You can change the spec and disable DNSSEC so you don't need unbound, but you might still need a newer NSS version. The one from rhel6 is good enough and should be a drop in upgrade (when rebuilding on rhel5)
The bogus signature is probably my personal signature instead of the libreswan signature. I'll try and put up a new version for rhel5 with all related packages Sent from my iPhone > On Oct 29, 2015, at 00:27, Tom Robinson <[email protected]> wrote: > > Hi Nels, > > On 29/10/15 01:33, Nels Lindquist wrote: >>> 1) I downloaded the libreswan rpm >>> fromhttps://download.libreswan.org/binaries/rhel/5/i386/ but it >>> appears to have a bad signature: # rpm -qp libreswan-3.0-1.i386.rpm >>> error: libreswan-3.0-1.i386.rpm: Header V4 RSA/SHA256 signature: >>> BAD, key ID b30fc6f9 >> >>> I've installed the >>> https://download.libreswan.org/binaries/RPM-GPG-KEY-libreswan but >>> it still reports a bad key. Now I've installed it with the >>> --nosignature option. >> >> I've also had issues with signatures in the LibreSWAN repository; not >> quite sure what's going on there. > > It would be good to know more about this if anyone else can contribute. > Installing packages with > broken signatures goes against the grain of good security. > >> >> Is there a particular reason you installed 3.0 rather than the 3.9 >> package which is available from the same location? I'd try a later >> version, personally. > > I need to get something working quickly and the 3.9 is only source. 3.3 is > there as binary but needs > libunbound which I also couldn't easily locate. 3.0 installed with the only > hitch being the broken > rpm signature. > > I've tried to build 3.9 today but it also requires libunbound: > > # rpmbuild -ba libreswan.spec > error: Failed build dependencies: > unbound-devel is needed by libreswan-3.9-1.i386 > # yum install unbound-devel > Loaded plugins: fastestmirror > Loading mirror speeds from cached hostfile > Setting up Install Process > No package unbound-devel available. > Nothing to do > # yum search unbound > Loaded plugins: fastestmirror > Loading mirror speeds from cached hostfile > Warning: No matches found for: unbound > No Matches found > > From where do I get this library? > > Kind regards, > Tom > > -- > > Tom Robinson > IT Manager/System Administrator > > MoTeC Pty Ltd > > 121 Merrindale Drive > Croydon South > 3136 Victoria > Australia > > T: +61 3 9761 5050 > F: +61 3 9761 5051 > E: [email protected] > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
