Differences between revisions 2 and 3
Revision 2 as of 2008-02-12 21:11:29
Size: 1255
Editor: JustinMason
Comment: seems a lot easier
Revision 3 as of 2009-09-20 23:17:27
Size: 1257
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 21: Line 21:
As [http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5775 bug 5775] describes, the GnuPG As [[http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5775|bug 5775]] describes, the GnuPG

If you run "sa-update -D" and see something like this:

[26406] dbg: gpg: calling gpg
[26406] dbg: gpg: gpg: Signature made Thu 18 Oct 2007 02:54:04 AM EDT using RSA key ID 24F434CE
[26406] dbg: gpg: gpg: WARNING: signing subkey 24F434CE is not cross-certified
[26406] dbg: gpg: gpg: please see http://www.gnupg.org/faq/subkey-cross-certify.html for more 
[26406] dbg: gpg: [GNUPG:] ERRSIG 6C55397824F434CE 1 2 00 1192690444 1
[26406] dbg: gpg: gpg: Can't check signature: general error
error: GPG validation failed!
The update downloaded successfully, but the GPG signature verification
channel: GPG validation failed, channel failed
[26406] dbg: generic: cleaning up temporary directory/files
[26406] dbg: diag: updates complete, exiting with code 4

Then you need to download an updated sa-update key.

As bug 5775 describes, the GnuPG developers decided to create a new error condition for a potentially-dangerous signature style, which unfortunately was one we use for the SpamAssassin update-signing key.

Running this should fix it:

    wget http://spamassassin.apache.org/updates/GPG.KEY
    sa-update --import GPG.KEY

SaUpdateKeyNotCrossCertified (last edited 2009-09-20 23:17:27 by localhost)