[Swan] CentOS 5 Migrate to Libreswan 3.0-1 from Openswan - include statement not working

Paul Wouters paul at nohats.ca
Wed Oct 28 23:37:51 UTC 2015


You can change the spec and disable DNSSEC so you don't need unbound,
but you might still need a newer NSS version. The one from rhel6 is good enough and should be a drop in upgrade (when rebuilding on rhel5)

The bogus signature is probably my personal signature instead of the libreswan signature.

I'll try and put up a new version for rhel5 with all related packages 

Sent from my iPhone

> On Oct 29, 2015, at 00:27, Tom Robinson <tom.robinson at motec.com.au> wrote:
> 
> Hi Nels,
> 
> On 29/10/15 01:33, Nels Lindquist wrote:
>>> 1) I downloaded the libreswan rpm 
>>> fromhttps://download.libreswan.org/binaries/rhel/5/i386/ but it 
>>> appears to have a bad signature: # rpm -qp libreswan-3.0-1.i386.rpm
>>> error: libreswan-3.0-1.i386.rpm: Header V4 RSA/SHA256 signature:
>>> BAD, key ID b30fc6f9
>> 
>>> I've installed the 
>>> https://download.libreswan.org/binaries/RPM-GPG-KEY-libreswan but 
>>> it still reports a bad key. Now I've installed it with the 
>>> --nosignature option.
>> 
>> I've also had issues with signatures in the LibreSWAN repository; not
>> quite sure what's going on there.
> 
> It would be good to know more about this if anyone else can contribute. Installing packages with
> broken signatures goes against the grain of good security.
> 
>> 
>> Is there a particular reason you installed 3.0 rather than the 3.9
>> package which is available from the same location?  I'd try a later
>> version, personally.
> 
> I need to get something working quickly and the 3.9 is only source. 3.3 is there as binary but needs
> libunbound which I also couldn't easily locate. 3.0 installed with the only hitch being the broken
> rpm signature.
> 
> I've tried to build 3.9 today but it also requires libunbound:
> 
> # rpmbuild -ba libreswan.spec
> error: Failed build dependencies:
>        unbound-devel is needed by libreswan-3.9-1.i386
> # yum install unbound-devel
> Loaded plugins: fastestmirror
> Loading mirror speeds from cached hostfile
> Setting up Install Process
> No package unbound-devel available.
> Nothing to do
> # yum search unbound
> Loaded plugins: fastestmirror
> Loading mirror speeds from cached hostfile
> Warning: No matches found for: unbound
> No Matches found
> 
> From where do I get this library?
> 
> Kind regards,
> Tom
> 
> -- 
> 
> Tom Robinson
> IT Manager/System Administrator
> 
> MoTeC Pty Ltd
> 
> 121 Merrindale Drive
> Croydon South
> 3136 Victoria
> Australia
> 
> T: +61 3 9761 5050
> F: +61 3 9761 5051
> E: tom.robinson at motec.com.au
> 
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan


More information about the Swan mailing list