Bug 111601 - kernel source has corrupt GPG signature
Summary: kernel source has corrupt GPG signature
Alias: None
Product: Fedora
Classification: Fedora
Component: up2date (Show other bugs)
(Show other bugs)
Version: 1
Hardware: athlon Linux
Target Milestone: ---
Assignee: Bret McMillan
QA Contact:
: 110607 112978 113021 113249 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2003-12-05 22:39 UTC by Curt Lundgren
Modified: 2007-11-30 22:10 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-10-28 19:23:09 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Curt Lundgren 2003-12-05 22:39:36 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.6

Description of problem:
I'm unable to update the kernel to 2.4.22 - the file kernel-source-2.4.22-1.2129.nptl has a corrupt GPG signature

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Run up2date, select kernel (and other needed updates)
2.Download starts, then error message pops up

Actual Results:  I exit the program - not going to try w/corrupt signature

Additional info:

Comment 1 Dave Jones 2003-12-09 01:52:00 UTC
Most likely, something went wrong with your download.
I've done several updates myself without seeing this, and judging from
feedback I've had on this kernel, many others have also not seen this.

Sounds likea an up2date problem to me.

Comment 2 Matthew Saltzman 2003-12-13 20:57:32 UTC
Or out of space?  That's what caused this symptom for me.

It's not the user-friendliest way to be told you are out of space,
though.  Took me a while to figure out.

Comment 3 Curt Lundgren 2004-01-07 19:04:22 UTC
It's affecting two systems I am using - one an Athlon and the other a Duron.  The CDs 
were verified, so I don't suspect corrupt install data.  I'm having corrupt signatures on 
Mozilla, the newest kernel, and a few other packages.  The symptoms are identical 
between the two systems.

What I can offer for anyone wanting to work on the issue is root access to the Duron 
system.  There's nothing of value on it at this time and I can set up SSH access to the 
system.  I think this will be helpful in getting to the bottom of the issue.

Comment 4 Charles Gillet 2004-01-08 23:59:34 UTC
The problem went away for me by using an alternate mirror for fedora
updates.  The main fedora update server was whacking my http downloads
of larger rpms, like kernel-source, midway through.  Something is up
with that server, at least WRT my locale on the West Coast.

I complained about this in bug 102272 .

Comment 5 Nodrahc Technologies Inc. 2004-02-01 13:24:46 UTC
I have experienced the same problem with the kernel source package. I
have had the same problem also with several other packages, including
rdesktop-1.3.0-2 that I am trying to update right now. All in all I
have experienced this problem more than half a dozen times, in two
different installs. This problem is new to fedora core 1, as I never
experienced it with red hat. Downloading the files from ftp and
manually upgrading with rpm works for those stubborn packages...

Comment 6 P Fudd 2004-02-06 08:48:07 UTC
I've seen this problem too; the cause is truncated rpm files, the cure
is downloading the rpm files again with something other than up2date.

rpm -Kv thefile.rpm
will show md5 and gpg signature problems, when it really should show a
size problem.

Workaround: download again with some other program.

Fix: up2date needs to download reliably, rpm needs to check the size
before the md5 and gpg signatures.

Comment 7 Jef Spaleta 2004-02-06 15:40:39 UTC
*** Bug 110607 has been marked as a duplicate of this bug. ***

Comment 8 Jef Spaleta 2004-02-06 15:41:19 UTC
*** Bug 113021 has been marked as a duplicate of this bug. ***

Comment 9 Jef Spaleta 2004-02-06 15:52:28 UTC
*** Bug 112978 has been marked as a duplicate of this bug. ***

