I'm having terrible trouble getting signing rpms with gpg to work. I've got a gpg key:
Code:
$ gpg --list-keys
/home/bob/.gnupg/pubring.gpg
----------------------------
pub 2048R/D2787DFA 2009-06-03
uid Bob the (rpm) Builder
I've got an ~/.rpmmacros file
Code:
$ cat ~/.rpmmacros
%_topdir /home/bob/rpmbuild
%_tmppath /home/bob/rpmbuild/tmp
%_signature gpg
%_gpg_name Bob the (rpm) Builder
I've told rpm about the key:
Code:
$ rpm -q gpg-pubkey | grep -i D2787DFA
gpg-pubkey-d2787dfa-4a26706f
If I build an rpm all appears well:
Code:
$ rpm -ba --sign whatever.spec
Enter pass phrase:
Pass phrase is good.
Executing(%prep): /bin/sh -e /home/bob/rpmbuild/tmp/rpm-tmp.63714
[ USUAL RPM BUILD BLAH ]
Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/bob/rpmbuild/tmp/whatever-1.0-build
Generating signature: 1005
gpg: WARNING: standard input reopened
gpg: WARNING: standard input reopened
Wrote: /home/bob/rpmbuild/SRPMS/d
Wrote: /home/bob/rpmbuild/RPMS/noarch/whatever-1.0-0.src.rpm
Generating signature: 1005
gpg: WARNING: standard input reopened
gpg: WARNING: standard input reopened
Wrote: /home/bob/rpmbuild/RPMS/noarch/whatever-1.0-0.noarch.rpm
Executing(%clean): /bin/sh -e /home/bob/rpmbuild/tmp/rpm-tmp.80814
+ umask 022
+ cd /home/bob/rpmbuild/BUILD
+ cd whatever
+ rm -rf /home/bob/rpmbuild/tmp/whatever-1.0-build
+ rm -rf /home/bob/rpmbuild/tmp/whatever
+ rm -rf /home/bob/rpmbuild/BUILD/whatever
+ exit 0
Except that gpg WARNING, but far as I can tell that's nothing to worry about.
Now I check the signature:
Code:
rpm --checksig -vvv /home/bob/rpmbuild/RPMS/noarch/whatever-1.0-0.noarch.rpm
D: Expected size: 3971 = lead(96)+sigs(784)+pad(0)+data(3091)
D: Actual size: 3971
/home/bob/rpmbuild/RPMS/noarch/whatever-1.0-0.noarch.rpm:
Header V4 RSA/SHA1 signature: BAD, key ID d2787dfa
Header SHA1 digest: OK (9c4ddeb8cabd0448f983719bb47577e21fae5664)
V4 RSA/SHA1 signature: BAD, key ID d2787dfa
MD5 digest: OK (314e87fac2db2887b7dbe0811eb074ed)
D: May free Score board((nil))
and I'm told it's BAD. Zypper also refuses to install the resulting rpm.
Code:
Installation of whatever-1.0-0 failed:
(with --nodeps --force) Error: Subprocess failed. Error: RPM failed: error: /var/cache/zypp/packages/my_repo/noarch/whatever-1.0-0.noarch.rpm: Header V4 RSA/SHA1 signature: BAD, key ID d2787dfa
I've read a bunch of guides and totally failed to workout what I'm doing wrong.