root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

packaging: Force GPG v3 signatures for the SLES 11 RPM package 

It looks like RPM on SLES 11 fails to handle GPG v4 signatures, even
though it happily signed it:

    # rpm -K -vvv  ./rabbitmq-server-3.7.0~alpha.378-1.sles11.noarch.rpm
    ./rabbitmq-server-3.7.0~alpha.378-1.sles11.noarch.rpm:
        Header V4 RSA/SHA1 signature: BAD, key ID 6026dfca
        Header SHA1 digest: OK (895933d0ba5eca00759ebdfaa0d4e5d156ad0985)
        V4 RSA/SHA1 signature: BAD, key ID 6026dfca
        MD5 digest: OK (422c5b455a0f63055d5cd8701da8064b)

After forcing a GPG v3 signature, the signature check is successful:

    # rpm -v -K ./rabbitmq-server-3.6.12.rc2+1.gf3f347e.dirty-1.sles11.noarch.rpm
    ./rabbitmq-server-3.6.12.rc2+1.gf3f347e.dirty-1.sles11.noarch.rpm:
        Header SHA1 digest: OK (a9235a3ec1f7a893bd1fe2ec20c011542cfe88d4)
        MD5 digest: OK (fd555d5b73180efcb8232f1f0a5a8a61)

[#150792874]
This commit is contained in:
Jean-Sébastien Pédron 2017-09-05 00:03:41 +02:00
parent db554ea736
commit 051f230096
No known key found for this signature in database
GPG Key ID: 39E99761A5FD94CC
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packaging/RPMS/Fedora/Makefile
View File

@ -33,6 +33,7 @@ FUNCTION_LIBRARY=
REQUIRES=/sbin/chkconfig /sbin/service REQUIRES=/sbin/chkconfig /sbin/service
OS_DEFINES=--define '_initrddir /etc/init.d' --define 'dist .sles11' --define 'suse_version 1012' OS_DEFINES=--define '_initrddir /etc/init.d' --define 'dist .sles11' --define 'suse_version 1012'
SPEC_DEFINES=--define 'group_tag Productivity/Networking/Other' SPEC_DEFINES=--define 'group_tag Productivity/Networking/Other'
RPMSIGN_DEFINES=--define '%__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --digest-algo=sha1 --batch --no-verbose --no-armor --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}'
START_PROG=startproc START_PROG=startproc
else ifeq "$(RPM_OS)" "opensuse" else ifeq "$(RPM_OS)" "opensuse"
FUNCTION_LIBRARY= FUNCTION_LIBRARY=
@ -140,6 +141,7 @@ ifneq ($(SIGNING_KEY),)
rpm --addsign \ rpm --addsign \
--define '_signature gpg' \ --define '_signature gpg' \
--define '_gpg_name $(SIGNING_KEY)' \ --define '_gpg_name $(SIGNING_KEY)' \
$(RPMSIGN_DEFINES) \
SRPMS/*-$(RPM_VERSION)*.rpm \ SRPMS/*-$(RPM_VERSION)*.rpm \
RPMS/noarch/*-$(RPM_VERSION)*.rpm \ RPMS/noarch/*-$(RPM_VERSION)*.rpm \
< /dev/null < /dev/null