On Friday 11 January 2008, Theo Van Dinter wrote: >On Fri, Jan 11, 2008 at 02:34:29PM -0500, Gene Heskett wrote: >> Is there a fix in the works for those who use sa-update other than >> disabling it in our crontabs? > >You'd want to be more specific about what your problem is. If the issue >is the cross-certify problem for the updates.spamassassin.org channel, >there are at least two possibilities: > >a) import the new cross-certified key. The Bugzilla ticket > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5775 > covers the problems. You can either grab the new pubkey file > > (http://svn.apache.org/repos/asf/spamassassin/trunk/rules/sa-update-pubkey. >txt) and update it via: > > gpg --homedir /etc/mail/spamassassin/sa-update-keys --import > sa-update-pubkey.txt > > or use a keyserver and download the update: > > gpg --homedir /etc/mail/spamassassin/sa-update-keys --keyserver > pgp.mit.edu \ --recv-key 5244EC45 > >b) configure gpg to not look for the cross certification. it used to be an > error, but newer gpg versions made it an error. I believe this is simply > putting "no-require-cross-certification" in ~/.gnupg/gpg.conf. I'd do > this if you can't do (a) for some reason. > > >There hasn't been any talk yet of how to import the new key via the next >release. I'm guessing it'll be a manual fix mentioned in the release notes >through 3.3.0. > >If your problem is with other update channels, you'd need to either post > more information or (if it's the same cross certify issue) talk to the > channel publisher. > >Hope this helps.
It doesn't Theo. Copy/paste from the shell I was using: ------------------------ [EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com error: GPG validation failed! The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys: BDE9DC10 Perhaps you need to import the channel's GPG key? For example: wget http://spamassassin.apache.org/updates/GPG.KEY sa-update --import GPG.KEY channel: GPG validation failed, channel failed [EMAIL PROTECTED] ~]# wget http://spamassassin.apache.org/updates/GPG.KEY --14:33:42-- http://spamassassin.apache.org/updates/GPG.KEY => `GPG.KEY.1' Resolving spamassassin.apache.org... 140.211.11.130 Connecting to spamassassin.apache.org|140.211.11.130|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 3,304 (3.2K) [text/plain] 100%[=======================================================================================>] 3,304 --.--K/s 14:33:43 (53.32 KB/s) - `GPG.KEY.1' saved [3304/3304] [EMAIL PROTECTED] ~]# sa-update --import GPG.KEY [EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com error: GPG validation failed! The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys: BDE9DC10 Perhaps you need to import the channel's GPG key? For example: wget http://spamassassin.apache.org/updates/GPG.KEY sa-update --import GPG.KEY channel: GPG validation failed, channel failed [EMAIL PROTECTED] ~]# gpg --homedir /etc/mail/spamassassin/sa-update-keys --import sa-update-pubkey.txt gpg: can't open `sa-update-pubkey.txt': No such file or directory gpg: Total number processed: 0 [EMAIL PROTECTED] ~]# ls /etc/mail/spamassassin/ init.pre sa-update-keys spamassassin-helper.sh v310.pre v320.pre local.cf spamassassin-default.rc spamassassin-spamc.rc v312.pre [EMAIL PROTECTED] ~]# ls /etc/mail/spamassassin/sa-update-pubkey.txt ls: cannot access /etc/mail/spamassassin/sa-update-pubkey.txt: No such file or directory [EMAIL PROTECTED] ~]# gpg --homedir /etc/mail/spamassassin/sa-update-keys --import sa-update-pubkey gpg: can't open `sa-update-pubkey': No such file or directory gpg: Total number processed: 0 [EMAIL PROTECTED] ~]# gpg --homedir /etc/mail/spamassassin/sa-update-keys --keyserver pgp.mit.edu \ > --recv-key 5244EC45 gpg: requesting key 5244EC45 from hkp server pgp.mit.edu gpg: key 5244EC45: "updates.spamassassin.org Signing Key <[EMAIL PROTECTED]>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 [EMAIL PROTECTED] ~]# ls .gnupg dirmngr-cache.d dirmngr.conf.gpgconf.bak options pubring.gpg pubring.kbx random_seed trustdb.gpg dirmngr.conf gpgsm.conf private-keys-v1.d pubring.gpg~ pubring.kbx~ secring.gpg [EMAIL PROTECTED] ~]# ls -R .gnupg .gnupg: dirmngr-cache.d dirmngr.conf.gpgconf.bak options pubring.gpg pubring.kbx random_seed trustdb.gpg dirmngr.conf gpgsm.conf private-keys-v1.d pubring.gpg~ pubring.kbx~ secring.gpg .gnupg/dirmngr-cache.d: DIR.txt .gnupg/private-keys-v1.d: [EMAIL PROTECTED] ~]# vim .gnupg/gpgsm.conf <-added that phrase at the bottom of the file, there is no 'gpg.conf' file that I can find. [EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com error: GPG validation failed! The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys: BDE9DC10 Perhaps you need to import the channel's GPG key? For example: wget http://spamassassin.apache.org/updates/GPG.KEY sa-update --import GPG.KEY channel: GPG validation failed, channel failed -------------------------------- This is round 15, and the winner is by a unanimous decision, the ID-10-T that changed it. :-) -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) There cannot be a crisis next week. My schedule is already full. -- Henry Kissinger