[Yum] rpmbuild --sign
Robert G. Brown
rgb at phy.duke.edu
Tue Nov 30 20:15:11 UTC 2004
I'm trying to build rpm's that work with yum's checksig.
I've tried e.g.
rpmbuild -ba --sign wulfstat.spec
(after setting up .rpmacros to contain directions to my gpg keyring and
user name and telling it to use gpg). The rpm builds correctly and
prompts me correctly for my gpg pass phrase to generate the required
signature. I've also tried adding a signature to existing rpm's via
rgb at ganesh|B:1208>rpm --addsign wulfstat-1.0.1-1.i386.rpm
Enter pass phrase:
Pass phrase is good.
warning: wulfstat-1.0.1-1.i386.rpm: was already signed by key ID
Note that the rpmbuild signature was already there, and rpm was smart
enough not to add it twice.
However, when I CHECK the signature, rpm doesn't like it. Note that
I've already used (as per rpm man page)
rpm --export -a > gpg.pubkey
rpm --import gpg.pubkey
[root at ganesh wulfware]# rpm -qa gpg-pubkey\*
shows that rpm on this system knows about e5637298's public key. It
SHOULD then be able to check the signature in the rpm and verify it, but
neither rpm nor yum-arch -c can (apparently) do so:
rgb at ganesh|B:1209>rpm --checksig wulfstat-1.0.1-1.i386.rpm
wulfstat-1.0.1-1.i386.rpm: (SHA1) DSA sha1 md5 GPG NOT OK
I'm trying to set up a way of using yum as a distribution mechanism for
a related set of personally maintained packages, and this is the only
remaining stumbling block. Obviously I could use gpgcheck = 0, but it
seems equally obviously better/smarter to learn to build rpm's that
So, what am I doing wrong, or leaving out?
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu
More information about the Yum