From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040626 Firefox/0.9.1 Description of problem: # rpm -Kv krb5-libs-1.2.7-28.i386.rpm krb5-libs-1.2.7-28.i386.rpm: Header V3 DSA signature: NOKEY, key ID fb01147f Header SHA1 digest: OK (ebf673a20f533caf0c559ed0ca3b353b8d7098ed) MD5 digest: OK (4d44ef774ee51de3aad9a90ef2cd9b83) V3 DSA signature: NOKEY, key ID fb01147f Note, this is on an x86_64 platform but up2date apparently wishes to install a set of i386 libraries. Interestingly, this package does not show up on the system's RHN page (actually both my x86_64 systems behave identically). Almost certainly unrelated, but maybe not - crash-3.8-3 does show up as being outdated on RHN (the systems have crash-3.7-5) but it doesn't come over when I run up2date. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Install RHEL WS 3.0 X86_64 2. Run up2date to get all updates 3. krb5-libs*.i386 has an invalid GPG sig Additional info:
Checking the krb5-libs-1.2.7-28.i386.rpm from the x86_64 rhel3 channel and it looks to be okay. Are you behind a proxy that might be caching a corrupt package?
Yes, we are behind a proxy. So, the admin here cleared our proxy and I deleted the contents of /var/spool/up2date on one of the affected machines. Then I reran up2date and got the same error about an invalid GPG sig. Next I went to the channels page and manually downloaded the krb5-libs-1.2.7-28.i386.rpm for x86_64 and moved it into /var/spool/up2date. Ran up2date and it worked fine. The "new" rpm's key looks like this which you can see is different than what I had before. # rpm -Kv krb5-libs-1.2.7-28.i386.rpm krb5-libs-1.2.7-28.i386.rpm: Header V3 DSA signature: OK, key ID db42a60e Header SHA1 digest: OK (543c1ebde3e8e0a806b4dfeb4d140f94e1799206) MD5 digest: OK (fc2b636ee9a926547fd3e5d2227cfcf3) V3 DSA signature: OK, key ID db42a60e Is it possible that there is a bad version of the krb5 stuff floating around on one of the servers there? I've heard secondhand that someone else had an invalid sig problem with krb5-devel (also from our proxy). I still have one machine that is unpatched if there is something you want me to try.
This bug is filed against RHEL 3, which is in maintenance phase. During the maintenance phase, only security errata and select mission critical bug fixes will be released for enterprise products. Since this bug does not meet that criteria, it is now being closed. For more information of the RHEL errata support policy, please visit: http://www.redhat.com/security/updates/errata/ If you feel this bug is indeed mission critical, please contact your support representative. You may be asked to provide detailed information on how this bug is affecting you.