Description of problem: cron is sending these messages now since the beta install: error: GPG validation failed! The update downloaded successfully, but the GPG signature verification failed. channel: GPG validation failed, channel failed 19-Oct-2011 05:05:06: SpamAssassin: Update available, but download or extract failed Version-Release number of selected component (if applicable): spamassassin-3.3.2-7.fc16.x86_64 How reproducible: 100%
Also seeing this under Fedora 15. Running sa-update -D manually succeeds with the following transcript. So perhaps there's an environment variable that crond doesn't setup? sa-update -D Nov 5 06:13:51.606 [24543] dbg: logger: adding facilities: all Nov 5 06:13:51.606 [24543] dbg: logger: logging level is DBG Nov 5 06:13:51.606 [24543] dbg: generic: SpamAssassin version 3.3.2 Nov 5 06:13:51.607 [24543] dbg: generic: Perl 5.012004, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin Nov 5 06:13:51.607 [24543] dbg: config: timing enabled Nov 5 06:13:51.607 [24543] dbg: config: score set 0 chosen. Nov 5 06:13:51.623 [24543] dbg: dns: is Net::DNS::Resolver available? yes Nov 5 06:13:51.623 [24543] dbg: dns: Net::DNS version: 0.66 Nov 5 06:13:51.623 [24543] dbg: generic: sa-update version svn917659 Nov 5 06:13:51.623 [24543] dbg: generic: using update directory: /var/lib/spamassassin/3.003002 Nov 5 06:13:51.801 [24543] dbg: diag: perl platform: 5.012004 linux Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Digest::SHA1, version 2.13 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: HTML::Parser, version 3.68 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Net::DNS, version 0.66 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: NetAddr::IP, version 4.037 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Time::HiRes, version 1.9719 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Archive::Tar, version 1.76 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: IO::Zlib, version 1.10 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Digest::SHA1, version 2.13 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: MIME::Base64, version 3.08 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: DB_File, version 1.82 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Net::SMTP, version 2.31 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: Mail::SPF, version v2.007 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module installed: IP::Country::Fast, version 604.001 Nov 5 06:13:51.802 [24543] dbg: diag: [...] module not installed: Razor2::Client::Agent ('require' failed) Nov 5 06:13:51.803 [24543] dbg: diag: [...] module not installed: Net::Ident ('require' failed) Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: IO::Socket::INET6, version 2.66 Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: IO::Socket::SSL, version 1.40 Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: Compress::Zlib, version 2.033 Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: Mail::DKIM, version 0.39 Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: DBI, version 1.615 Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: Getopt::Long, version 2.38 Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: LWP::UserAgent, version 6.02 Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: HTTP::Date, version 6.00 Nov 5 06:13:51.803 [24543] dbg: diag: [...] module installed: Encode::Detect, version 1.01 Nov 5 06:13:51.804 [24543] dbg: gpg: Searching for 'gpg' Nov 5 06:13:51.804 [24543] dbg: util: current PATH is: /usr/lib64/qt-3.3/bin:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin Nov 5 06:13:51.804 [24543] dbg: util: executable for gpg was found at /usr/bin/gpg Nov 5 06:13:51.805 [24543] dbg: gpg: found /usr/bin/gpg Nov 5 06:13:51.805 [24543] dbg: gpg: release trusted key id list: 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 26C900A46DD40CD5AD24F6D7DEE01987265FA05B 0C2B1D7175B852C64B3CDC716C55397824F434CE Nov 5 06:13:51.812 [24543] dbg: channel: attempting channel updates.spamassassin.org Nov 5 06:13:51.812 [24543] dbg: channel: update directory /var/lib/spamassassin/3.003002/updates_spamassassin_org Nov 5 06:13:51.812 [24543] dbg: channel: channel cf file /var/lib/spamassassin/3.003002/updates_spamassassin_org.cf Nov 5 06:13:51.812 [24543] dbg: channel: channel pre file /var/lib/spamassassin/3.003002/updates_spamassassin_org.pre Nov 5 06:13:51.813 [24543] dbg: channel: metadata version = 1195874 Nov 5 06:13:52.170 [24543] dbg: dns: 2.3.3.updates.spamassassin.org => 1195874, parsed as 1195874 Nov 5 06:13:52.170 [24543] dbg: channel: current version is 1195874, new version is 1195874, skipping channel Nov 5 06:13:52.170 [24543] dbg: diag: updates complete, exiting with code 1 Installed Packages spamassassin.x86_64 3.3.2-7.fc15 @updates set BASH=/bin/bash BASHOPTS=checkwinsize:cmdhist:expand_aliases:extquote:force_fignore:hostcomplete:interactive_comments:login_shell:progcomp:promptvars:sourcepath