gpg failure on sa-update due to non-cross-certified key

Fri, 18 Apr 2008 06:17:45 -0700 

I recently installed Mandriva 2008.1 on one of my spamfilters.  It
includes gpg version 1.4.9.  When I try to run sa-update, I get:
[EMAIL PROTECTED] ~]$ sudo sa-update
Password: 
gpg: WARNING: unsafe permissions on homedir 
`/etc/mail/spamassassin/sa-update-keys'
gpg: WARNING: unsafe permissions on homedir 
`/etc/mail/spamassassin/sa-update-keys'
error: GPG validation failed!
The update downloaded successfully, but the GPG signature verification
failed.
channel: GPG validation failed, channel failed


When I ran sa-update in debug mode, I see this message:
[1518] dbg: channel: selected mirror http://daryl.dostech.ca/sa-update/asf
[1518] dbg: http: GET request, 
http://daryl.dostech.ca/sa-update/asf/648641.tar.gz
[1518] dbg: http: GET request, 
http://daryl.dostech.ca/sa-update/asf/648641.tar.gz.sha1
[1518] dbg: http: GET request, 
http://daryl.dostech.ca/sa-update/asf/648641.tar.gz.asc
[1518] dbg: sha1: verification wanted: 129293f2f748a7398442daf97a26e2af387192a6
[1518] dbg: sha1: verification result: 129293f2f748a7398442daf97a26e2af387192a6
[1518] dbg: channel: populating temp content file
[1518] dbg: gpg: populating temp signature file
[1518] dbg: gpg: calling gpg
gpg: WARNING: unsafe permissions on homedir 
`/etc/mail/spamassassin/sa-update-keys'
[1518] dbg: gpg: gpg: Signature made Wed 16 Apr 2008 04:28:44 AM CDT using RSA 
key ID 24F434CE
[1518] dbg: gpg: gpg: WARNING: signing subkey 24F434CE is not cross-certified
[1518] dbg: gpg: gpg: please see 
http://www.gnupg.org/faq/subkey-cross-certify.html for more information
[1518] dbg: gpg: [GNUPG:] ERRSIG 6C55397824F434CE 1 2 00 1208338124 1
[1518] dbg: gpg: gpg: Can't check signature: general error
error: GPG validation failed!
The update downloaded successfully, but the GPG signature verification
failed.
channel: GPG validation failed, channel failed

Looking at the gnupg faq, this appears to be a problem with the way the key is 
created.
I was able to run sa-update with the --nogpg option, and sa-compile
worked fine after sa-update ran, but I would like to know the best way
to fix this long term.  Is this a gnupg bug?  or a spamassassin bug?
Or... ?


-- 
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to