Added by Richard Asplin over 7 years ago
Getting this message on the upgrade to 7.2.0:
Package openproject-7.2.0-1502277838.ef02b087.centos7.x86_64.rpm is not signed
Is this a fault with the packager, or is there something wrong with my install environment?
Replies (6)
Hello,
I couldn’t reproduce the issue. Packager.io was undergoing a 10 min maintenance window 40 minutes ago, so maybe you tried in the middle of it?
Is there any way for you to send more debug output if you retry and it fails again?
I deleted the package from the cache and tried again - same deal…
note the lack of ‘gpg’ in the message - this is what I get if it run rpm -K against an old 6.1.4 package which is in the cache:
Packages have never been signed. Only the repository metadata are signed, and contain shashum to verify the package integrity.
Can you tell what’s the output of running the install instructions at:
https://packager.io/gh/opf/openproject-ce/builds/442/install/centos-7
Also, your apt source file at
/etc/yum.repos.d/openproject-ce.reposhould have the following:Thank you :-) Amending the .repo to add the parameters in the latest version made this work. FYI, I haven’t changed the repo file since my first install (OpenProject 6.0, if not earlier), and the contents of the repo were a lot different than the new version, with me only tweaking ‘6’ to ‘7’:
Despite lacking the parameters in the latest download, I’ve been able to upgrade through and up to 7.1.0, so I suspect other users may come across this soon…
Richard Asplin wrote:
Indeed - anyone following the install instructions on your website will probably have the install fail as of 7.2.0: https://www.openproject.org/download-and-installation/
Best get it updated :-)
OK, I’ve sent a PR to update the install URLs to use the new repo file, which explicitly states that RPM files themselves are not signed.
https://github.com/opf/openproject/pull/5841
Thanks,
Cyril