FAQ   Search   Memberlist  
Profile    Log in to check your private messages    Register    Log in
All updates have missing signatures

 
Post new topic   Reply to topic    BLAG Forum Index -> support
View previous topic :: View next topic  
Author Message
Gullible jones
PostPosted: Mon Sep 29, 2008 11:16 am    Post subject: All updates have missing signatures Reply with quote

I just installed 90001 and ran apt-get update + apt-get upgrade, and what I got was this (after numerous "unknown signature" errors about missing GPG keys):

Code:

E: Error(s) while checking package signatures:
0 unsigned package(s)
18 package(s) with unknown signatures
0 package(s) with illegal/corrupted signatures
E: handler silently failed


These are all core system packages.

What's going on? Not being the paranoid type, I highly doubt that someone is trying to carry out a man-in-the-middle attack.

Junichirô
PostPosted: Mon Sep 29, 2008 12:46 pm    Post subject: Reply with quote

Edit the file /etc/apt/apt.conf and uncomment out this line
Code:
"\\ GPG-Check "false";

Gullible jones
PostPosted: Mon Sep 29, 2008 3:26 pm    Post subject: Reply with quote

Thanks, but how do I prevent this from happening in the future without disabling GPG checking entirely? Is there some package I have to install, as with the Debian-Multimedia website?

Edit: Okay, it looks like the GPG signatures are missing... which package do I install to get the GPG signatures? I should not have to turn GPG checking off to have a functional system - it's a basic security measure.

sinuhe
PostPosted: Wed Oct 01, 2008 2:28 pm    Post subject: Reply with quote

Gullible jones wrote:
Thanks, but how do I prevent this from happening in the future without disabling GPG checking entirely? Is there some package I have to install, as with the Debian-Multimedia website?
Edit: Okay, it looks like the GPG signatures are missing... which package do I install to get the GPG signatures? I should not have to turn GPG checking off to have a functional system - it's a basic security measure.



GPG checksums are part of the rpm package metadata. If a BLAG rpm is built with a signature, "rpm --import PUBLICKEY" would import the public key so that you can "rpm -K foo.rpm" to verify the signature. With yum, this import is typically automatic. Public keys can be got from /etc/pki/rpm-gpg, which should include the Red Hat and Fedora public keys for any fc9 distributed package that is included.

zargad
PostPosted: Wed Oct 29, 2008 11:34 am    Post subject: Reply with quote

bonjour,
j'ai aussi ce problème
(I also have this problem)
Code:
E: Error(s) while checking package signatures:
1 unsigned package(s)
40 package(s) with unknown signatures
0 package(s) with illegal/corrupted signatures
E: Handler silently failed

mais j'ai pas bien compris la manipulation avec
(but I did not understand the manipulation with) => Edit the file /etc/apt/apt.conf and uncomment out this line
Code:
"\\ GPG-Check "false";.

j'ai ça dans mon /etc/apt/apt.conf
(got it in my /etc/apt/apt.conf)
Code:
// User customizable configuration

 RPM
{
  // to disable GPG-signature checking for packages
  // GPG-Check "false";
  // Uncomment to prevent kernel being handled along with (dist-)upgrade
  // Upgrade-Virtual "false";
  // Uncomment to hold packages with modified config files in (dist-)upgrade
  // Preserve-Config "true";
};

// Options for the downloading routines
Acquire
{
  // Retries "1";
  // http::Proxy "http://user:password@proxy-server.domain.tld:port/";
  // http::Proxy "http://proxy-server.domain.tld:port/";
};

je dois faire comme ça ?
(I do like that?)

Code:
...
// # GPG-Check "false";
...



[Traducteur GNOME 0.99 ]

Junichirô
PostPosted: Wed Oct 29, 2008 12:52 pm    Post subject: Reply with quote

Non! Supprime "//".
No! remove '//'.

zargad
PostPosted: Wed Oct 29, 2008 1:40 pm    Post subject: Reply with quote

ok ! merci ça marche .
(ok! thank you it works.)
:-)

Display posts from previous:   
Post new topic   Reply to topic    BLAG Forum Index -> support
Page 1 of 1

Protected by Anti-Spam ACP