ius-coredev team mailing list archive

Thread
Date

[Bug 949079] [NEW] ius-release RPM is not signed

To: ius-coredev@xxxxxxxxxxxxxxxxxxx
From: Jeff Sheltren <jeff@xxxxxxxxxxxxxxxxxx>
Date: Wed, 07 Mar 2012 15:39:38 -0000
Reply-to: Bug 949079 <949079@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Current versions of the ius-release package on EL5 are not signed:

# rpm -Kv ius-release-1.0-10.ius.el5.noarch.rpm 
ius-release-1.0-10.ius.el5.noarch.rpm:
    Header SHA1 digest: OK (4f61003388141e265c5e58dd4fc4a6d6e8b26963)
    MD5 digest: OK (bff6188a94ee6695b0e83bc328e0a101)

That was downloaded this morning from
http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-
release-1.0-10.ius.el5.noarch.rpm

Note that I downloaded the same rpm (or at least one with the same NVR)
on March 3, and it *is* signed:

-rw-r--r-- 1 root          root          7331 Mar  3 20:03 ius-
release-1.0-10.ius.el5.noarch.rpm

# rpm -Kv ius-release-1.0-10.ius.el5.noarch.rpm 
ius-release-1.0-10.ius.el5.noarch.rpm:
    Header V4 DSA signature: OK, key ID 9cd4953f
    Header SHA1 digest: OK (d8ebbd91fb675dd20ef5687b184fd322864f6835)
    MD5 digest: OK (7f60418011a6ba763b681e38c14d1b31)
    V4 DSA signature: OK, key ID 9cd4953f

The newer (unsigned) version of this RPM is preventing yum from doing
updates with gpgcheck enabled.  Also, I wonder why/how this changed
since there was once a signed RPM in place.

** Affects: ius
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of IUS Core
Development, which is subscribed to IUS Community Project.
https://bugs.launchpad.net/bugs/949079

Title:
  ius-release RPM is not signed

Status in IUS Community Project:
  New

Bug description:
  Current versions of the ius-release package on EL5 are not signed:

  # rpm -Kv ius-release-1.0-10.ius.el5.noarch.rpm 
  ius-release-1.0-10.ius.el5.noarch.rpm:
      Header SHA1 digest: OK (4f61003388141e265c5e58dd4fc4a6d6e8b26963)
      MD5 digest: OK (bff6188a94ee6695b0e83bc328e0a101)

  That was downloaded this morning from
  http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-
  release-1.0-10.ius.el5.noarch.rpm

  Note that I downloaded the same rpm (or at least one with the same
  NVR) on March 3, and it *is* signed:

  -rw-r--r-- 1 root          root          7331 Mar  3 20:03 ius-
  release-1.0-10.ius.el5.noarch.rpm

  # rpm -Kv ius-release-1.0-10.ius.el5.noarch.rpm 
  ius-release-1.0-10.ius.el5.noarch.rpm:
      Header V4 DSA signature: OK, key ID 9cd4953f
      Header SHA1 digest: OK (d8ebbd91fb675dd20ef5687b184fd322864f6835)
      MD5 digest: OK (7f60418011a6ba763b681e38c14d1b31)
      V4 DSA signature: OK, key ID 9cd4953f

  The newer (unsigned) version of this RPM is preventing yum from doing
  updates with gpgcheck enabled.  Also, I wonder why/how this changed
  since there was once a signed RPM in place.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ius/+bug/949079/+subscriptions

Follow ups

[Bug 949079] Re: ius-release RPM is not signed
From: Jeffrey Ness, 2012-03-07
[Bug 949079] [NEW] ius-release RPM is not signed
From: Jeff Sheltren, 2012-03-07

References

[Bug 949079] [NEW] ius-release RPM is not signed
From: Jeff Sheltren, 2012-03-07