Fedora Linux Support Community & Resources Center
  #1  
Old 15th April 2012, 07:30 PM
KevinDrums Offline
Registered User
 
Join Date: Apr 2010
Location: USA
Posts: 43
linuxfirefox
Question Why can't I sign an RPM package with my GPG key?

I build my package: 'rpmbuild -ba SPECS/rmmr.spec' and this results in a source and noarch package.
I can check the
'rpm --checksig RPMS/noarch/rmmr-1.8-1_3kc.noarch.rpm SRPMS/rmmr-1.8-1_3kc.src.rpm'
RPMS/noarch/rmmr-1.8-1_3kc.noarch.rpm: sha1 md5 OK
SRPMS/rmmr-1.8-1_3kc.src.rpm: sha1 md5 OK

I want to add my GPG signature to the packages and try this:
rpm -v --addsign SRPMS/rmmr-1.8-1_3kc.src.rpm
rpm: SRPMS/rmmr-1.8-1_3kc.src.rpm: No such file or directory

But, 'ls -l SRPMS/rmmr-1.8-1_3kc.src.rpm' reports
-rw-r-----. 1 kevinc kevinc 7547 Apr 15 11:24 SRPMS/rmmr-1.8-1_3kc.src.rpm

I've been signing packages just fine since the mid 1990s with RPM 4.0. Now on Fedora 16 I can't sign packages? I added '-v' to rpm to report what's going on. But, that didn't help. I'm guessing that there's some temporary directory somewhere that doesn't exist. But, I can't figure out what's going on.

Any ideas people?

Thanks....
Reply With Quote
  #2  
Old 15th April 2012, 08:41 PM
Yellowman
Guest
 
Posts: n/a
linuxfirefox
Re: Why can't I sign an RPM package with my GPG key?

Try installing rpm-sign then try again


Code:
su
yum install rpm-sign
Reply With Quote
  #3  
Old 15th April 2012, 09:23 PM
KevinDrums Offline
Registered User
 
Join Date: Apr 2010
Location: USA
Posts: 43
linuxfirefox
SOLVED - Re: Why can't I sign an RPM package with my GPG key?

That worked! I signed my packages. Then I tried to verify the signatures. Earlier I did:
Code:
gpg --export -a cb31ebcc > kevinc-cb31ebcc.key
sudo rpm --import kevinc-cb31ebcc.key
That used to be enough years ago. But, I would now get
Code:
rpm --checksig ../homebrew/fedora/16/noarch/*
../homebrew/fedora/16/noarch/rmmr-1.8-3kc_fc16.noarch.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#cb31ebcc) 
../homebrew/fedora/16/noarch/sharmail-1.6-3kc_0tek_fc16.noarch.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#cb31ebcc)
It appears that I now also need to copy the key
Code:
sudo cp kevinc-cb31ebcc.key /var/lib/rpm/pubkeys/
Now I get
Code:
rpm --checksig ../homebrew/fedora/16/noarch/*
../homebrew/fedora/16/noarch/rmmr-1.8-3kc_fc16.noarch.rpm: (sha1) dsa sha1 md5 gpg OK
../homebrew/fedora/16/noarch/sharmail-1.6-3kc_0tek_fc16.noarch.rpm: (sha1) dsa sha1 md5 gpg OK
Thanks!

---------- Post added at 01:23 PM ---------- Previous post was at 01:06 PM ----------

It turns out that putting my keys into /var/lib/rpm/pubkeys to get 'rpm --checksig' working ends up breaking 'yum update'.

http://forums.fedoraforum.org/showpo...49&postcount=3

So, I tried 'sudo gpg --import kevinc-cb31ebcc.key' which works to get 'rpm --checksig' working. I'll have to wait for the next set of updates to see if these keys broke that.

A long time ago having root import my GPG keys didn't work very well. See here http://www.mombu.com/gnu_linux/red-h...-11049416.html

Thanks....
Reply With Quote
Reply

Tags
gpg, key, package, rpm, sign

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How to sign a package when installing with yum blnlx Using Fedora 4 22nd August 2010 01:32 PM
More sign language Wayne Wibble 2 31st January 2009 12:16 PM
A sign of the times......? ironeagle62 Wibble 6 18th November 2008 03:54 PM
How do I get the Pound sign? Jongi Using Fedora 20 27th March 2008 10:33 PM
Can't sign in Fedora(!_!) vuha Using Fedora 3 18th January 2008 01:18 AM


Current GMT-time: 04:05 (Friday, 31-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Sardarshahr - Kasba - Dobryanka