112978 – up2date tells that package is tampered or corrupted

Bug 112978 - up2date tells that package is tampered or corrupted

Summary: up2date tells that package is tampered or corrupted

Keywords:
Status:	CLOSED DUPLICATE of bug 111601
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	up2date
Sub Component:
Version:	1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Adrian Likins
QA Contact:	Fanny Augustin
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-01-06 22:10 UTC by Sergey
Modified:	2007-11-30 22:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-02-21 19:00:34 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Sergey 2004-01-06 22:10:01 UTC

Description of problem:

up2date tells that package is tampered or corrupted

Version-Release number of selected component (if applicable):
  up2date Version     : 4.1.16 Release     : 1 

How reproducible:
sudo up2date -u

Additional info:
i've tried 6-7 times and always get this error# up2date -u -d --force
Fetching package list for channel: fedora-core-1... Fetching
http://fedora.redhat.com/releases/fedora-core-1/headers/header.info...########################################
Fetching package list for channel: updates-released...
Fetchinghttp://fedora.redhat.com/updates/released/fedora-core-1/headers/header.info...########################################
Fetching Obsoletes list for channel: fedora-core-1... Fetching
Obsoletes list for channel: updates-released... Name                 
                  Version       
Rel----------------------------------------------------------kernel  
                               2.4.22         1.2138.nptl         i686
 Testing package set / solving RPM
inter-dependencies...########################################kernel-2.4.22-1.2138.nptl.i
The package kernel-2.4.22-1.2138.nptl does not havea valid GPG
signature.It has been tampered with or corrupted.  Aborting...
************ GPG VERIFICATION ERROR ****************The package
kernel-2.4.22-1.2138.nptl failed its gpg signature verification.This
means the package is
corrupt.****************************************************

Comment 1 Gary Algier 2004-01-22 16:01:55 UTC

Additional issues/problems with this:
1) If one is using up2date to download multiple packages, it exits
   on the first error.  It should skip over the problem and
   keep trying the others.
2) It exits with a zero exit status.  This makes it impossible
   to do something like:
       % until up2date -u --nox -d -f ; sleep 60; done
   that I could otherwise use to keep trying until I get
   all the downloads.

Comment 2 P Fudd 2004-02-06 09:16:17 UTC

The file isn't corrupted so much as it's not all downloaded yet.

rpm -Kv kernel-2.4.22-1.2138.nptl.i686.rpm
If it says SHA1 is fine, but MD5 and GPG are bad, the file is too short.

ls -l kernel-2.4.22-1.2138.nptl.i686.rpm
If the size isn't the same as what's on the ftp site, same thing.

I've found 'wget -c ....' will resume the download and the resulting
file is no longer 'corrupt'.

A fix would be for rpm to check the size first, and for up2date to do
likewise, I guess.

Comment 3 Jef Spaleta 2004-02-06 15:52:25 UTC


*** This bug has been marked as a duplicate of 111601 ***

Comment 4 Red Hat Bugzilla 2006-02-21 19:00:34 UTC

Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.