Submitted by sgrayban on Fri, 06/19/2009 - 04:14
The following packages have bad signatures:
/var/cache/urpmi/rpms/usermin-1.410-1.noarch.rpm: Invalid Key ID (OK (DSA/SHA1, Wed 10 Jun 2009 16:54:11 PDT, Key ID d97a3ae911f63c51))
/var/cache/urpmi/rpms/webmin-1.480-1.noarch.rpm: Invalid Key ID (OK (DSA/SHA1, Wed 10 Jun 2009 16:51:19 PDT, Key ID d97a3ae911f63c51))
I even imported the key and it's still saying bad key sig.
Status:
Closed (fixed)
Comments
urpmi doesn't support multiple keys for the same repository, and so there's no way to avoid this without repackaging the Webmin/Usermin packages for the Virtualmin repositories with my signature (Jamie uses an old RPM version for compatibility with the most distributions, and so my RPM version can't resign his packages; so they have to be rebuilt). I'd thought we'd retired the urpmi repositories over a year ago, since there was only one user (you) and you weren't happy with it anyway, but maybe the universal repo is still getting urpmi meta-data generated in the update script.
There isn't really anything we can do to fix urpmi...the signature is for the package, and it is valid. urpmi just imposes an artificial per-repository limitation. And, rebuilding the Webmin/Usermin package for a distribution for which we only have one user would be pretty wasteful, I think.
I'm kinda confused that you haven't been seeing this for the past year...we've rolled a half dozen new Webmin versions using Jamie's key in that time.
Submitted by sgrayban on Fri, 06/19/2009 - 05:17 Comment #2
I download the new packages and I add them to my repo and regenerate the hdlist here. It only started to happen the last few updates which is weird. Guess I need to tell urpmi not to check the signature or I need to resign them with my key.
Submitted by sgrayban on Fri, 06/19/2009 - 05:22 Comment #3
actually I fixed it....
added key-ids: 11f63c51 to /etc/urpmi/urpmi.cfg
Submitted by Issues on Fri, 07/03/2009 - 06:18 Comment #4
Automatically closed -- issue fixed for 2 weeks with no activity.