On Friday 11 January 2008, Theo Van Dinter wrote:
>On Fri, Jan 11, 2008 at 02:34:29PM -0500, Gene Heskett wrote:
>> Is there a fix in the works for those who use sa-update other than
>> disabling it in our crontabs?
>
>You'd want to be more specific about what your problem is. If the issue
>is the cross-certify problem for the updates.spamassassin.org channel,
>there are at least two possibilities:
>
>a) import the new cross-certified key. The Bugzilla ticket
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5775
> covers the problems. You can either grab the new pubkey file
>
> (http://svn.apache.org/repos/asf/spamassassin/trunk/rules/sa-update-pubkey.
>txt) and update it via:
>
> gpg --homedir /etc/mail/spamassassin/sa-update-keys --import
> sa-update-pubkey.txt
>
> or use a keyserver and download the update:
>
> gpg --homedir /etc/mail/spamassassin/sa-update-keys --keyserver
> pgp.mit.edu \ --recv-key 5244EC45
>
>b) configure gpg to not look for the cross certification. it used to be an
> error, but newer gpg versions made it an error. I believe this is simply
> putting "no-require-cross-certification" in ~/.gnupg/gpg.conf. I'd do
> this if you can't do (a) for some reason.
>
>
>There hasn't been any talk yet of how to import the new key via the next
>release. I'm guessing it'll be a manual fix mentioned in the release notes
>through 3.3.0.
>
>If your problem is with other update channels, you'd need to either post
> more information or (if it's the same cross certify issue) talk to the
> channel publisher.
>
>Hope this helps.
It doesn't Theo.
Copy/paste from the shell I was using:
------------------------
[EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com
error: GPG validation failed!
The update downloaded successfully, but it was not signed with a trusted GPG
key. Instead, it was signed with the following keys:
BDE9DC10
Perhaps you need to import the channel's GPG key? For example:
wget http://spamassassin.apache.org/updates/GPG.KEY
sa-update --import GPG.KEY
channel: GPG validation failed, channel failed
[EMAIL PROTECTED] ~]# wget http://spamassassin.apache.org/updates/GPG.KEY
--14:33:42-- http://spamassassin.apache.org/updates/GPG.KEY
=> `GPG.KEY.1'
Resolving spamassassin.apache.org... 140.211.11.130
Connecting to spamassassin.apache.org|140.211.11.130|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3,304 (3.2K) [text/plain]
100%[=======================================================================================>]
3,304 --.--K/s
14:33:43 (53.32 KB/s) - `GPG.KEY.1' saved [3304/3304]
[EMAIL PROTECTED] ~]# sa-update --import GPG.KEY
[EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com
error: GPG validation failed!
The update downloaded successfully, but it was not signed with a trusted GPG
key. Instead, it was signed with the following keys:
BDE9DC10
Perhaps you need to import the channel's GPG key? For example:
wget http://spamassassin.apache.org/updates/GPG.KEY
sa-update --import GPG.KEY
channel: GPG validation failed, channel failed
[EMAIL PROTECTED] ~]# gpg --homedir /etc/mail/spamassassin/sa-update-keys
--import
sa-update-pubkey.txt
gpg: can't open `sa-update-pubkey.txt': No such file or directory
gpg: Total number processed: 0
[EMAIL PROTECTED] ~]# ls /etc/mail/spamassassin/
init.pre sa-update-keys spamassassin-helper.sh v310.pre v320.pre
local.cf spamassassin-default.rc spamassassin-spamc.rc v312.pre
[EMAIL PROTECTED] ~]# ls /etc/mail/spamassassin/sa-update-pubkey.txt
ls: cannot access /etc/mail/spamassassin/sa-update-pubkey.txt: No such file or
directory
[EMAIL PROTECTED] ~]# gpg --homedir /etc/mail/spamassassin/sa-update-keys
--import
sa-update-pubkey
gpg: can't open `sa-update-pubkey': No such file or directory
gpg: Total number processed: 0
[EMAIL PROTECTED] ~]#
gpg --homedir /etc/mail/spamassassin/sa-update-keys --keyserver pgp.mit.edu \
> --recv-key 5244EC45
gpg: requesting key 5244EC45 from hkp server pgp.mit.edu
gpg: key 5244EC45: "updates.spamassassin.org Signing Key
<[EMAIL PROTECTED]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
[EMAIL PROTECTED] ~]# ls .gnupg
dirmngr-cache.d dirmngr.conf.gpgconf.bak options pubring.gpg
pubring.kbx random_seed trustdb.gpg
dirmngr.conf gpgsm.conf private-keys-v1.d pubring.gpg~
pubring.kbx~ secring.gpg
[EMAIL PROTECTED] ~]# ls -R .gnupg
.gnupg:
dirmngr-cache.d dirmngr.conf.gpgconf.bak options pubring.gpg
pubring.kbx random_seed trustdb.gpg
dirmngr.conf gpgsm.conf private-keys-v1.d pubring.gpg~
pubring.kbx~ secring.gpg
.gnupg/dirmngr-cache.d:
DIR.txt
.gnupg/private-keys-v1.d:
[EMAIL PROTECTED] ~]# vim .gnupg/gpgsm.conf <-added that phrase at the bottom
of
the file, there is no 'gpg.conf' file that I can find.
[EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com
error: GPG validation failed!
The update downloaded successfully, but it was not signed with a trusted GPG
key. Instead, it was signed with the following keys:
BDE9DC10
Perhaps you need to import the channel's GPG key? For example:
wget http://spamassassin.apache.org/updates/GPG.KEY
sa-update --import GPG.KEY
channel: GPG validation failed, channel failed
--------------------------------
This is round 15, and the winner is by a unanimous decision, the ID-10-T that
changed it. :-)
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
There cannot be a crisis next week. My schedule is already full.
-- Henry Kissinger
