v1.9.0
See also: https://ctron.github.io/rpm-builder
This is a maintenance release, fixing an issue with DNF verification.
Many thanks to @tobias1703 for reporting this!
Fixed issue
- #64 – Signed RPM failed to install using
dnfon RHEL8 and RHEL9
More details
RPM has two ways for sign: V3 and V4. V4 was supported by this plugin so far, and signs the header section only. This works, as the header section contains digests of the payload section too. And it is a bit faster. V3 signs the header plus payload section.
Having either of them should be enough. However, DNF failed to install RPMs on RHEL 8 and RHEL 9. Installing (with verification) an RPM file using rpm or even dnf install <local-rpm>.rpm worked fine.
The reason for this is, that dnf does some extra checks using rpmkeys. Which reports that V4 fine, but some information (around V3) missing. "missing" however is a trigger for function evaluating the output of rpmkeys to thing that a signature is missing, and so it thinks it can verify the RPM. Adding the V3 signature tag and more payload digest fields to the header remove the "missing" message and make the RPM install fine from a YUM repository using DNF.
This however, changes the RPM files generated, by adding extra fields in the metadata. Which isn't a problem, just that you know.
Maven coordinates
<dependency>
<groupId>de.dentrassi.maven</groupId>
<artifactId>rpm</artifactId>
<version>1.9.0</version>
</dependency>