From unknown Thu Apr 09 08:20:53 2026 X-Loop: owner@bugs.x2go.org Subject: Bug#897: [X2Go-Dev] epel 5 repos have signature errors Reply-To: Mihai Moldovan , 897@bugs.x2go.org Resent-From: Mihai Moldovan Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 01 Jul 2015 16:15:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 897 X-X2Go-PR-Package: X-X2Go-PR-Keywords: Received: via spool by 897-submit@bugs.x2go.org id=B897.14357672434576 (code B ref 897); Wed, 01 Jul 2015 16:15:02 +0000 Received: (at 897) by bugs.x2go.org; 1 Jul 2015 16:14:03 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from Root24.de (powered.by.root24.eu [5.135.3.88]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 478FE5DA85 for <897@bugs.x2go.org>; Wed, 1 Jul 2015 18:14:02 +0200 (CEST) Received: from nopileos.local (home.ionic.de [217.92.117.31]) by mail.ionic.de (Postfix) with ESMTPSA id 03ADB4F05062 for <897@bugs.x2go.org>; Wed, 1 Jul 2015 18:14:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ionic.de; s=default; t=1435767242; bh=UMUzVJUyc5vyPCqxf0TFemzuQROpDxIoN+vr6ieOMf8=; h=From:Subject:To:References:Date:In-Reply-To:From; b=dzvCcRAWJML1c/5aJp6Irw8/GGzpRDd5bDRSDhNRFsftishjw7HUaO1tRkpZJlAwW jP8azMqqrSxq3ypwNj6Xj7Dye/X0pWoh4PEE367cS6CXQGmxpD1W8ZLG14hShCwyzA 67NMbd6UdbnIyUU+N0oWAt6cQ1RfXvS7jtKC+lJI= From: Mihai Moldovan To: 897@bugs.x2go.org References: <55925FB9.4070405@nxp.com> <5592E97E.4020704@ionic.de> <5593B2FE.405@nxp.com> <5593C4D1.5070609@gmx.de> Message-ID: <559411C6.2060808@ionic.de> Date: Wed, 1 Jul 2015 18:13:58 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.0.1 MIME-Version: 1.0 In-Reply-To: <5593C4D1.5070609@gmx.de> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="WVFtlLbm8gitX0hvSbxT3wpUatFOpNDbh" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --WVFtlLbm8gitX0hvSbxT3wpUatFOpNDbh Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable [resent to bug report specifically] On 01.07.2015 12:45 PM, Ulrich Sibiller wrote: > Am 01.07.2015 um 11:29 schrieb Christian Trenkwalder: >> The repo looks as followed (same holds for the [x2go-extras-epel]), i >> manually disabled the gpgcheck, but it changes nothing. > > > I am not sure if this is relevant here, but I just wanted to throw in, = that > if you generate Repos for RHEL5 on RHEL6 or 7 you must explicitly call > createrepo with -s sha1 or -s sha. I'm painfully aware of that: http://code.x2go.org/gitweb?p=3Dbuildscripts.git;a=3Dblob;f=3Dbin/build-r= pm-package;h=3D0fdea9a9b6366e514d1c254fc1bacda88982265e;hb=3DHEAD#l873 That shouldn't be the problem, we've been doing this quite a while now. BUT we do sign the packages with an 2048 bit RSA key. While this is not a= bad idea per se, I've read that RHEL5's rpm only supports 1024 bit RSA or DSA= keys... Looks like I have to create an 1024 bit subkey, upload that to the keyser= vers, put it into the Debian keyring, add it to http://packages.x2go.org/pub.ke= y and sign all RHEL 5 packages with that weak one? Maybe Christian would have needed to also run "yum clean" and maybe even = delete the downloaded key file in addition to disabling gpgcheck in order to mak= e RPM not check the signatures anymore. Given that he switched to the official EPEL repo, I assume(?) I can't con= tinue debugging this (well, short of creating a CentOS 5 VM...) Mihai --WVFtlLbm8gitX0hvSbxT3wpUatFOpNDbh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJVlBHGAAoJEB/WLtluJTqHJAMQAJrcUgMdrqg7zFk8MUy4OWHs 2Fsfty18D4LrDASYgUqp9d8PgL//mTXsAI0Jlm/rIAfed+ESqVUsLTe7qzJpZzsq poNmzdG41xjUQR+LoeHBFwI98R2rjAZuBJaRagZG7atOdtAzA95KR2Tk8OxpJsMd NsZLj7wzdmskH5IRFkM5Va5yPt7GHDXoQ6pppmmfh8NUXqUkX/uUpD7eOvs/rQ/D Q240m/x0zXhsfRisg+eVnlRtI9z+yGVmMB19eFARR/84PknM3Kpp9PE8sd+tnppZ a7r2IW8jmzCZ5jgqD04iKIEi4S9PzMmLlxCsZaAQXdgKFT0LYSSqcfAB3eaG7jdP bA0ppoVM0ulV5eKrxkmaXkoDLBs6tWGpugGkXl58+hsobKUUJfsJH7+59UkVRCjJ jei2MRayFvMSbunBKmiY1g1Rmf+SmvDhLkInDPchV2RXKfaFFWn0BYhX8QHsczF4 IGarE+AGhVbNSB9kGUdFpk2yZ/hDqHDB5SWKXwY0fQoHn8LvL2RtEfl6eywjFJgZ Vt5tVulFT4EqWcE+6z/NJKzNIWQt4bgfMyRIkzI9mgUkELsXZiWkLTX1rQBAzrZA 9JElHM3OOBwZrKk3yeze8LJMLfVfVS4Hvb2JmxO4BpGIQdNV8zGRloEm9EdlJfCT uaJrg7mnYcfUzoohtEZw =74FT -----END PGP SIGNATURE----- --WVFtlLbm8gitX0hvSbxT3wpUatFOpNDbh--