boatman9 Posted December 19, 2008 Share Posted December 19, 2008 I received the below message while using urpmi to update packages on my system. I installed the package anyway. Does anyone know how the signature could have become bad after the package was built, or how to tell if the package has been tampered with? The following package has bad signature: /var/cache/urpmi/rpms/perl-XML-Simple-2.18-3mdv2009.0.noarch.rpm: Invalid Key ID (OK (DSA/SHA1, Thu 02 Oct 2008 04:36:52 PM PDT, Key ID e7898ae070771ff3)) Do you want to continue installation ? (y/N) Link to comment Share on other sites More sharing options...
SilverSurfer60 Posted December 19, 2008 Share Posted December 19, 2008 Not sure how the bad signature got there, maybe Adam could tell us. I had a few with no signature. A reload of the $mirrorlist cured it though. Link to comment Share on other sites More sharing options...
jkerr82508 Posted December 19, 2008 Share Posted December 19, 2008 I think that someone forgot to re-sign that package with the /updates key when it was copied to the /updates repo. Jim Link to comment Share on other sites More sharing options...
adamw Posted December 19, 2008 Share Posted December 19, 2008 70771ff3 is the /main/release key, what repo did that package come from? Link to comment Share on other sites More sharing options...
boatman9 Posted December 19, 2008 Author Share Posted December 19, 2008 I don't know how to tell which repo mirror was used. I don't fully understand the process, but it seems that when I run "urpmi.update -a" and then "urpmi --auto-select" a mirror list is downloaded, one of the mirrors is selected, and packages are downloaded from that repo mirror. My urpmi.cfg file is full of entries like the following: Main\ (Official2009.0-1) { key-ids: 70771ff3 mirrorlist: $MIRRORLIST with-dir: media/main/release } Downloading the package again, I get the following: [root@localhost urpmi]# urpmi --auto --replacepkgs --no-install perl-XML-Simple $MIRRORLIST: media/main/release/perl-XML-Simple-2.18-3mdv2009.0.noarch.rpm The following package has bad signature: /var/cache/urpmi/rpms/perl-XML-Simple-2.18-3mdv2009.0.noarch.rpm: Invalid Key ID (OK (DSA/SHA1, Thu 02 Oct 2008 04:36:52 PM PDT, Key ID e7898ae070771ff3)) Link to comment Share on other sites More sharing options...
medo3891 Posted December 22, 2008 Share Posted December 22, 2008 I think Jim got it right. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now