BASH_ALIASES=() BASH_ARGC=() BASH_ARGV=() BASH_CMDS=() BASH_LINENO=() BASH_SOURCE=() BASH_VERSINFO=([0]="4" [1]="2" [2]="10" [3]="1" [4]="release" [5]="x86_64-redhat-linux-gnu") BASH_VERSION='4.2.10(1)-release' COLORS=/etc/DIR_COLORS COLUMNS=132 CVS_RSH=ssh DIRSTACK=() DISPLAY=localhost:10.0 EDITOR=emacs EUID=0 GROUPS=() G_BROKEN_FILENAMES=1 HISTCONTROL=ignoredups HISTFILE=/root/.bash_history HISTFILESIZE=1000 HISTSIZE=1000 HOME=/root HOSTNAME=hagrid.example.net HOSTTYPE=x86_64 IFS=$' \t\n' KDEDIRS=/usr KDE_IS_PRELINKED=1 LANG=en_US.UTF-8 LESSOPEN='||/usr/bin/lesspipe.sh %s' LINES=48 LOGNAME=root LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:' MACHTYPE=x86_64-redhat-linux-gnu MAIL=/var/spool/mail/root MAILCHECK=60 OLDPWD=/var/log OPTERR=1 OPTIND=1 OSTYPE=linux-gnu PATH=/usr/lib64/qt-3.3/bin:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin PIPESTATUS=([0]="0") PPID=3513 PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"' PS1='[\u@\h \W]\$ ' PS2='> ' PS4='+ ' PWD=/root QTDIR=/usr/lib64/qt-3.3 QTINC=/usr/lib64/qt-3.3/include QTLIB=/usr/lib64/qt-3.3/lib SELINUX_LEVEL_REQUESTED= SELINUX_ROLE_REQUESTED= SELINUX_USE_CURRENT_RANGE= SHELL=/bin/bash SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor SHLVL=1 SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass SSH_CLIENT='192.168.148.110 49610 22' SSH_CONNECTION='192.168.148.110 49610 192.168.148.136 22' SSH_TTY=/dev/pts/0 TERM=xterm UID=0 USER=root XDG_RUNTIME_DIR=/run/user/root XDG_SESSION_ID=1 _='*spamassassin*' colors=/etc/DIR_COLORS __udisks () { local IFS=' '; local cur="${COMP_WORDS[COMP_CWORD]}"; if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--show-info" ]; then COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur)); else if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--inhibit-polling" ]; then COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur)); else if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--mount" ]; then COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur)); else if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--unmount" ]; then COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur)); else if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--detach" ]; then COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur)); else if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--eject" ]; then COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur)); else if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--ata-smart-refresh" ]; then COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur)); else if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--ata-smart-simulate" ]; then _filedir || return 0; else if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--set-spindown" ]; then COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur)); else if [ "${COMP_WORDS[$(($COMP_CWORD - 1))]}" = "--poll-for-media" ]; then COMPREPLY=($(compgen -W "$(udisks --enumerate-device-files)" -- $cur)); else COMPREPLY=($(IFS=: compgen -W "--dump:--inhibit-polling:--inhibit-all-polling:--enumerate:--enumerate-device-files:--monitor:--monitor-detail:--show-info:--help:--mount:--mount-fstype:--mount-options:--unmount:--unmount-options:--detach:--detach-options:--eject:--eject-options:--ata-smart-refresh:--ata-smart-wakeup:--ata-smart-simulate:--set-spindown:--set-spindown-all:--spindown-timeout:--poll-for-media" -- $cur)); fi; fi; fi; fi; fi; fi; fi; fi; fi; fi } _beesu () { local curw; COMPREPLY=(); curw=${COMP_WORDS[COMP_CWORD]}; COMPREPLY=($(compgen -c -f -b -- $curw)); return 0 } command_not_found_handle () { runcnf=1; retval=127; [ ! -S /var/run/dbus/system_bus_socket ] && runcnf=0; [ ! -x /usr/libexec/packagekitd ] && runcnf=0; if [ $runcnf -eq 1 ]; then /usr/libexec/pk-command-not-found $@; retval=$?; else echo "bash: $1: command not found"; fi; return $retval } crontab: SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=admin HOME=/
Looks like a selinux issue: audit2allow -la #============= gpg_t ============== allow gpg_t spamd_tmp_t:file read;
*** Bug 750903 has been marked as a duplicate of this bug. ***
Moving this to selinux-policy for comment. Seems to be affecting f15 as well.
Ah, I didn't see that. I see the SELinux denial now. type=AVC msg=audit(1320140967.671:32657): avc: denied { read } for pid=31629 comm="gpg" name=".spamassassin31622sLIfGvtmp" dev=dm-1 ino=60031016 scontext=system_u:system_r:gpg_t:s0-s0:c0.c1023 tcontext=system_u:object_r:spamd_tmp_t:s0 tclass=file
This is fixed in the latest F16 policy which is available from koji.
(In reply to comment #6) > This is fixed in the latest F16 policy which is available from koji. Do I need to open a separate bug for F15? My AVC is from F15.
selinux-policy-3.10.0-55.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-55.fc16
selinux-policy-3.10.0-55.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.