Red Hat Bugzilla – Bug 135333
package *** does not have a valid GPG signature
Last modified: 2007-11-30 17:10:51 EST
Description of problem:
up2date hangs while downloading a package, and then gives an error
message claiming that the GPG signature is bad. The actual problem is
that the download ended prematurely and the file is merely truncated.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Try to download new packages using up2date.
Download hangs on one of the packages. After several minutes, an
error appears that the GPG signature is bad, even though the package
hasn't finished downloading.
up2date should either resume the download and wait to check the GPG
signature until it's finished, or if it can't resume the download, it
should say so and resume it the next time it is run. The GPG check
should never be done until the download is finished.
I ran it from the command line:
[root@localhost andre]# up2date
using mirror: http://mirrors.kernel.org/fedora/core/2/i386/os/
There is no error message either in stdout or in /var/log/up2date,
despite the error in the dialog box. I also know from previous
experience that a partially downloaded RPM (which is saved in
/var/spool/up2date) is not used to resume the download if up2date is
run again, although it should be. I copied the error message from an
earlier bug report since I neglected to write down the one from the
dialog box, but presumably it's the same. This is the same as bug
#86527, bug #85808 and bug #70112 which were closed prematurely, with
the exception that up2date no longer shows error messages on the
command line when the download fails.
Experienced the problem again. The dialog box message is
The package libtiff-3.5.7-20.2 does not have a valid GPG signature.
It has been tampered with or corrupted. Continue?
As stated above, truncation is NOT corruption.
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
sounds really familiar. Adrian?
NEEDINFO_ENG has been deprecated in favor of NEEDINFO or ASSIGNED. Changing
status to ASSIGNED for ENG review.
This is basically one of the several "up2date does not handle failures
gracefully" bugs, whether downloading, bad packages, or interruptions.
*** This bug has been marked as a duplicate of 108652 ***