I'm trying to sign the Java JDK 1.6u21 64-bit RPM on CentOS 5.5 for use with Spacewalk and I'm running into problems. It seems to sign okay, but then when I check the signature it seems to be missing the key I just used to sign it. Yet RPM shows the key in it's list...
# rpm --addsign jdk-6u21-linux-amd64.rpm
Enter pass phrase:
Pass phrase is good.
jdk-6u21-linux-amd64.rpm:
gpg: WARNING: standard input reopened
gpg: WARNING: standard input reopened
# rpm --checksig -v jdk-6u21-linux-amd64.rpm
jdk-6u21-linux-amd64.rpm:
Header V3 DSA signature: NOKEY, key ID ecfd98a5
MD5 digest: OK (650e0961e20d4a44169b68e8f4a1691b)
V3 DSA signature: OK, key ID ecfd98a5
Yet I have the key imported (edited for privacy):
# rpm -qa gpg-pubkey* |grep ecfd98a5
gpg-pubkey-ecfd98a5-4caa4a4c
# rpm -qi gpg-pubkey-ecfd98a5-4caa4a4c
Name : gpg-pubkey Relocations: (not relocatable)
Version : ecfd98a5 Vendor: (none)
Release : 4caa4a4c Build Date: Mon 04 Oct 2010 10:20:49 PM CDT
Install Date: Mon 04 Oct 2010 10:20:49 PM CDT Build Host: localhost
Group : Public Keys Source RPM: (none)
Size : 0 License: pubkey
Signature : (none)
Summary : gpg(FirstName LastName <[email protected]>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.4.2.3 (NSS-3)
...key goes here...
=gKjN-----END PGP PUBLIC KEY BLOCK-----
And I'm definitely running a 64-bit version of CentOS:
# uname -a
Linux spacewalk.mycompany.corp 2.6.18-194.11.4.el5 #1 SMP Tue Sep 21 05:04:09 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
Without a valid signature, Spacewalk refuses to install the RPM unless I completely disable signature checking. I have tried this with two different keys and two different users on the same machine without any success.
Any bright ideas?
Your checksig output is correct since it shows your public key ID.
Are you doing this between two machines or all on one?
There is a known bug with large RPMs in RHEL/CentOS 5 that causes GPG sigs to always fail for some large RPMs.