[SOLVED] Slackpkg+ fatal errors with Ponce and SlackOnly repos
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Slackpkg+ fatal errors with Ponce and SlackOnly repos
In the last weeks I'm experiencing some fatal errors when running slackpkg update. Of course, this happens only with slackpkg+ plugin for third party repositories.
The errors are:
Code:
failed: Connection refused.
failed: Network is unreachable.
!!! F A T A L !!!
Repository 'slackonly' FAILS the CHECKSUMS.md5 download
The repository may be invalid and will be SKIPPED.
The one above is for SlackOnly. This repository seems to be down as the whole slackonly.com domain fails to reply.
Code:
2017-02-28 13:21:15 URL:http://ponce.cc/slackware/slackware-current/packages/CHECKSUMS.md5.asc [801/801] -> "/dev/shm/slackpkg.7WPTJN/CHECKSUMS.md5-ponce.asc" [1]
!!! F A T A L !!!
Repository 'ponce' FAILS the CHECKSUMS.md5 signature check
The file may be corrupted or the gpg key may be not valid.
Remember to import keys by launching 'slackpkg update gpg'.
This one looks like someone have forgotten to update GPG-KEY or signatures file. When I try to update key #36287643 (Matteo Bernardini, aka Ponce) with slackpkg update gpg, it says the key is unchanged. So I suspect it is the second case.
Is anybody out there experiencing the same with those repositories? Does anyone know what happened to these repos?
It has been almost two months past from the OP and Ponce repo update still fails with:
Code:
!!! F A T A L !!!
Repository 'ponce' FAILS the CHECKSUMS.md5 signature check
The file may be corrupted or the gpg key may be not valid.
Remember to import keys by launching 'slackpkg update gpg'.
Is this just me? Is no one out there facing this apparently outdated GPG keys from Ponce repo? The current GPG key is:
Ponce's binary repository is not intended to be used with slackpkg+
it's just a collection of binary packages he provided without any metadata used by slackpkg+
Ponce's binary repository is not intended to be used with slackpkg+
Yup! I'm aware of that. Thank you anyway for the reminder.
Now I realize my OP wasn't clear enough. Ponce's repo once worked fine with Slackpkg+, with no GPG key error of any sort. Since the OP it's not working that way anymore, as it looks that Ponce is not updating the signatures file anymore as he used to.
I posted this here in the hope that 1) Ponce himself could see that or 2) if anyone reading this could warn him of this minor issue.
I do not expect Slacpkg+ to support Ponce's repo. What I do expect is that Ponce could make it possible to me/us (the user/users) a package file integrity verification before install it.
Last edited by denydias; 04-16-2017 at 09:00 PM.
Reason: Typo.
bash $ wget -q "http://ponce.cc/slackware/slackware-current/packages/CHECKSUMS.md5" "http://ponce.cc/slackware/slackware-current/packages/CHECKSUMS.md5.asc"
bash $ gpg --verify CHECKSUMS.md5.asc
gpg: assuming signed data in `CHECKSUMS.md5'
gpg: Signature made 2017-04-11T13:59:34 ICT using RSA key ID 02BEF947
gpg: Can't check signature: public key not found
bash $
the last key you show it's not mine: the GPG-KEY present in the 32bit repo (the 64bit is ok) is actually an old one that got there when I reinstalled the vm where I build packages, it will be fixed soon, thanks.
sorry if I hadn't answered this before but when I read the title I ignored the topic on purpose: like Willy told you, I don't support using the repository with slackpkg+ (especially if mixed with other repositories), not because it lacks metadatas (actually they're there, generated with Alien Bob's gen_repos_files.sh), but because I don't want anybody bothering me with mini-installs and such complaining that they lack dependencies (I understand now this is not the case).
I don't have time to support the repositories, those are just the packages I use on my installations and they're given away with no warranties.
the GPG-KEY present in the 32bit repo (the 64bit is ok) is actually an old one
Aha! That was it! Thank you very much, @ponce!
I apologize on confusing you with another one, but you were wight right as I had your old key in place (2048R/36287643). Now that I updated it properly (4096R/02BEF947), all runs fine again.
Just so you know, your old key is still listed at hkps.pool.sks-keyservers.net, but the new one is not.
Last edited by denydias; 04-17-2017 at 02:27 AM.
Reason: Add new key info.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.