Mailing List Archive

On Mon, Mar 21, 2022 at 03:48:51AM -0600, @lbutlr wrote:
> When running sa-update on an old system (not updated in at least a year) I am getting:
>
> # sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com
> gpg: process '/usr/local/bin/gpg' finished: exit 2
> error: GPG validation failed!

Sounds like the gpg command failed, not relating to keys. sa-update -D
could give clues.

"@lbutlr" <kremels@kreme.com> writes:

> When running sa-update on an old system (not updated in at least a year) I am getting:
>
> # sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com
> gpg: process '/usr/local/bin/gpg' finished: exit 2
> error: GPG validation failed!
> The update downloaded successfully, but it was not signed with a trusted GPG
> key. Instead, it was signed with the following keys:
>
> 24C063D8
>
> Perhaps you need to import the channel's GPG key? For example:
>
> wget https://spamassassin.apache.org/updates/GPG.KEY
> sa-update --import GPG.KEY
>
> channel 'kam.sa-channels.mcgrail.com': GPG validation failed, channel failed
>
>
> I went ahead and rand the commands, but that didn't change the behavior (not that I expected it would). I assume there is a different path for the KAM GPG key.

I have been using

--gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com

very consistently for a while now.

Best regards,

Olivier

--

On 2022 Mar 21, at 03:54, Henrik K <hege@hege.li> wrote:
> On Mon, Mar 21, 2022 at 03:48:51AM -0600, @lbutlr wrote:
>> When running sa-update on an old system (not updated in at least a year) I am getting:
>>
>> # sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com
>> gpg: process '/usr/local/bin/gpg' finished: exit 2
>> error: GPG validation failed!
>
> Sounds like the gpg command failed, not relating to keys. sa-update -D
> could give clues.

Thanks, I did run sa-update (non KAM) and it worked. Running it again with -D on KAM gives:

Mar 21 04:13:56.804 [89542] dbg: gpg: calling gpg
Mar 21 04:13:56.811 [89542] dbg: gpg: [GNUPG:] NEWSIG
Mar 21 04:13:56.811 [89542] dbg: gpg: gpg: Signature made Fri Mar 18 10:25:02 2022 MDT
Mar 21 04:13:56.812 [89542] dbg: gpg: gpg: using RSA key 21D97142272C9066FCAA792B4A156DA524C063D8
Mar 21 04:13:56.812 [89542] dbg: gpg: [GNUPG:] ERRSIG 4A156DA524C063D8 1 8 00 1647620702 9 21D97142272C9066FCAA792B4A156DA524C063D8
Mar 21 04:13:56.812 [89542] dbg: gpg: [GNUPG:] NO_PUBKEY 4A156DA524C063D8
Mar 21 04:13:56.812 [89542] dbg: gpg: gpg: Can't check signature: No public key
gpg: process '/usr/local/bin/gpg' finished: exit 2

That doesn't look like a configuration issue n my side?

--
There are strange things done in the midnight sun/By the men who moil
for gold; The Arctic trails have their secret tales/That would
make your blood run cold; The Northern Lights have seen queer
sights,/But the queerest they ever did see Was the night on the
marge of Lake Lebarge/ When I cremated Sam McGee

On Mon, Mar 21, 2022 at 04:16:19AM -0600, @lbutlr wrote:
> On 2022 Mar 21, at 03:54, Henrik K <hege@hege.li> wrote:
> > On Mon, Mar 21, 2022 at 03:48:51AM -0600, @lbutlr wrote:
> >> When running sa-update on an old system (not updated in at least a year) I am getting:
> >>
> >> # sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com
> >> gpg: process '/usr/local/bin/gpg' finished: exit 2
> >> error: GPG validation failed!
> >
> > Sounds like the gpg command failed, not relating to keys. sa-update -D
> > could give clues.
>
> Thanks, I did run sa-update (non KAM) and it worked. Running it again with -D on KAM gives:
>
> Mar 21 04:13:56.804 [89542] dbg: gpg: calling gpg
> Mar 21 04:13:56.811 [89542] dbg: gpg: [GNUPG:] NEWSIG
> Mar 21 04:13:56.811 [89542] dbg: gpg: gpg: Signature made Fri Mar 18 10:25:02 2022 MDT
> Mar 21 04:13:56.812 [89542] dbg: gpg: gpg: using RSA key 21D97142272C9066FCAA792B4A156DA524C063D8
> Mar 21 04:13:56.812 [89542] dbg: gpg: [GNUPG:] ERRSIG 4A156DA524C063D8 1 8 00 1647620702 9 21D97142272C9066FCAA792B4A156DA524C063D8
> Mar 21 04:13:56.812 [89542] dbg: gpg: [GNUPG:] NO_PUBKEY 4A156DA524C063D8
> Mar 21 04:13:56.812 [89542] dbg: gpg: gpg: Can't check signature: No public key
> gpg: process '/usr/local/bin/gpg' finished: exit 2
>
> That doesn't look like a configuration issue n my side?

Right, it does seem you haven't imported the key..

https://mcgrail.com/template/kam.cf_channel

On 2022 Mar 21, at 04:37, Henrik K <hege@hege.li> wrote:
> Right, it does seem you haven't imported the key..

Thanks! That's what was missing. Odd, considering there were KAM files present, just not recent ones. Anyway, not my system, but all sorted now.

--
(on emojis) Remember when they added Groucho and no Harpo?

On Mon, Mar 21, 2022 at 06:31:07AM -0600, @lbutlr wrote:
> On 2022 Mar 21, at 04:37, Henrik K <hege@hege.li> wrote:
> > Right, it does seem you haven't imported the key..
>
> Thanks! That's what was missing. Odd, considering there were KAM files present, just not recent ones. Anyway, not my system, but all sorted now.

note that gpg by default saves keyrings under user home directory, so
if the script was previously being run as another user, that would
case exactly the behaviour you're seeing.

--
Opinions above are GNU-copylefted.

On 3/21/22 13:31, @lbutlr wrote:
> On 2022 Mar 21, at 04:37, Henrik K <hege@hege.li> wrote:
>> Right, it does seem you haven't imported the key..
>
> Thanks! That's what was missing. Odd, considering there were KAM files present, just not recent ones. Anyway, not my system, but all sorted now.
>
KAM.cf channel started on November 2020, before that date KAM ruleset was not signed.
Giovanni