#897 - epel 5 repos have signature errors

X2Go Bug report logs - #897
epel 5 repos have signature errors

Reported by: Christian Trenkwalder <christian.trenkwalder@nxp.com>

Date: Tue, 30 Jun 2015 09:40:02 UTC

Severity: normal

Found in version 0

Done: Mihai Moldovan <ionic@ionic.de>

Bug is archived. No further changes may be made.

Received: (at 897) by bugs.x2go.org; 1 Jul 2015 16:14:03 +0000
From ionic@ionic.de  Wed Jul  1 18:14:02 2015
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID,
	URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from Root24.de (powered.by.root24.eu [5.135.3.88])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 478FE5DA85
	for <897@bugs.x2go.org>; Wed,  1 Jul 2015 18:14:02 +0200 (CEST)
Received: from nopileos.local (home.ionic.de [217.92.117.31])
	by mail.ionic.de (Postfix) with ESMTPSA id 03ADB4F05062
	for <897@bugs.x2go.org>; Wed,  1 Jul 2015 18:14:01 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ionic.de; s=default;
	t=1435767242; bh=UMUzVJUyc5vyPCqxf0TFemzuQROpDxIoN+vr6ieOMf8=;
	h=From:Subject:To:References:Date:In-Reply-To:From;
	b=dzvCcRAWJML1c/5aJp6Irw8/GGzpRDd5bDRSDhNRFsftishjw7HUaO1tRkpZJlAwW
	 jP8azMqqrSxq3ypwNj6Xj7Dye/X0pWoh4PEE367cS6CXQGmxpD1W8ZLG14hShCwyzA
	 67NMbd6UdbnIyUU+N0oWAt6cQ1RfXvS7jtKC+lJI=
From: Mihai Moldovan <ionic@ionic.de>
Subject: Re: [X2Go-Dev] epel 5 repos have signature errors
To: 897@bugs.x2go.org
References: <55925FB9.4070405@nxp.com> <5592E97E.4020704@ionic.de>
 <5593B2FE.405@nxp.com> <5593C4D1.5070609@gmx.de>
Message-ID: <559411C6.2060808@ionic.de>
Date: Wed, 1 Jul 2015 18:13:58 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0)
 Gecko/20100101 Thunderbird/38.0.1
MIME-Version: 1.0
In-Reply-To: <5593C4D1.5070609@gmx.de>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="WVFtlLbm8gitX0hvSbxT3wpUatFOpNDbh"

[Message part 1 (text/plain, inline)]

[resent to bug report specifically] On 01.07.2015 12:45 PM, Ulrich Sibiller wrote: > Am 01.07.2015 um 11:29 schrieb Christian Trenkwalder: >> The repo looks as followed (same holds for the [x2go-extras-epel]), i >> manually disabled the gpgcheck, but it changes nothing. > > > I am not sure if this is relevant here, but I just wanted to throw in, that > if you generate Repos for RHEL5 on RHEL6 or 7 you must explicitly call > createrepo with -s sha1 or -s sha. I'm painfully aware of that: http://code.x2go.org/gitweb?p=buildscripts.git;a=blob;f=bin/build-rpm-package;h=0fdea9a9b6366e514d1c254fc1bacda88982265e;hb=HEAD#l873 That shouldn't be the problem, we've been doing this quite a while now. BUT we do sign the packages with an 2048 bit RSA key. While this is not a bad idea per se, I've read that RHEL5's rpm only supports 1024 bit RSA or DSA keys... Looks like I have to create an 1024 bit subkey, upload that to the keyservers, put it into the Debian keyring, add it to http://packages.x2go.org/pub.key and sign all RHEL 5 packages with that weak one? Maybe Christian would have needed to also run "yum clean" and maybe even delete the downloaded key file in addition to disabling gpgcheck in order to make RPM not check the signatures anymore. Given that he switched to the official EPEL repo, I assume(?) I can't continue debugging this (well, short of creating a CentOS 5 VM...) Mihai

[signature.asc (application/pgp-signature, attachment)]

X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Apr 18 14:59:59 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

X2Go Bug report logs - #897 epel 5 repos have signature errors

X2Go Bug report logs - #897
epel 5 repos have signature errors