[packman] RPM problem with packet signatures (not zypper and repomd.xml!)
jschrod at acm.org
Thu Mar 17 13:19:25 CET 2011
Marc Schiffbauer wrote:
> * Joachim Schrod schrieb am 15.03.11 um 14:51 Uhr:
Thanks for your fast answer.
>> I still have issues with the Packman signing key.
>> I'm using openSUSE 11.1. But, AFAICS, that's not relevant; the same
>> error happens with downloaded 11.4 packages.
>> # rpm -Kv libavutil50-0.6.201103092102git-1.pm.2.1.i586.rpm
>> Header V4 RSA/SHA1 signature: BAD, key ID 1abd1afb
>> Header SHA1 digest: OK (6a5712c079b4a93926cf4ea33caa4f46fc7aa3b4)
>> V4 RSA/SHA1 signature: BAD, key ID 1abd1afb
>> MD5 digest: OK (083f96f42f9495e4ab3a6ccfff73467a)
> This must be a local issue it your site.
But, as Kyrill wrote, I'm not alone with this. Kyrill runs 11.1 as well;
maybe there is a compatibility problem with rpm in that release.
> The rpm in the repository is ok:
> rpm -Kv ./i586/libavutil50-0.6.201103092102git-1.pm.2.1.i586.rpm
> Header V4 RSA/SHA1 Signature, key ID 1abd1afb: OK
> Header SHA1 digest: OK (6a5712c079b4a93926cf4ea33caa4f46fc7aa3b4)
> V4 RSA/SHA1 Signature, key ID 1abd1afb: OK
> MD5 digest: OK (083f96f42f9495e4ab3a6ccfff73467a)
OK; so I uninstalled all rpm keys with ID 1abd1afb and reinstalled the
one that I fetched from Packman's repository.
# rpm -qa 'gpg-pubkey*' | grep -i 1abd1afb
Still the same problem,
rpm -Kv libavutil50-0.6.201103092102git-1.pm.2.1.i586.rpm tells about a
I also checked with rpm -qi gpg-pubkey-1abd1afb-4c97c60c that the rpm key
is really the same as the one that I imported, namely
pub 4096R/1ABD1AFB 2006-09-18 [expires: 2014-09-19]
Key fingerprint = F887 5B88 0D51 8B6B 8C53 0D13 45A1 D067 1ABD 1AFB
uid PackMan Project (signing key) <packman at links2linux.de>
Any ideas where I could look in addition?
Has anybody else still an 11.1 around where that check works?
Sadly I can't trigger zypper to add --nosignature for
Packman's rpm packages. (Soon I'll update to 11.4 anyhow; I'd go along with
no sig checking for a few weeks.)
Joachim Schrod Email: jschrod at acm.org
More information about the Packman