[SOLVED] yum: Package is not signed. rpm: seems like it is.

General support questions
Post Reply
drookie
Posts: 9
Joined: 2016/01/16 09:45:53

[SOLVED] yum: Package is not signed. rpm: seems like it is.

Post by drookie » 2016/01/16 10:14:51

Hi.

I host my own private repository with a bunch of packages on it (created and signed by me). Some time ago I built and uploaded a newer php version on it. But when I'm trying to install it with yum, I get:

Code: Select all

Total size: 8.4 M
Total download size: 6.9 M
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
php-bcmath-5.6.16-1.el7.centos FAILED
http://centos.enaza.ru/centos-7/x86_64/php-bcmath-5.6.16-1.el7.centos.0.x86_64.rpm: [Errno -1] Package does not match intended download. Suggestion: run yum --enablerepo=enaza clean metadata
Trying other mirror.
php-common-5.6.16-1.el7.centos FAILED
http://centos.enaza.ru/centos-7/x86_64/php-common-5.6.16-1.el7.centos.0.x86_64.rpm: [Errno -1] Package does not match intended download. Suggestion: run yum --enablerepo=enaza clean metadata
Trying other mirror.
php-cli-5.6.16-1.el7.centos.0. FAILED
http://centos.enaza.ru/centos-7/x86_64/php-cli-5.6.16-1.el7.centos.0.x86_64.rpm: [Errno -1] Package does not match intended download. Suggestion: run yum --enablerepo=enaza clean metadata
Trying other mirror.
php-devel-5.6.16-1.el7.centos. FAILED
The root cause seems to be the following: if I delete all the old packages to investigate the problem and try to install new ones, I get the error "Package is not signed" on php-5.6.16-1.el7.centos.0.x86_64.rpm. So, if I clean the yum metadata about my repository, I'm able to upgrade packages with --nogpgcheck key. But I want to fix this.

Rpm on this exact host (which the errors above are from) says package is okay, if I point it to the local file (just downloaded from a repo with wget):

[root@pandora packages]# rpm -Kv php-5.6.16-1.el7.centos.0.x86_64.rpm
php-5.6.16-1.el7.centos.0.x86_64.rpm:
Header V3 RSA/SHA1 Signature, key ID ae38ec45: OK
Header SHA1 digest: OK (bc874253ba28d8dcc3dfc4c3a5eed222fe05eeab)
V3 RSA/SHA1 Signature, key ID ae38ec45: OK
MD5 digest: OK (b0b36581cdc34391627614934bf12e3b)

Key is of course imported (notice the ae38ec45 key):

[root@pandora packages]# rpm -qa gpg-pubkey*
gpg-pubkey-f4a80eb5-53a7ff4b
gpg-pubkey-352c64e5-52ae6884
gpg-pubkey-ae38ec45-5617638b

So, I just constantly fail to understand what you is wanting from me.
If you have an idea, please let me know.

Thanks.
Last edited by drookie on 2016/01/16 11:18:19, edited 2 times in total.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: yum: Package is not signed. rpm: seems like it is.

Post by TrevorH » 2016/01/16 10:21:20

http://centos.enaza.ru/centos-7/x86_64/ ... x86_64.rpm: [Errno -1] Package does not match intended download. Suggestion: run yum --enablerepo=enaza clean metadata
This means that the package doesn't match the file contents as they were when you ran createrepo. If you add the package to the repo then createrepo and then rpm --addsign then that would do that. The correct sequence is add the package, sign it, then createrepo - is that what you did?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

drookie
Posts: 9
Joined: 2016/01/16 09:45:53

Re: yum: Package is not signed. rpm: seems like it is.

Post by drookie » 2016/01/16 11:17:38

Thanks a lot. This is exactly what I did wrong.

Post Reply