From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830 Description of problem: When updating my system using the Redhat Network Tool, i select the updates to be downloaded and it begins downloading. It ends prematurely saying that the GPG Signature is invalid and the file may be invalid or corrupted. I get this on several different files and it happens at randoms spots within the download, never at the same point. I first seen this while updating the kernel, but after 8 tries it finally finished with no errors, now i get it on random updates that I choose, sometimes it finishes with no erros, and sometimes it will give me the errors. I have spoke with several people and they have experienced the same problem using the tool, I can download the files manually and they update fine, but using the tool Redhat packages with it's system will not work. One update that I get this error on continuosly is with Mozilla's base update Version-Release number of selected component (if applicable): How reproducible: Sometimes Steps to Reproduce: 1. Run Redhat Network Tool from the System Tools menu. 2. Select update such as Mozilla 3. Let the update begin and the error usually pops up randomly throught the download each time. Actual Results: Download will end and quit prematurely with an Invalid GPG signature error Expected Results: The download should download completely and install properly. Additional info:
I'd like to add a confirmation of this bug. I have found that the downloading the c. 13Mb kernel 2.4.18-26.8.0 resulted in the Redhat Update Agent haning after approximately 20% download and popping up an error window asserting that the GPG signature was corrupt. Selecting "continue yes" resulted in the up2date process hanging. Minutes later I was able to use the Update Agent to download and install rpms for "file" and "openssl" correctly without problems (these were significantly smaller in size). From this I guess that I have the correct GPG-KEY installed, RedHat Update Agent can access that key and that the kernel-rpm is either not signed properly or else there's an issue to do with size of download. I removed the partially downloaded /var/spool/up2date/kernel-2.4.18-26.8.0.i686.[hdr|rpm] files and retried twice with the same erroneous results. I have also seen this problem reported on the psyche-list although I think the reported did not submit a bugzilla report. Here are some more details of the system: [ofeeley@ars ofeeley]$ uname -a Linux ars 2.4.18-24.8.0 #1 Fri Jan 31 06:51:30 EST 2003 i686 i686 i386 GNU/Linux [ofeeley@ars ofeeley]$ rpm -q up2date up2date-3.0.7-1 [ofeeley@ars ofeeley]$ rpm -q gnupg gnupg-1.0.7-6 Question pop-up window: The package kernel-2.4.18-26.8.0 does not have a valid GPG signature. It has been tampered with or corrupted. Continue? Red Hat Update Agent Retrieving Packages 3136 of 13279 kB transferred
Well, this appears to be something which is not consistently reproducible. I just (Mar13th 10am PST) used Red Hat Update Agent to download and install the 2.4.18-26.8.0 kernel with no errors. Beats me what's wrong. I can only assume that there was some corruption during file download or that the RHN server was very busy and that this caused the download to terminate and instead of signalling "Aborted download" it got a "Download finished" and then when it checked an md5sum of the package it looked corrupt.
I can confirm this too. I can't make it happen, but perhaps if one were to force a connection drop (by pulling out the network connection cable from the machine) this bug could be seen. The update app could be improved by saving the portion of the file it downloads and resuming the download (either in that session or, if a number of retries fail, in another update session). The app appears to download the file from the beginning even when it has tried and failed to do the download before.
Is there a way to get up2date to output (but not download) a list of URLs where I can go get the updates up2date is trying to download and install? This way I could feed this list to a more reliable downloader (like wget) and then have up2date do the rest of the job (checking the signatures, installing the updates, etc.) it was built to do. Also, is there a way to make up2date use wget instead of its built-in (and apparently deficient) downloading code? It's a shame that the tool built for the job of updating the system doesn't do continued downloads and doesn't try multiple times to download an update. I figure why reinvent the wheel? Use wget since wget does the download job so well.
See bug #86527.
Please reopen, this is NOT fixed. See my comments in bug #86527.