Labels

Android (1) bash (2) boost (2) C (34) C++ (2) cheatsheet (2) CLion (6) css (3) Debian (33) DL (17) Docker (2) Dreamweaver (2) Eclipse (3) fail2ban (4) git (5) GitHub (4) Hacking (3) html (8) http (1) iOS (1) iPad (1) IRC (1) Java (31) javascript (3) Linux (169) Mac (19) Machine Learning (1) mySQL (49) Netbeans (4) Networking (1) Nexus (1) OpenVMS (6) Oracle (1) Pandas (3) php (16) Postgresql (8) Python (9) raid (1) RedHat (14) Samba (2) Slackware (48) SQL (14) svn (1) tar (1) ThinkPad (1) Virtualbox (3) Visual Basic (1) Visual Studio (1) Windows (2)

Monday, 25 November 2024

Issue with slackpkg and gpg key

I found an issue while using slackpkg where the following error presented itself:

ERROR: Verification of the  gpg signature on CHECKSUMS.md5
               failed! This could mean that the file is out of date
               or has been tampered with. If you use mirrors.slackware.com
               as your mirror, this could also mean that the mirror to
               which you got redirected is not yet updated with the most
               recent changes in the Slackware tree.

After some digging, this was down to the network having recently required the installation of a Zscaler root CA certificate, to which this particular machine had not yet installed. Interestingly, another identical machine did not present itself with this error, when both were connected to the same network and neither had the CA certificate installed. I concluded that this was due to the working machine having run slackpkg update or at least been used in some fashion, thus being able to download the GPG-KEY from https://www.slackware.com/infra/keys/GPG-KEY prior to the Zscaler service being implemented. Running slackpkg update gpg should retrieve and install the GPG-KEY but this did not resolve on the machine in question, neither did it show that the command had failed to retrieve the key.

Running gpg --list-keys should show the system keys and in the case of the suspect machine, this was empty, compared to the identical machine which worked and showed the installed keys.

To resolve, I downloaded the key manually but to do this, given the CA was not present on this machine, I had to use the --no-check-certificates option with wget, so as below:

wget --no-check-certificate https://www.slackware.com/infra/keys/GPG-KEY

We can then do, as root: gpg --import GPG-KEY

verifying with gpg --list-keys

slackpkg could now be used as expected, or indeed my check4updates script.

It is worth noting that as these boxes do not have the above mentioned Zscaler CA certificate installed, the selected mirror in /etc/slackpkg/mirrors should be http and not https


Posted by at
Labels: ,

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)