[Swan] CentOS 5 Migrate to Libreswan 3.0-1 from Openswan - include statement not working

Tom Robinson tom.robinson at motec.com.au
Wed Oct 28 23:27:44 UTC 2015


Hi Nels,

On 29/10/15 01:33, Nels Lindquist wrote:
>> 1) I downloaded the libreswan rpm 
>> fromhttps://download.libreswan.org/binaries/rhel/5/i386/ but it 
>> appears to have a bad signature: # rpm -qp libreswan-3.0-1.i386.rpm
>> error: libreswan-3.0-1.i386.rpm: Header V4 RSA/SHA256 signature:
>> BAD, key ID b30fc6f9
> 
>> I've installed the 
>> https://download.libreswan.org/binaries/RPM-GPG-KEY-libreswan but 
>> it still reports a bad key. Now I've installed it with the 
>> --nosignature option.
> 
> I've also had issues with signatures in the LibreSWAN repository; not
> quite sure what's going on there.

It would be good to know more about this if anyone else can contribute. Installing packages with
broken signatures goes against the grain of good security.

> 
> Is there a particular reason you installed 3.0 rather than the 3.9
> package which is available from the same location?  I'd try a later
> version, personally.

I need to get something working quickly and the 3.9 is only source. 3.3 is there as binary but needs
libunbound which I also couldn't easily locate. 3.0 installed with the only hitch being the broken
rpm signature.

I've tried to build 3.9 today but it also requires libunbound:

# rpmbuild -ba libreswan.spec
error: Failed build dependencies:
        unbound-devel is needed by libreswan-3.9-1.i386
# yum install unbound-devel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
No package unbound-devel available.
Nothing to do
# yum search unbound
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Warning: No matches found for: unbound
No Matches found

From where do I get this library?

Kind regards,
Tom

-- 

Tom Robinson
IT Manager/System Administrator

MoTeC Pty Ltd

121 Merrindale Drive
Croydon South
3136 Victoria
Australia

T: +61 3 9761 5050
F: +61 3 9761 5051
E: tom.robinson at motec.com.au

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20151029/6f3fffd9/attachment.sig>


More information about the Swan mailing list