ius-release RPM is not signed

Bug #949079 reported by Jeff Sheltren on 2012-03-07
This bug affects 1 person
Affects Status Importance Assigned to Milestone
IUS Community Project

Bug Description

Current versions of the ius-release package on EL5 are not signed:

# rpm -Kv ius-release-1.0-10.ius.el5.noarch.rpm
    Header SHA1 digest: OK (4f61003388141e265c5e58dd4fc4a6d6e8b26963)
    MD5 digest: OK (bff6188a94ee6695b0e83bc328e0a101)

That was downloaded this morning from http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1.0-10.ius.el5.noarch.rpm

Note that I downloaded the same rpm (or at least one with the same NVR) on March 3, and it *is* signed:

-rw-r--r-- 1 root root 7331 Mar 3 20:03 ius-release-1.0-10.ius.el5.noarch.rpm

# rpm -Kv ius-release-1.0-10.ius.el5.noarch.rpm
    Header V4 DSA signature: OK, key ID 9cd4953f
    Header SHA1 digest: OK (d8ebbd91fb675dd20ef5687b184fd322864f6835)
    MD5 digest: OK (7f60418011a6ba763b681e38c14d1b31)
    V4 DSA signature: OK, key ID 9cd4953f

The newer (unsigned) version of this RPM is preventing yum from doing updates with gpgcheck enabled. Also, I wonder why/how this changed since there was once a signed RPM in place.

Jeffrey Ness (jeffrey-ness) wrote :

Hello Jeff,

Thanks for your bug, this has been reported early this morning in https://answers.launchpad.net/ius/+question/189951
and should now be resolved.

$ rpm -qp http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1.0-10.ius.el5.noarch.rpm -i
Name : ius-release Relocations: (not relocatable)
Version : 1.0 Vendor: IUS Community Project
Release : 10.ius.el5 Build Date: Tue 14 Feb 2012 05:39:45 AM CST
Install Date: (not installed) Build Host: 339180-build01.rpmdev.rackspace.com
Group : System Environment/Base Source RPM: ius-release-1.0-10.ius.el5.src.rpm
Size : 8497 License: IUS Community Project End User Agreement
Signature : DSA/SHA1, Wed 07 Mar 2012 08:27:42 AM CST, Key ID da221cdf9cd4953f
URL : http://dl.iuscommunity.org/pub/ius
Summary : IUS Community Project repository configuration
Description :
This package contains the IUS Community Project (IUS) repository
GPG key as well as configuration for yum.

Thank you for your report, and sorry for any issues this may of caused you.


Changed in ius:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers