Re-download a GPG key and import: wget http://spamassassin.apache.org/updates/GPG.KEY sa-update --import GPG.KEY
This is in the wiki: http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified?highlight=%28update%29 I had the same thing happen and all is well now. -d On Fri, 18 Apr 2008 at 08:24 -0500, [EMAIL PROTECTED] confabulated:
I recently installed Mandriva 2008.1 on one of my spamfilters. It includes gpg version 1.4.9. When I try to run sa-update, I get: [EMAIL PROTECTED] ~]$ sudo sa-update Password: gpg: WARNING: unsafe permissions on homedir `/etc/mail/spamassassin/sa-update-keys' gpg: WARNING: unsafe permissions on homedir `/etc/mail/spamassassin/sa-update-keys' error: GPG validation failed! The update downloaded successfully, but the GPG signature verification failed. channel: GPG validation failed, channel failed When I ran sa-update in debug mode, I see this message: [1518] dbg: channel: selected mirror http://daryl.dostech.ca/sa-update/asf [1518] dbg: http: GET request, http://daryl.dostech.ca/sa-update/asf/648641.tar.gz [1518] dbg: http: GET request, http://daryl.dostech.ca/sa-update/asf/648641.tar.gz.sha1 [1518] dbg: http: GET request, http://daryl.dostech.ca/sa-update/asf/648641.tar.gz.asc [1518] dbg: sha1: verification wanted: 129293f2f748a7398442daf97a26e2af387192a6 [1518] dbg: sha1: verification result: 129293f2f748a7398442daf97a26e2af387192a6 [1518] dbg: channel: populating temp content file [1518] dbg: gpg: populating temp signature file [1518] dbg: gpg: calling gpg gpg: WARNING: unsafe permissions on homedir `/etc/mail/spamassassin/sa-update-keys' [1518] dbg: gpg: gpg: Signature made Wed 16 Apr 2008 04:28:44 AM CDT using RSA key ID 24F434CE [1518] dbg: gpg: gpg: WARNING: signing subkey 24F434CE is not cross-certified [1518] dbg: gpg: gpg: please see http://www.gnupg.org/faq/subkey-cross-certify.html for more information [1518] dbg: gpg: [GNUPG:] ERRSIG 6C55397824F434CE 1 2 00 1208338124 1 [1518] dbg: gpg: gpg: Can't check signature: general error error: GPG validation failed! The update downloaded successfully, but the GPG signature verification failed. channel: GPG validation failed, channel failed Looking at the gnupg faq, this appears to be a problem with the way the key is created. I was able to run sa-update with the --nogpg option, and sa-compile worked fine after sa-update ran, but I would like to know the best way to fix this long term. Is this a gnupg bug? or a spamassassin bug? Or... ? -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
