LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-15-2004, 04:20 PM   #1
webazoid
Member
 
Registered: Jun 2004
Posts: 224

Rep: Reputation: 30
why do i keep getting bad signatures on rpm installs?


Why do i always get bad signatures on like 70% of all the rpm's i install? i usually just click 'yes' and install. i.e. gaim .79 from sourceforge, the powermanagement tools on the mandrake 10 cd, etc. are programs on rpmfind.net safe?

and waht's the difference between mandrake and mandrake cooker?

Last edited by webazoid; 07-15-2004 at 04:22 PM.
 
Old 07-15-2004, 04:30 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
about the signatures: you probably don't have the right public key installed for veryfing the package's signature or something...

about mandrake cooker: it's an experimental distro aimed at developers... but it's not unusual for the average joe to use a few packages from cooker once in a while...


Last edited by win32sux; 07-15-2004 at 07:13 PM.
 
Old 07-15-2004, 04:33 PM   #3
webazoid
Member
 
Registered: Jun 2004
Posts: 224

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by win32sux
about the signatures: you probably don't have the right public key installed for veryfing the package's signature or something...

about mandrake cooker: it's an experimental distro aimed at developers... but it's not unusual for "regular joe" to use a few packages from cooker once in a while...
so how do i go about installing the right public keys? it's happened each of the two times i've cleaned install mdk10. so rpmfind.net is a totally legit place for the average joe to download rpm's (i.e. for glib, gtk, etc)?

Last edited by webazoid; 07-15-2004 at 04:55 PM.
 
Old 07-15-2004, 05:02 PM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
i don't use rpm so i'm not exactly sure... but i hope these links help you add the right keys to your keyring:

http://archives.mandrakelinux.com/di...4/msg00042.php

http://linux902.tripod.com/gnupg.html


yeah, rpmfind.net is fine for the average joe...



Last edited by win32sux; 07-15-2004 at 07:13 PM.
 
Old 07-15-2004, 05:32 PM   #5
webazoid
Member
 
Registered: Jun 2004
Posts: 224

Original Poster
Rep: Reputation: 30
that didn't seem to do it:

rpm --import /mnt/cd1/RPM-GPG-KEYS
error: /mnt/cd1/RPM-GPG-KEYS: import read failed.

i do see the key in the software media manager of mandrake control center. is this key specifc for the 3 cd's only? what about other apps like gaim? where do i get keys for that? thanks.
 
Old 07-15-2004, 07:12 PM   #6
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
does that key match this one???

http://public.planetmirror.com/pub/l...0/RPM-GPG-KEYS



Quote:
Fixing the "Bad Signature" RPM error in Mandrake

I installed my newly downloaded and burned Mandrake 10.0 CDs at work today, and I wanted to update my software to get all the security updates and bug fixes. However when I tried to install the updated software I received the error that the packages I was trying to install had bad signatures.

Package signatures are a way for the users to verify that the software they are about to install has not been changed since the original developers released it. A bad signature on a package can be caused by the package being corrupted, the package being compromised by some evil doer, but the most common reason is that you don't have the public key required to verify the package signature. In my case I had the wrong keys.

You can see what keys you have available via the command line with:

rpm -qa gpg-pubkey .

The key can be displayed on the command line with:

rpm -qi gpg-pubkey-XXXXXXXX .

Where XXXXXXXX is the key-id.

I found that these keys differed from the ones in /etc/RPM-GPG-KEYS/

After removing the old keys:

rpm -e rpm -e gpg-pubkey-22458a98-3969e7de ... .

I imported the new keys:

rpm --import /etc/RPM-GPG-KEYS/*.asc .

And all was well. Now I can install packages from Mandrake and not have to worry about the dreaded bad signatures error.
quote above obtained from here...
 
Old 07-15-2004, 10:02 PM   #7
webazoid
Member
 
Registered: Jun 2004
Posts: 224

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by win32sux
does that key match this one???

http://public.planetmirror.com/pub/l...0/RPM-GPG-KEYS





quote above obtained from here...
so here's the deal: in

when i enter: rpm -qa gpg-pubkey , i get two sets of public keys, starting w/ 224, and 707.

In the file:/etc/RPM-GPG-KEYS/ folder, there are three keys: starting w/ 224xxxxx (7.9kb), 707xxxxx (1.4kb) and 9b4xxxxx (1.4kb). Files are dated 08/23/03.

entering: rpm -qi gpg-pubkey-707xxxxx gives me a key that's different from that website that you gave. However, the /etc/RPM-GPG-KEYS/ file beginning w/ 707xxxxx has the same values as the one on the website.

Entering rpm -qi gpg-pubkey-224xxxxx or rpm -qi gpg-pubkey-9b4xxxxx also returns a value different from the website. please let me know what i should do next, as i don't want to be deleting random stuff. thanks.

btw, i wonder why i'm the only one w/ the problem. seems uncommon on this board.

here's a typical message: "Invalid signature ((SHA1) DSA sha1 md5 (GPG) (MISSING KEY)", which is similar to this post: http://www.linuxquestions.org/questi...ake+public+key




Last edited by webazoid; 07-15-2004 at 10:17 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
bad signatures dolphans1 Mandriva 8 11-25-2005 12:38 PM
bad signatures OrganicOrange84 Linux - Newbie 1 09-04-2004 12:14 AM
bad signatures ed_norton Linux - Newbie 5 04-14-2004 03:06 AM
"Bad signatures"- unsuccessful rpm installation kpachopoulos Linux - Software 1 03-01-2004 10:15 AM
Bad Signatures basttrax Linux - Newbie 9 02-12-2004 06:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration