Обсуждение: Unsigned RPM's ?
Hello,
If I'm not mistaken the latest available rpms for Red Hat 7.3 is missing the signature, doing a simple
$ > rpm -qpi https://download.postgresql.org/pub/repos/yum/9.3/redhat/rhel-7.3-x86_64/postgresql93-server-9.3.20-3PGDG.rhel7.x86_64.rpm"
Gives me,
$ > Name : postgresql93-server
$ > Version : 9.3.20
$ > Release : 3PGDG.rhel7
$ > Architecture: x86_64
$ > Install Date: (not installed)
$ > Group : Applications/Databases
$ > Size : 16551335
$ > License : PostgreSQL
$ > Signature : (none)
$ > Source RPM : postgresql93-9.3.20-3PGDG.rhel7.src.rpm
$ > Build Date : tor 7 dec 2017 22:41:49
$ > Build Host : koji-rhel7-x86-64-pgbuild
$ > Relocations : (not relocatable)
$ > URL : http://www.postgresql.org/
$ > Summary : The programs needed to create and run a PostgreSQL server
$ > Description :
$ > PostgreSQL is an advanced Object-Relational database management system (DBMS).
$ > The postgresql93-server package contains the programs needed to create
$ > and run a PostgreSQL server, which will in turn allow you to create
$ > and maintain PostgreSQL databases.
Notice the Signature "(none)".
Doing the same command on previous rpm's reveals a the signature "DSA/SHA1, ons 8 nov 2017 21:52:18, Key ID 1f16d2e1442df0f8"
Am I missing something ?
Best regards,
Patrik Martinsson
Sweden
I'm going ahead and answering my self.
Apparently this issue was already posted in the postgresql-yum-list.
// Patrik
On Mon, Dec 11, 2017 at 11:19 AM Patrik Martinsson <martinsson.patrik@gmail.com> wrote:
Hello,If I'm not mistaken the latest available rpms for Red Hat 7.3 is missing the signature, doing a simple$ > rpm -qpi https://download.postgresql.org/pub/repos/yum/9.3/redhat/rhel-7.3-x86_64/postgresql93-server-9.3.20-3PGDG.rhel7.x86_64.rpm"Gives me,$ > Name : postgresql93-server$ > Version : 9.3.20$ > Release : 3PGDG.rhel7$ > Architecture: x86_64$ > Install Date: (not installed)$ > Group : Applications/Databases$ > Size : 16551335$ > License : PostgreSQL$ > Signature : (none)$ > Source RPM : postgresql93-9.3.20-3PGDG.rhel7.src.rpm$ > Build Date : tor 7 dec 2017 22:41:49$ > Build Host : koji-rhel7-x86-64-pgbuild$ > Relocations : (not relocatable)$ > URL : http://www.postgresql.org/$ > Summary : The programs needed to create and run a PostgreSQL server$ > Description :$ > PostgreSQL is an advanced Object-Relational database management system (DBMS).$ > The postgresql93-server package contains the programs needed to create$ > and run a PostgreSQL server, which will in turn allow you to create$ > and maintain PostgreSQL databases.Notice the Signature "(none)".Doing the same command on previous rpm's reveals a the signature "DSA/SHA1, ons 8 nov 2017 21:52:18, Key ID 1f16d2e1442df0f8"Am I missing something ?Best regards,Patrik MartinssonSweden
Hi, On Mon, 2017-12-11 at 10:19 +0000, Patrik Martinsson wrote: > If I'm not mistaken the latest available rpms for Red Hat 7.3 is missing > the signature, doing a simple > > $ > rpm -qpi > https://download.postgresql.org/pub/repos/yum/9.3/redhat/rhel-7.3-x86_64/post > gresql93-server-9.3.20-3PGDG.rhel7.x86_64.rpm > " This was also raised here: https://redmine.postgresql.org/issues/2942 ...and I fixed it today. Sorry for the inconvenience. Regards, -- Devrim Gündüz EnterpriseDB: https://www.enterprisedb.com PostgreSQL Consultant, Red Hat Certified Engineer Twitter: @DevrimGunduz , @DevrimGunduzTR