2

I'm trying to set up a repo that contains both CentOS 6.4 and 5.9 packages. The machine itself is 6.4.

I've created a GPG key and have been able to sign my 6.4 packages no problem. When I create them for 5.9 though I get header errors. I realize that the versions of RPM are different, so I installed 4.2 (the version that ships with 5.9) and tried signing with that... it still doesn't work. 

[root@usch1ksv01 RPMS]# /usr/local/bin/rpm --version
RPM version 4.4.2.3

[root@usch1ksv01 RPMS]# rpm --version
RPM version 4.8.0

[root@usch1ksv01 RPMS]# /usr/local/bin/rpm --checksig ypserv-2.19-10.el5_9.1.x86_64.rpm 
ypserv-2.19-10.el5_9.1.x86_64.rpm: RSA sha1 (MD5) (PGP) md5 NOT OK (MISSING KEYS: PGP#a8228ab5) 

[root@usch1ksv01 RPMS]# rpm --checksig ypserv-2.19-10.el5_9.1.x86_64.rpm 
ypserv-2.19-10.el5_9.1.x86_64.rpm: rsa sha1 (md5) pgp md5 OK

I don't understand why the signatures aren't working for the older version of RPM... I'm just doing an rpmsign --addsign , which clearly works for the new version but not the old. I've used both versions of RPM to try signing too.

I'm totally out of ideas, so any help would be greatly appreciated! Thanks!

user165222
  • 125
  • 3
  • 9

1 Answers1

3

The MISSING KEY indicates that you have not done an rpm --import for the 0xa8228ab5 public key.

You can see the pub keys imported into an rpmdb

 rpm -q gpg-pubkey

After import (you may need to export an ASCII-armored pubkey using gnupg), you should see a gpg-pubkey with keyed in the version field.

VP.
  • 103
  • 4
Jeff Johnson
  • 201
  • 1
  • 3