rpm 5.4.15 creates invalid rpms

[Jan Rękorajski]

On Tue, 04 Nov 2014, Elan Ruusamäe wrote:

> On 03.11.2014 22:59, Jeffrey Johnson wrote:
> > On Nov 3, 2014, at 3:53 PM, Elan Ruusamäe wrote:
> >
> >> Executing rpm --upgrade -vh --root / --define _check_dirname_deps 1...
> >> error: jenkins-1.580.1-1.noarch.rpm: Header V4 RSA/SHA1 signature: BAD, key ID 403fdcd0
> >> error: jenkins-1.580.1-1.noarch.rpm cannot be installed
> >> error: jenkins-plugin-maven-1.580.1-1.noarch.rpm: Header V4 RSA/SHA1 signature: BAD, key ID 403fdcd0
> >> error: jenkins-plugin-maven-1.580.1-1.noarch.rpm cannot be installed
> >>
> >> those rpms ARE NOT signed. raw what rpmbuild wrote.
> >>
> >> rpm used in build machine:
> >> $ rpmbuild --version
> >> rpmbuild (RPM) 5.4.15
> >>
> >> $ rpm -q rpm-build
> >> rpm-build-5.4.15-1.i686
> >>
> >>
> >> rpm used in target machine:
> >> # rpm --version
> >> RPM version 4.5
> >>
> >> # rpm -q rpm
> >> rpm-4.5-70.i686
> >>
> >> i've placed the offending rpm's here:
> >> http://carme.pld-linux.org/~glen/rpm5/
> >> (filenames you already know in case mod_dirlisting is not working)
> >>
> > The RSA v4 keyid is not correctly implementedin rpm-4.5. Use DSA or go fix rpm-4.5.
> baggins: we probably should revert it then.

I'd leave it in test for now, but I'm ok with the downgrade you did on
builders.

> > All packages produced by rpmbuild-5.4.15 are signed automatically. Been that way
> > for several years.
> yep. that's what i recalled problem being familiar.

If it's been there for years, then why the problems started on 5.4.15?

-- 
Jan Rękorajski                                 | PLD/Linux
SysAdm                                         | http://www.pld-linux.org/
baggins<at>google.com
baggins<at>pld-linux.org