[Swan] CentOS 5 Migrate to Libreswan 3.0-1 from Openswan - include statement not working
Paul Wouters
paul at nohats.ca
Wed Oct 28 23:37:51 UTC 2015
You can change the spec and disable DNSSEC so you don't need unbound,
but you might still need a newer NSS version. The one from rhel6 is good enough and should be a drop in upgrade (when rebuilding on rhel5)
The bogus signature is probably my personal signature instead of the libreswan signature.
I'll try and put up a new version for rhel5 with all related packages
Sent from my iPhone
> On Oct 29, 2015, at 00:27, Tom Robinson <tom.robinson at motec.com.au> wrote:
>
> Hi Nels,
>
> On 29/10/15 01:33, Nels Lindquist wrote:
>>> 1) I downloaded the libreswan rpm
>>> fromhttps://download.libreswan.org/binaries/rhel/5/i386/ but it
>>> appears to have a bad signature: # rpm -qp libreswan-3.0-1.i386.rpm
>>> error: libreswan-3.0-1.i386.rpm: Header V4 RSA/SHA256 signature:
>>> BAD, key ID b30fc6f9
>>
>>> I've installed the
>>> https://download.libreswan.org/binaries/RPM-GPG-KEY-libreswan but
>>> it still reports a bad key. Now I've installed it with the
>>> --nosignature option.
>>
>> I've also had issues with signatures in the LibreSWAN repository; not
>> quite sure what's going on there.
>
> It would be good to know more about this if anyone else can contribute. Installing packages with
> broken signatures goes against the grain of good security.
>
>>
>> Is there a particular reason you installed 3.0 rather than the 3.9
>> package which is available from the same location? I'd try a later
>> version, personally.
>
> I need to get something working quickly and the 3.9 is only source. 3.3 is there as binary but needs
> libunbound which I also couldn't easily locate. 3.0 installed with the only hitch being the broken
> rpm signature.
>
> I've tried to build 3.9 today but it also requires libunbound:
>
> # rpmbuild -ba libreswan.spec
> error: Failed build dependencies:
> unbound-devel is needed by libreswan-3.9-1.i386
> # yum install unbound-devel
> Loaded plugins: fastestmirror
> Loading mirror speeds from cached hostfile
> Setting up Install Process
> No package unbound-devel available.
> Nothing to do
> # yum search unbound
> Loaded plugins: fastestmirror
> Loading mirror speeds from cached hostfile
> Warning: No matches found for: unbound
> No Matches found
>
> From where do I get this library?
>
> Kind regards,
> Tom
>
> --
>
> Tom Robinson
> IT Manager/System Administrator
>
> MoTeC Pty Ltd
>
> 121 Merrindale Drive
> Croydon South
> 3136 Victoria
> Australia
>
> T: +61 3 9761 5050
> F: +61 3 9761 5051
> E: tom.robinson at motec.com.au
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list