Red Hat Bugzilla – Bug 52192
up2date fails because packages are not pgp signed
Last modified: 2015-01-07 18:50:54 EST
Description of Problem:
up2date failes to install any updates because packages on the beta rhn
server dont seem to be pgp signed.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. run up2date
2. choose update to install
updates are not installed
updates should be installed
Note that up2date actually lets you install packages without gpg signatures, but
this results in errors.
to not use GPG
up2date:useGPG[comment]=Use GPG to verify package integrity
This is not a bug. In the case that the user has the option set to check for
GPG signature, then up2date is not supposed to install packages which are not
GPG signed. If you want to get around this on the commandline, then add
"--nosig" In the GUI, the user is prompted that the package is not signed and
then given the opportunity to install the package anyway.
So, are the updates gpg signed?
I used up2date from the original roswell cds to update the up2date and
up2date-gnome packages. I installed them even though a gpg signature was not
found. The new up2date however was broken and refused to start.
For which values of 'broken'? :-)
Could you please provide us with more details?
To answer your question, the beta packages are not GPG signed, that's why you
have to either use --nosig on the command line, or to edit
I tried to recreate what happened by reverting to the old up2date and installing
the new one through it. This time it worked without the old "brokenness".
Later I realized that a new version of roswell had been released. I would
attribute the behaviour I saw to corrupted rpm packages caused by large numbers
of people hitting the up2date server simultaneously. (I verified this, many of
the packages downloaded by up2date dont seem pass the md5sum test with rpm -K.(
But, why would up2date install those packages?!)). The situation would probably
improve in a couple of days, again, this looks like a red-herring.
Closing this issue out again. Will reopen is we start to see issues again.
Hmm. The server delivering lots of corrupt rpms seems like a real problem
to me though.
However, the client is supposed to verirfying the package md5sums before
it ever attempts to install them, so if this isnt the case thats another
bug. But both of those should probable get a new bui id. If you've got
more details about these cases, mind opening bug reports for them?
bharath, do you still experience corrupted RPM packages? If so, please file a
different bugzilla cause this one is really about GPG sigs and not about md5sums.
Please see Bug 52329.