found that it was confused by some
subpackages in my key. Thus I built a version of my public key that only
included the key itself, the primary uid and one self signature. This short
version of my public key made rpm happy.

What is "rpm -qa 'gpg-pubkey-*'" telling you? Did it get your key id right?


rtower [lib/rpm] 21# rpm -qa 'gpg-pubkey*' gpg-pubkey-cd3140cd-3eca95d5
gpg-pubkey-cd3140cd-3d468b40
Fehler: rpmdbNextIterator: skipping h# 666 Header V3 DSA signature: BAD, key ID cd3140cd
Fehler: rpmdbNextIterator: skipping h# 573 Header V3 DSA signature: BAD, key ID cd3140cd
Fehler: rpmdbNextIterator: skipping h# 860 Header V3 DSA signature: BAD, key ID cd3140cd
Fehler: rpmdbNextIterator: skipping h# 956 Header V3 DSA signature: BAD, key ID cd3140cd
gpg-pubkey-cd3140cd-3eca95d5
gpg-pubkey-9c800aca-39eef481
gpg-pubkey-cd3140cd-3eca95d5
gpg-pubkey-3d25d3d9-36e12d04
gpg-pubkey-cd3140cd-3d468b40
Fehler: rpmdbNextIterator: skipping h# 972 Header V3 DSA signature: BAD, key ID cd3140cd
rtower [lib/rpm] 22#



It looks like rpm is importing each signature as individual key! So I had to delete my own keys rpm the rpm database:
rpm -e --allmatches gpg-pubkey-cd3140cd-3eca95d5
rpm -e --allmatches gpg-pubkey-cd3140cd-3d468b40

Than, I created a key export WITHOUT signatures and imported that in rpm. Now it looks ok.

Thanx to Robert.

rgds, Rainer

< Previous Next >