Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-09-2004, 11:29 PM
|
#1
|
LQ Newbie
Registered: Nov 2004
Distribution: Mandrake 10.1 Community w/ WinXP dual boot
Posts: 14
Rep:
|
RPMDrake: Bad signatures
I am trying to use RPMDrake to update my system and so I set it up to download all the updates it could from various FTP servers that I found using EasyURPMI. It downloaded about a gig worth of data (alot I know but I just told it to update everything that go through and find what I wanted/needed) but when I got home from work today it had a message saying that everything it tried to update had a bad signature.
Quote:
The following packages have bad signatures:
a2ps-4.13b-5mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg GPG#26752624 OK)
amarok-1.1-1mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg GPG#26752624 OK)
arts-1.2.3-9mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg GPG#26752624 OK)
audacity-1.2.2-3mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg GPG#26752624 OK)
bind-utils-9.3.0-3mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg GPG#26752624 OK)
bootsplash-2.1.13-1mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg GPG#26752624 OK)
bzip2-1.0.2-19mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg GPG#2[6752624 OK)............xlockmore-5.11-2mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg GPG#26752624 OK)
xorg-x11-6.7.0-3mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg GPG#26752624 OK)
xorg-x11-75dpi-fonts-6.7.0-3mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg GPG#26752624 OK)
xorg-x11-server-6.7.0-3mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg GPG#26752624 OK)
xorg-x11-xfs-6.7.0-3mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg GPG#26752624 OK)
Do you want to continue installation?
|
There were more that it listed but I dont think I need to list the entire thing. Its quite long. Why did it do this and what can I do to fix it? should I just tell it to install everything anyway?
|
|
|
11-10-2004, 03:10 AM
|
#2
|
Senior Member
Registered: Sep 2004
Location: Outlying D.C.
Distribution: Mandriva
Posts: 2,090
Rep:
|
See: http://www.zebulon.org.uk/urpmi_en.html
for instructions on updating the keys.
This is not fatal anyway.
|
|
|
11-11-2004, 03:15 AM
|
#3
|
Member
Registered: Sep 2004
Distribution: Ubuntu
Posts: 157
Rep:
|
i got the same error, all i have to do was try two or three times and it worked....
|
|
|
11-11-2004, 03:28 AM
|
#4
|
Senior Member
Registered: Sep 2004
Location: Outlying D.C.
Distribution: Mandriva
Posts: 2,090
Rep:
|
That will go ahead and install the RPM's regardless of the sig keys... which is ok.
However the above posted link explains how to correct the error messages.
|
|
|
11-25-2004, 09:04 AM
|
#5
|
LQ Newbie
Registered: Nov 2004
Posts: 3
Rep:
|
I'm still having problems with bad signatures
I imported the latest keys, but still see bad signature, even after cleaning the urpmi cache. What else can I do? It's not just the package that's failing, but lots of them:
Code:
[root@chrislap tmp]# wget -o/dev/null -O- http://www.mandrakesoft.com/security/RPM-GPG-KEYS | gpg --import
gpg: key 70771FF3: public key "Mandrake Linux <mandrake@mandrakesoft.com>" imported
gpg: key 9B4A4024: public key "MandrakeSoft (MandrakeSoft official keys) <mandrake@mandrakesoft.com>" imported
gpg: key 22458A98: public key "Mandrake Linux Security Team <security@mandrakesoft.com>" imported
gpg: Total number processed: 3
gpg: imported: 3
[root@chrislap tmp]# wget -o/dev/null -O- http://www.mandrakesoft.com/security/RPM-GPG-KEYS | gpg --import
gpg: key 70771FF3: "Mandrake Linux <mandrake@mandrakesoft.com>" not changed
gpg: key 9B4A4024: "MandrakeSoft (MandrakeSoft official keys) <mandrake@mandrakesoft.com>" not changed
gpg: key 22458A98: "Mandrake Linux Security Team <security@mandrakesoft.com>" not changed
gpg: Total number processed: 3
gpg: unchanged: 3
[root@chrislap tmp]# urpmi samba-client
The following packages have bad signatures:
/var/cache/urpmi/rpms/samba-client-3.0.7-2.2.101mdk.i586.rpm: Invalid Key ID (sha1 md5 gpg GPG#22458a98 OK)
Do you want to continue installation ? (y/N) n
[root@chrislap tmp]# urpmi --clean
[root@chrislap tmp]# urpmi samba-client
ftp://ftp.heanet.ie/mirrors/ftp.mand...01mdk.i586.rpm
The following packages have bad signatures:
/var/cache/urpmi/rpms/samba-client-3.0.7-2.2.101mdk.i586.rpm: Invalid Key ID (sha1 md5 gpg GPG#22458a98 OK)
Do you want to continue installation ? (y/N) n
[root@chrislap tmp]#
|
|
|
11-25-2004, 09:43 AM
|
#6
|
Senior Member
Registered: Sep 2004
Location: Outlying D.C.
Distribution: Mandriva
Posts: 2,090
Rep:
|
Yeah, this is normal.
The uploaded packages don't always have the latest keys applied.
|
|
|
11-25-2004, 11:04 AM
|
#7
|
LQ Newbie
Registered: Nov 2004
Posts: 3
Rep:
|
Seems very strange to me.
Packages are signed to prevent malware being slipped into them.
If they aren't signed with the right key then any security we may have had goes straight out the window.
Surely some mistake? Or are people not bothered about security any more?
Chris.
|
|
|
11-25-2004, 12:36 PM
|
#8
|
Senior Member
Registered: Sep 2004
Location: Outlying D.C.
Distribution: Mandriva
Posts: 2,090
Rep:
|
The package updates occur so frequently that often things go unsigned.
|
|
|
11-26-2004, 09:15 PM
|
#9
|
LQ Newbie
Registered: Nov 2004
Posts: 3
Rep:
|
That's not helpful.
The packages ARE signed, and I have the key needed to verify that they are valid.
The problem, it turned out after lots of investigation, was that /etc/urpmi/urpmi.cfg had a couple of lines saying:
key-ids: 26752624
I edited the lines to say:
key-ids: 22458a98
and now it works just fine.
It may be that I'll eventually need to edit it to say:
key-ids: 22458a98,26752624
so that both keys will be accepted.
I'm told that the problem stems from the fact that in community edition the security key (gpg-pubkey 22458a98 gpg(Mandrake Linux Security Team <security@mandrakesoft.com>)) is used to sign stuff in the 'main' source, whereas in the official edition it isn't.
This maybe shows up a bug somewhere, but in the mean time, just edit the 'key-ids' lines and the problem stops.
See the man page for 'urpmi.cfg' for more details on 'key-ids'.
Hope that helps someone's understanding of what's going on a little.
|
|
|
11-27-2004, 05:38 AM
|
#10
|
Senior Member
Registered: Sep 2004
Location: Outlying D.C.
Distribution: Mandriva
Posts: 2,090
Rep:
|
Yeah your right.
The key problem I was referring to occurs with the Contrib and PLF sources and SHOULD NEVER (really) occur with Mandrake...
Except you isolated an oversight.
|
|
|
All times are GMT -5. The time now is 04:55 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|