Red Hat Bugzilla – Bug 111601
kernel source has corrupt GPG signature
Last modified: 2007-11-30 17:10:34 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.6 Description of problem: I'm unable to update the kernel to 2.4.22 - the file kernel-source-2.4.22-1.2129.nptl has a corrupt GPG signature Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.Run up2date, select kernel (and other needed updates) 2.Download starts, then error message pops up 3. Actual Results: I exit the program - not going to try w/corrupt signature Additional info:
Most likely, something went wrong with your download. I've done several updates myself without seeing this, and judging from feedback I've had on this kernel, many others have also not seen this. Sounds likea an up2date problem to me.
Or out of space? That's what caused this symptom for me. It's not the user-friendliest way to be told you are out of space, though. Took me a while to figure out.
It's affecting two systems I am using - one an Athlon and the other a Duron. The CDs were verified, so I don't suspect corrupt install data. I'm having corrupt signatures on Mozilla, the newest kernel, and a few other packages. The symptoms are identical between the two systems. What I can offer for anyone wanting to work on the issue is root access to the Duron system. There's nothing of value on it at this time and I can set up SSH access to the system. I think this will be helpful in getting to the bottom of the issue.
The problem went away for me by using an alternate mirror for fedora updates. The main fedora update server was whacking my http downloads of larger rpms, like kernel-source, midway through. Something is up with that server, at least WRT my locale on the West Coast. I complained about this in bug 102272 .
I have experienced the same problem with the kernel source package. I have had the same problem also with several other packages, including rdesktop-1.3.0-2 that I am trying to update right now. All in all I have experienced this problem more than half a dozen times, in two different installs. This problem is new to fedora core 1, as I never experienced it with red hat. Downloading the files from ftp and manually upgrading with rpm works for those stubborn packages...
I've seen this problem too; the cause is truncated rpm files, the cure is downloading the rpm files again with something other than up2date. rpm -Kv thefile.rpm will show md5 and gpg signature problems, when it really should show a size problem. Workaround: download again with some other program. Fix: up2date needs to download reliably, rpm needs to check the size before the md5 and gpg signatures.
*** Bug 110607 has been marked as a duplicate of this bug. ***
*** Bug 113021 has been marked as a duplicate of this bug. ***
*** Bug 112978 has been marked as a duplicate of this bug. ***
This bug has been around forever. I complained about it last summer during the testing for Fedora 1 and was told that not being able to resume downloads was a well-known limitation, and that there was a fix in the works but it wasn't stable yet. Being able to use a mirror is _not_ a fix, it only makes the bug less likely to manifest. A look at bugzilla, fedora-list or fedoraforum will show countless duplicate reports of this bug by people who don't know what's going on due to the misleading error message. Short of an actual fix, it would help greatly if the error message was supplemented by something like "This error is probably caused by a server disconnect and up2date's present inability to resume downloads. This bug is much less likely to manifest if up2date is directed to a mirror instead of the main server." This can be added trivially, and would eliminate the countless duplicate bug reports, which are typically ignored. On the other hand, this should be easy to fix. I know that up2date saves partial downloads in its download directory, and that if a complete download is in this directory, up2date will verify the GPG signature and not download it again. All it has to do is instead of first checking the GPG, it should check the file size, and if it's too small, assume it's a partial download and resume. The signature should _never_ be checked until the file size is correct. I can't imagine this would take more than a dozen or so lines of code to fix.
How do I fix my up2date from getting these WARNINGS.. and actually updating.. gpg: WARNING: --honor-http-proxy is a deprecated option. gpg: please use "--keyserver-options honor-http-proxy" instead gpg: WARNING: --honor-http-proxy is a deprecated option. gpg: please use "--keyserver-options honor-http-proxy" instead Error Message: Please run rhn_register (or up2date --register on Red Hat Linux 8.0) as root on this client Error Class Code: 9 Error Class Info: Invalid System Credentials. Explanation: An error has occurred while processing your request. If this problem persists please enter a bug report at bugzilla.redhat.com. If you choose to submit the bug report, please be sure to include details of what you were trying to do when this error occurred details on how to reproduce this problem.
Every time that I run up2date, I get some packages as being corrupted. I've tried it on two different computers in two different states of the U.S., and I still have the same problem. And I have plenty of disk space. I think that it is a server-side issue.
Here's a workaround I just tried and it works: edit /etc/sysconfig/rhn/sources, and put entries in for a full-fledged mirror above those for the fedora downloads site. It works perfectly well, and it will take the load off of the main server.
Oh yeah, and you can decide which repositories get checked by using the check boxes in the gnome-up2date window when it asks you such.
*** Bug 113249 has been marked as a duplicate of this bug. ***
Fedora Core 1 is maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thanks! NOTE: Fedora Core 1 is reaching the final end of support even by the Legacy project. After Fedora Core 6 Test 2 is released (currently scheduled for July 26th), there will be no more security updates for FC1. Please use these next two weeks to upgrade any remaining FC1 systems to a current release.
Closing per lack of response. Note that FC1 and FC2 are no longer supported even by Fedora Legacy. Please install a still supported version and retest. If this still occurs on FC3 or FC4 and is a security issue, please assign to that version and Fedora Legacy. Note that up2date is not present in FC5 or FC6, the only current non-Legacy Fedora Core releases. However, related bugs may occur in yum, pirut, or other updating mechanisms.