Bug 112978

Summary: up2date tells that package is tampered or corrupted
Product: [Fedora] Fedora Reporter: Sergey <parf>
Component: up2dateAssignee: Adrian Likins <alikins>
Status: CLOSED DUPLICATE QA Contact: Fanny Augustin <fmoquete>
Severity: medium Docs Contact:
Priority: medium    
Version: 1CC: gaa+rhbugzilla
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:00:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sergey 2004-01-06 22:10:01 UTC 
Description of problem:

up2date tells that package is tampered or corrupted

Version-Release number of selected component (if applicable):
  up2date Version     : 4.1.16 Release     : 1 

How reproducible:
sudo up2date -u

Additional info:
i've tried 6-7 times and always get this error# up2date -u -d --force
Fetching package list for channel: fedora-core-1... Fetching
http://fedora.redhat.com/releases/fedora-core-1/headers/header.info...########################################
Fetching package list for channel: updates-released...
Fetchinghttp://fedora.redhat.com/updates/released/fedora-core-1/headers/header.info...########################################
Fetching Obsoletes list for channel: fedora-core-1... Fetching
Obsoletes list for channel: updates-released... Name                 
                  Version       
Rel----------------------------------------------------------kernel  
                               2.4.22         1.2138.nptl         i686
 Testing package set / solving RPM
inter-dependencies...########################################kernel-2.4.22-1.2138.nptl.i
The package kernel-2.4.22-1.2138.nptl does not havea valid GPG
signature.It has been tampered with or corrupted.  Aborting...
************ GPG VERIFICATION ERROR ****************The package
kernel-2.4.22-1.2138.nptl failed its gpg signature verification.This
means the package is
corrupt.****************************************************
Comment 1 Gary Algier 2004-01-22 16:01:55 UTC 
Additional issues/problems with this:
1) If one is using up2date to download multiple packages, it exits
   on the first error.  It should skip over the problem and
   keep trying the others.
2) It exits with a zero exit status.  This makes it impossible
   to do something like:
       % until up2date -u --nox -d -f ; sleep 60; done
   that I could otherwise use to keep trying until I get
   all the downloads.
Comment 2 P Fudd 2004-02-06 09:16:17 UTC 
The file isn't corrupted so much as it's not all downloaded yet.

rpm -Kv kernel-2.4.22-1.2138.nptl.i686.rpm
If it says SHA1 is fine, but MD5 and GPG are bad, the file is too short.

ls -l kernel-2.4.22-1.2138.nptl.i686.rpm
If the size isn't the same as what's on the ftp site, same thing.

I've found 'wget -c ....' will resume the download and the resulting
file is no longer 'corrupt'.

A fix would be for rpm to check the size first, and for up2date to do
likewise, I guess.
Comment 3 Jef Spaleta 2004-02-06 15:52:25 UTC 

*** This bug has been marked as a duplicate of 111601 ***
Comment 4 Red Hat Bugzilla 2006-02-21 19:00:34 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.