Bug 85808 - up2date closes prematurely with GPG error - file is incorrect or corrupted
Summary: up2date closes prematurely with GPG error - file is incorrect or corrupted
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: up2date
Version: 8.0
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Adrian Likins
QA Contact: Fanny Augustin
Depends On:
TreeView+ depends on / blocked
Reported: 2003-03-07 23:32 UTC by p0liX
Modified: 2007-04-18 16:51 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2004-08-20 20:13:17 UTC

Attachments (Terms of Use)

Description p0liX 2003-03-07 23:32:11 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830

Description of problem:
When updating my system using the Redhat Network Tool, i select the updates to
be downloaded and it begins downloading.  It ends prematurely saying that the
GPG Signature is invalid and the file may be invalid or corrupted.  I get this
on several different files and it happens at randoms spots within the download,
never at the same point.  I first seen this while updating the kernel, but after
8 tries it finally finished with no errors, now i get it on random updates that
I choose, sometimes it finishes with no erros, and sometimes it will give me the
errors.  I have spoke with several people and they have experienced the same
problem using the tool, I can download the files manually and they update fine,
but using the tool Redhat packages with it's system will not work.  One update
that I get this error on continuosly is with Mozilla's base update

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Run Redhat Network Tool from the System Tools menu. 
2. Select update such as Mozilla
3. Let the update begin and the error usually pops up randomly throught the
download each time.

Actual Results:  Download will end and quit prematurely with an Invalid GPG
signature error

Expected Results:  The download should download completely and install properly.

Additional info:

Comment 1 Oisin C. Feeley 2003-03-13 00:02:16 UTC
I'd like to add a confirmation of this bug.  I have found that the downloading
the c. 13Mb kernel 2.4.18-26.8.0 resulted in the Redhat Update Agent haning
after approximately 20% download and popping up an error window asserting that
the GPG signature was corrupt.  Selecting "continue yes" resulted in the up2date
process hanging.

Minutes later I was able to use the Update Agent to download and install rpms
for "file" and "openssl" correctly without problems (these were significantly
smaller in size).

From this I guess that I have the correct GPG-KEY installed, RedHat Update Agent
can access that key and that the kernel-rpm is either not signed properly or
else there's an issue to do with size of download.

I removed the partially downloaded
/var/spool/up2date/kernel-2.4.18-26.8.0.i686.[hdr|rpm] files and retried twice
with the same erroneous results.  

I have also seen this problem reported on the psyche-list although I think the
reported did not submit a bugzilla report.

Here are some more details of the system:

[ofeeley@ars ofeeley]$ uname -a
Linux ars 2.4.18-24.8.0 #1 Fri Jan 31 06:51:30 EST 2003 i686 i686 i386 GNU/Linux

[ofeeley@ars ofeeley]$ rpm -q up2date

[ofeeley@ars ofeeley]$ rpm -q gnupg

Question pop-up window:
The package kernel-2.4.18-26.8.0 does not have a valid GPG signature.
It has been tampered with or corrupted.  Continue?

Red Hat Update Agent
Retrieving Packages
3136 of 13279 kB transferred

Comment 2 Oisin C. Feeley 2003-03-13 19:21:42 UTC
Well, this appears to be something which is not consistently reproducible.  I
just (Mar13th 10am PST) used Red Hat Update Agent to download and install the
2.4.18-26.8.0 kernel with no errors.

Beats me what's wrong.

I can only assume that there was some corruption during file download or that
the RHN server was very busy and that this caused the download to terminate and
instead of signalling "Aborted download" it got a "Download finished" and then
when it checked an md5sum of the package it looked corrupt.

Comment 3 J.B. Nicholson-Owens 2003-03-14 11:58:45 UTC
I can confirm this too.  I can't make it happen, but perhaps if one were to
force a connection drop (by pulling out the network connection cable from the
machine) this bug could be seen.  The update app could be improved by saving the
portion of the file it downloads and resuming the download (either in that
session or, if a number of retries fail, in another update session).  The app
appears to download the file from the beginning even when it has tried and
failed to do the download before.

Comment 4 J.B. Nicholson-Owens 2003-03-28 02:15:08 UTC
Is there a way to get up2date to output (but not download) a list of URLs where
I can go get the updates up2date is trying to download and install?

This way I could feed this list to a more reliable downloader (like wget) and
then have up2date do the rest of the job (checking the signatures, installing
the updates, etc.) it was built to do.

Also, is there a way to make up2date use wget instead of its built-in (and
apparently deficient) downloading code?  It's a shame that the tool built for
the job of updating the system doesn't do continued downloads and doesn't try
multiple times to download an update.  I figure why reinvent the wheel?  Use
wget since wget does the download job so well.

Comment 5 Andre Robatino 2003-10-07 21:49:04 UTC
  See bug #86527.

Comment 6 Andre Robatino 2004-08-20 22:35:26 UTC
  Please reopen, this is NOT fixed.  See my comments in bug #86527.

Note You need to log in before you can comment on or make changes to this bug.