Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 02-29-2004, 05:48 PM   #1
Registered: Feb 2004
Location: Athens, Greece
Distribution: Gentoo,FreeBSD, Debian
Posts: 705

Rep: Reputation: 30
"Bad signatures"- unsuccessful rpm installation

Together with my download Mandrake 9.2 Linux edition came a CD full of updates. But when i try to install them a message informs me they have "bad signatures" . I proceed with the installation. After that I type in the console: "rpm -V rpmname.rpm" and i find out it has not really been installed. I then try "rpm -U rpmname.rpm" or i double-click on the rpm file and a message appears, that the rpm has already been installed. I searched Internet, but i found nothing specific; i only read something about "public keys". Mandrake site has nothing interesting.
What does "bad signature" mean?
Have my rpms really been installed?
Where can I find these "keys", if i really need them?
Old 03-01-2004, 10:15 AM   #2
Senior Member
Registered: Sep 2003
Location: The Netherlands
Distribution: Gentoo (main); SuSE 9.3 (fallback)
Posts: 1,607

Rep: Reputation: 46
Have my rpms really been installed?
That depends. When the error message came up asking if you wanted to install anyway, despite the "bad signatures", did you choose "yes" or "no"? If "yes", then the rpms installed anyway. If "no", they did not. Easiest way to be certain is to open up RPMDrake (Remove Programs) and look to see if the program in question is in the list. If it is, then it is installed (since RPMDrake couldn't offer to remove it if it wasn't).

GPG keys are a security measure to authenticate rpms, so that you can be certain that the server was not hacked and all the rpms replaced by other files bearing the same name but performing evil function. The rpm builder "signs" the rpm with a key, half of which is public and half of which is private. You (the public) get the public key, which enables Mandrake to read the private key and authenticate the RPM, proving that it hasn't been tampered with. This is why when you perform operations as root via the Mandrake Control Center, a little keyring appears in your panel. It actually is a keyring, with the authentication keys loaded and running.

However, it's not overwhelmingly likely that an official CD or an official Mandrake mirror has been so severely tampered with -- and further, without anyone knowing about it and shutting the repository down or issuing a warning about the CD or whatever-- that the keys are anything more than a formality.

Unfortunately, atm, even the formality isn't working right. Unlike previous versions of Mandrake, you (supposedly) no longer have to find the keys for each unofficial repositiory (the official Mandrake key is supposed to be installed with the distribution). The keys are added automatically when you add a repository to the Software Media Manager. Except that at least one of them (in my experience, the one named something like "bad SHA1 md5 OK") is not installed, and I have not seen where to get it. The key may be old or changed, and the entire issue may be related to the "contrib repository issue", which reports that (every single) contrib repository is using an old or invalid list file, which would explain why the key (either old or updated) isn't installed. I have also heard reports of certain keys not being installed from officially sponsored CDs bundled with magazines.

If you got an official Mandrake Update CD, it's really unlikely that the packages on it are bad, so go ahead and install them. The whole thing is pretty annoying (because it's such an alarming message), but not worth losing sleep over.

Hope this helps.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
"Bad signature" in many rpm packages cpbl Mandriva 5 10-23-2006 06:50 PM
hwo to clean up files after unsuccessful "./configure" b0nd Linux - Newbie 4 08-09-2005 01:03 PM
"the Following Packages Have Bad Signatures" sramelyk Linux - Newbie 1 08-21-2004 05:52 PM
problem with "rpm -bb" , 1 out of 1 hunk ignored ...error: Bad exit status from /v wohaolouis Linux - Software 0 03-07-2004 07:12 AM
Installation problem "Bad Interpreter" SherylGlas Linux - Newbie 1 03-21-2003 02:06 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:43 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration