我有一个OpenBuildServer的私有实例,在这里我构build了RPM包。 我也有一些实验室机器,其SLE版本过时(11.3)。
对于由OBS构build和签署的某些软件包,主机上的RPM声称该签名是“不好”的。 这些相同的软件包在其他主机上使用较新的RPM进行validation没有问题。
例如
######### HOST #1 rpm --version RPM version 4.4.2.3 md5sum /var/cache/zypp/packages/hadoop_ecosystem/x86_64/spark2-2.1.1-2.4.x86_64.rpm b5ca6aa896cc0fda5c77b9ab2ba5247b /var/cache/zypp/packages/hadoop_ecosystem/x86_64/spark2-2.1.1-2.4.x86_64.rpm rpm -Kvv /var/cache/zypp/packages/hadoop_ecosystem/x86_64/spark2-2.1.1-2.4.x86_64.rpm D: Expected size: 198334484 = lead(96)+sigs(772)+pad(4)+data(198333612) D: Actual size: 198334484 D: opening db environment /var/lib/rpm/Packages create:cdb:mpool:private D: opening db index /var/lib/rpm/Packages rdonly mode=0x0 D: locked db index /var/lib/rpm/Packages D: opening db index /var/lib/rpm/Pubkeys rdonly:nofsync mode=0x0 D: read h# 830 Header sanity check: OK D: ========== RSA pubkey id 6e5ed63a 634e3018 (h#830) /var/cache/zypp/packages/hadoop_ecosystem/x86_64/spark2-2.1.1-2.4.x86_64.rpm: Header V3 RSA/SHA1 signature: BAD, key ID 634e3018 Header SHA1 digest: OK (abaa2b32820966540e6cfd72a4dbedd445d9ad8c) V3 RSA/SHA1 signature: OK, key ID 634e3018 MD5 digest: OK (5079e249464d01aec3a54ca6e3652809) D: closed db index /var/lib/rpm/Pubkeys D: closed db index /var/lib/rpm/Packages D: closed db environment /var/lib/rpm/Packages D: May free Score board((nil)) 不同主机上的相同文件:
######### HOST #2 rpm --version RPM version 4.11.2 md5sum spark2-2.1.1-2.4.x86_64.rpm b5ca6aa896cc0fda5c77b9ab2ba5247b spark2-2.1.1-2.4.x86_64.rpm rpm -Kvv spark2-2.1.1-2.4.x86_64.rpm D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key D: loading keyring from rpmdb D: opening db environment /var/lib/rpm cdb:private:0x201 D: opening db index /var/lib/rpm/Packages 0x400 mode=0x0 D: locked db index /var/lib/rpm/Packages D: opening db index /var/lib/rpm/Name nofsync:0x400 mode=0x0 D: read h# 1 Header SHA1 digest: OK (bed4425428137042e7cf5374aa3f23e03a19a7c8) D: added key gpg-pubkey-39db7c82-510a966b to keyring D: read h# 2 Header SHA1 digest: OK (2542207589838333c163fafc805d6a236f3658ed) D: added key gpg-pubkey-50a3dd1c-50f35137 to keyring D: read h# 736 Header SHA1 digest: OK (a6e3cc449b0f0e8eee3f733b7f49a5cde456c645) D: added key gpg-pubkey-23b66a9d-40912de4 to keyring D: read h# 1046 Header SHA1 digest: OK (dc1b63119fd92276ab5cce2d996f67951b22c4ff) D: added key gpg-pubkey-2689b887-42315a9a to keyring D: read h# 1047 Header SHA1 digest: OK (c81da5e778c6787eaa82bdfb0822c428e1b34108) D: added key gpg-pubkey-634e3018-571e4cb1 to keyring D: read h# 1048 Header SHA1 digest: OK (e1944930fc502ac440d02c20497ff4828c5245b8) D: added key gpg-pubkey-6a9979b8-5620c9da to keyring D: read h# 1049 Header SHA1 digest: OK (b0d9ececb29d6d6f32579bbcc404a6dc2ab2c7fa) D: added key gpg-pubkey-2ba681ea-592566b8 to keyring D: Using legacy gpg-pubkey(s) from rpmdb D: Expected size: 198334484 = lead(96)+sigs(772)+pad(4)+data(198333612) D: Actual size: 198334484 spark2-2.1.1-2.4.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID 634e3018: OK Header SHA1 digest: OK (abaa2b32820966540e6cfd72a4dbedd445d9ad8c) V3 RSA/SHA1 Signature, key ID 634e3018: OK MD5 digest: OK (5079e249464d01aec3a54ca6e3652809) D: closed db index /var/lib/rpm/Name D: closed db index /var/lib/rpm/Packages D: closed db environment /var/lib/rpm
由相同的OBS实例构build和签名的同一个存储库中的其他包也会成功validation。
当然,SLE11.3已经过时了,但是我很好奇它是如何debugging和/或是find解释为什么会发生? 我怎么去研究这个? 你可能知道RPM有相关的问题吗?