rpm 5.4.15 creates invalid rpms

Jeffrey Johnson n3npq at me.com
Mon Nov 3 21:59:09 CET 2014


On Nov 3, 2014, at 3:53 PM, Elan Ruusamäe wrote:

> seems rpm 4.5.15 creates rpms that rpm 4.5 is unable to install.
> 

Why are you still using rpm-4.5? Presumably yopu mean 5.4.15.

> this sounds soo familiar already. something like payload not padded, containing random memory etc...
> 
> Executing rpm --upgrade -vh --root / --define _check_dirname_deps 1...
> error: jenkins-1.580.1-1.noarch.rpm: Header V4 RSA/SHA1 signature: BAD, key ID 403fdcd0
> error: jenkins-1.580.1-1.noarch.rpm cannot be installed
> error: jenkins-plugin-maven-1.580.1-1.noarch.rpm: Header V4 RSA/SHA1 signature: BAD, key ID 403fdcd0
> error: jenkins-plugin-maven-1.580.1-1.noarch.rpm cannot be installed
> 
> those rpms ARE NOT signed. raw what rpmbuild wrote.
> 
> rpm used in build machine:
> $ rpmbuild --version
> rpmbuild (RPM) 5.4.15
> 
> $ rpm -q rpm-build
> rpm-build-5.4.15-1.i686
> 
> 
> rpm used in target machine:
> # rpm --version
> RPM version 4.5
> 
> # rpm -q rpm
> rpm-4.5-70.i686
> 
> i've placed the offending rpm's here:
> http://carme.pld-linux.org/~glen/rpm5/
> (filenames you already know in case mod_dirlisting is not working)
> 

The RSA v4 keyid is not correctly implementedin rpm-4.5. Use DSA or go fix rpm-4.5.

All packages produced by rpmbuild-5.4.15 are signed automatically. Been that way
for several years.

73 de Jeff
> -- 
> glen
> 
> _______________________________________________
> pld-devel-en mailing list
> pld-devel-en at lists.pld-linux.org
> http://lists.pld-linux.org/mailman/listinfo/pld-devel-en



More information about the pld-devel-en mailing list