Error: "RPM has invalid signature" when updating through Yast
(Last modified: 16Sep2005)
This document (10098176) is provided subject to the disclaimer at the end of this document.
fact
SUSE LINUX Professional 9.3
Novell SLES 9
symptom
Error: "RPM has invalid signature" when updating through Yast
Error(You:RPM has invalid signature)
fix
Analyzing the cause (RPM version 4)
The RPM system should know about the keys that Novell/SUSE uses to sign SUSE RPM package files. This can be checked by studying the output of the command
rpm -qa 'gpg-pubkey*' | sort
For SLES9, the output should be:
gpg-pubkey-3d25d3d9-36e12d04
gpg-pubkey-9c800aca-40d8063e
With SUSE 9.3, the output has one more key:
gpg-pubkey-0dfb3188-41ed929b
gpg-pubkey-3d25d3d9-36e12d04
gpg-pubkey-9c800aca-40d8063e
When the RPM system is not in working order, it will produce a different output which may even be empty.
Solution (RPM version 4)
Re-import the Novell/SUSE public keys from trusted media as follows:
* Mount the first CD of your installation media under /mnt.
* Run the command
rpm --import /mnt/gpg-pubkey-3d25d3d9-36e12d04.asc
* Run the command
rpm --import /mnt/gpg-pubkey-9c800aca-39eef481.asc
* If /mnt/gpg-pubkey-0dfb3188-41ed929b.asc exists, run the command
rpm --import /mnt/gpg-pubkey-0dfb3188-41ed929b.asc
* Check that RPM has imported the keys correctly by running
rpm -qa 'gpg-pubkey*' | sort
and checking that its output now is equal to the expected output as described above.
* If the rpm line did not produce this output (e.g. its output is empty) please run the command
rpm --rebuilddb
and then repeat the key import procedure (rpm --import ..) and recheck.
cause
The most common cause for problems related to RPM signatures is a corrupted download. A corrupted download itself has a number of possible causes, like a simple transmission error or a content-altering proxy (e.g. anti-virus software mistaking an RPM for an infected file). This article is not concerned with that case. We assume that you have already ruled out a corrupted download.
In this case, there is a cause that lies deeper: the RPM package management system may have forgotten which public keys are to be trusted for package signatures.
note
Background: package signatures
The RPM package management system, as used in SUSE LINUX, uses digital signatures [wikipedia] implemented by the GNU Privacy Guard [wikipedia] to ensure that an RPM package file was produced by a trusted source (Novell/SUSE) and that it has not been tampered with (either accidentally, e.g. through data corruption during download or deliberately by a malevolent party).
For more background on the RPM package managment system and its use of digital signatures we recommend the book Maximum RPM.
document
| Document Title: | Error: "RPM has invalid signature" when updating through Yast |
| Document ID: | 10098176 |
| Solution ID: | NOVL102605 |
| Creation Date: | 01Jul2005 |
| Modified Date: | 16Sep2005 |
| Novell Product Class: | Linux |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.