Comment 10 Andre Robatino 2004-02-18 21:21:03 UTC
  This bug has been around forever.  I complained about it last summer
during the testing for Fedora 1 and was told that not being able to
resume downloads was a well-known limitation, and that there was a fix
in the works but it wasn't stable yet.  Being able to use a mirror is
_not_ a fix, it only makes the bug less likely to manifest.  A look at
bugzilla, fedora-list or fedoraforum will show countless duplicate
reports of this bug by people who don't know what's going on due to
the misleading error message.  Short of an actual fix, it would help
greatly if the error message was supplemented by something like "This
error is probably caused by a server disconnect and up2date's present
inability to resume downloads.  This bug is much less likely to
manifest if up2date is directed to a mirror instead of the main
server."  This can be added trivially, and would eliminate the
countless duplicate bug reports, which are typically ignored.
  On the other hand, this should be easy to fix.  I know that up2date
saves partial downloads in its download directory, and that if a
complete download is in this directory, up2date will verify the GPG
signature and not download it again.  All it has to do is instead of
first checking the GPG, it should check the file size, and if it's too
small, assume it's a partial download and resume.  The signature
should _never_ be checked until the file size is correct.  I can't
imagine this would take more than a dozen or so lines of code to fix.

Comment 11 Joanne Deverson 2004-03-16 21:38:22 UTC
How do I fix my up2date from getting these WARNINGS.. and actually 

gpg: WARNING: --honor-http-proxy is a deprecated option.
gpg: please use "--keyserver-options honor-http-proxy" instead
gpg: WARNING: --honor-http-proxy is a deprecated option.
gpg: please use "--keyserver-options honor-http-proxy" instead
Error Message:
    Please run rhn_register (or up2date --register on Red Hat Linux 
as root on this client
Error Class Code: 9
Error Class Info: Invalid System Credentials.
     An error has occurred while processing your request. If this 
problem persists please enter a bug report at bugzilla.redhat.com.
     If you choose to submit the bug report, please be sure to include
     details of what you were trying to do when this error occurred 
details on how to reproduce this problem.

Comment 12 William M. Quarles 2004-06-29 20:49:29 UTC
Every time that I run up2date, I get some packages as being corrupted.
 I've tried it on two different computers in two different states of
the U.S.,  and I still have the same problem.  And I have plenty of
disk space.  I think that it is a server-side issue.

Comment 13 William M. Quarles 2004-06-29 21:14:10 UTC
Here's a workaround I just tried and it works: edit
/etc/sysconfig/rhn/sources, and put entries in for a full-fledged
mirror above those for the fedora downloads site.  It works perfectly
well, and it will take the load off of the main server.

Comment 14 William M. Quarles 2004-06-29 21:21:15 UTC
Oh yeah, and you can decide which repositories get checked by using
the check boxes in the gnome-up2date window when it asks you such.

Comment 15 Adrian Likins 2004-08-24 22:19:08 UTC
*** Bug 113249 has been marked as a duplicate of this bug. ***

Comment 16 Matthew Miller 2006-07-11 17:26:29 UTC
Fedora Core 1 is maintained by the Fedora Legacy project for security updates
only. If this problem is a security issue, please reopen and reassign to the
Fedora Legacy product. If it is not a security issue and hasn't been resolved in
the current FC5 updates or in the FC6 test release, reopen and change the
version to match.


NOTE: Fedora Core 1 is reaching the final end of support even by the Legacy
project. After Fedora Core 6 Test 2 is released (currently scheduled for July
26th), there will be no more security updates for FC1. Please use these next two
weeks to upgrade any remaining FC1 systems to a current release.

Comment 17 John Thacker 2006-10-28 19:23:09 UTC
Closing per lack of response.  Note that FC1 and FC2 are no longer
supported even by Fedora Legacy.  Please install a still supported
version and retest.  If this still occurs on FC3 or FC4 and is a
security issue, please assign to that version and Fedora Legacy.

Note that up2date is not present in FC5 or FC6, the only current non-Legacy
Fedora Core releases.  However, related bugs may occur in yum, pirut, or other
updating mechanisms.

Note You need to log in before you can comment on or make changes to this bug.