Texlive update failed with signature error

Sebastian Steinbeißer sebastian.steinbeisser at googlemail.com
Mon May 4 11:06:41 CEST 2020


Hi,

this could be a reappearance of
https://tug.org/pipermail/tex-live/2018-June/041880.html - at least that's
the only thing I found.
When running
sudo tlmgr update --self repository ctan && sudo tlmgr update --list
repository ctan && sudo tlmgr update --all repository ctan
the last part, i.e., sudo tlmgr update --all repository ctan, fails with a
signature verification error.
The same happens when running sudo tlmgs gui and choosing the standard
repository:
$ sudo tlmgr gui
Lade lokale TeX Live Datenbank
 (/usr/local/texlive/2020/tlpkg/texlive.tlpdb)
Dies kann eine Weile dauern, bitte warten ...
… fertig geladen.

/usr/local/bin/tlmgr: signature verification error of
/tmp/PtLG8C2hHU/ce9a6skcVg from
https://ftp.agdsn.de/pub/mirrors/latex/dante/systems/texlive/tlnet/tlpkg/texlive.tlpdb:
cryptographic
signature verification of
 /tmp/PtLG8C2hHU/DUFXJfBcNh
against

https://ftp.agdsn.de/pub/mirrors/latex/dante/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
failed. Output was:
gpg: Signature made Sat May  2 01:58:00 2020 CEST
gpg:                using RSA key 4CE1877E19438C70
gpg: BAD signature from "TeX Live Distribution <tex-live at tug.org>"
[ultimate]

Please try from a different mirror and/or wait a few minutes
and try again; usually this is because of transient updates.
If problems persist, feel free to report to texlive at tug.org.
When running verbose I get the following output:
$ sudo tlmgr -v update --all repository ctan
D:appending to package log file:
/usr/local/texlive/2020/texmf-var/web2c/tlmgr.log
D:tlmgr:main: ::tldownload_server not defined
D:setup_programs: preferring system versions
D:program curl found in path
D:program wget found in path
D:program lz4 found in path
D:program gzip found in path
D:program xz found in path
D:Using checksum method digest::sha
D:Testing for gpg in gpg
D: ... gpg ok! [gpg --version >/dev/null 2>&1]
D:gpg command line: gpg --homedir "/usr/local/texlive/2020/tlpkg/gpg"
--no-secmem-warning --no-permission-warning --lock-never
D:will verify cryptographic signatures
D:TLUtils::_download_file_program: curl
http://packages.oth-regensburg.de/ctan/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512
/tmp/gN9bcmmBWn/gmlVWaSItB
D:downloading
http://packages.oth-regensburg.de/ctan/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512
using curl --user-agent texlive/curl --retry 4 --retry-delay 5 --fail
--location --con
nect-timeout 30 --silent --output
D:download of
http://packages.oth-regensburg.de/ctan/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512
succeeded
D:TLUtils::download_file: downloading using curl succeeded
D:TLUtils::_download_file_program: curl
http://packages.oth-regensburg.de/ctan/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
/tmp/gN9bcmmBWn/eLhZInvK2i
D:downloading
http://packages.oth-regensburg.de/ctan/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
using curl --user-agent texlive/curl --retry 4 --retry-delay 5 --fail
--location -
-connect-timeout 30 --silent --output
D:download of
http://packages.oth-regensburg.de/ctan/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
succeeded
D:TLUtils::download_file: downloading using curl succeeded
D:STATUS OUTPUT
[GNUPG:] NEWSIG
[GNUPG:] KEY_CONSIDERED C78B82D8C79512F79CC0D7C80D5E5D9106BAB6BC 0
[GNUPG:] SIG_ID QWkGUf40sMBKDtEjtBeFe/QkQpg 2020-05-04 1588554677
[GNUPG:] KEY_CONSIDERED C78B82D8C79512F79CC0D7C80D5E5D9106BAB6BC 0
[GNUPG:] GOODSIG 4CE1877E19438C70 TeX Live Distribution <tex-live at tug.org>
[GNUPG:] VALIDSIG D8F2F86057A857E42A88106A4CE1877E19438C70 2020-05-04
1588554677 0 4 0 1 10 01 C78B82D8C79512F79CC0D7C80D5E5D9106BAB6BC
[GNUPG:] KEY_CONSIDERED C78B82D8C79512F79CC0D7C80D5E5D9106BAB6BC 0
[GNUPG:] TRUST_ULTIMATE 0 pgp
[GNUPG:] VERIFICATION_COMPLIANCE_MODE 23D:verification succeeded, output:
gpg: Signature made Mon May  4 03:11:17 2020 CEST
gpg:                using RSA key 4CE1877E19438C70
gpg: Good signature from "TeX Live Distribution <tex-live at tug.org>"
[ultimate]

D:cryptographic signature of
http://packages.oth-regensburg.de/ctan/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512
verified
D:verify_checksum: found remote digest
 1f28c9ef4d21ff7c0460ec8074d27dc5a27771295a184bb8532de5c9221852540c3e2df04de3bf21e1a4912823796dc06a45738e0b77a65ff7d774b0b6d6170c

from
 /tmp/gN9bcmmBWn/gmlVWaSItB
for
 /usr/local/texlive/2020/tlpkg/texlive.tlpdb.3fa7fda404e9c1926412f4d43d381cc7

and

http://packages.oth-regensburg.de/ctan/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512
D:tlchecksum(/usr/local/texlive/2020/tlpkg/texlive.tlpdb.3fa7fda404e9c1926412f4d43d381cc7):
===1f28c9ef4d21ff7c0460ec8074d27dc5a27771295a184bb8532de5c9221852540c3e2df04de3bf21e1a4912823796
dc06a45738e0b77a65ff7d774b0b6d6170c===
D:verify_checksum: local_digest =
1f28c9ef4d21ff7c0460ec8074d27dc5a27771295a184bb8532de5c9221852540c3e2df04de3bf21e1a4912823796dc06a45738e0b77a65ff7d774b0b6d6170c

D:checksum of local copy identical with remote hash
tlmgr: package repository
http://packages.oth-regensburg.de/ctan/systems/texlive/tlnet (verified)
D:Automatic backups activated, keeping 1 backups.
tlmgr: saving backups to /usr/local/texlive/2020/tlpkg/backups
D:tlmgr: new pkgs:
D:tlmgr: deleted :
D:tlmgr: forced  :
tlmgr: no updates available

Choosing the network directory (i.e., the non-standard source) in the gui
application allows me to update packages.

Please let me know if you need more information in order to squash the bug.

Cheers,
Sebastian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20200504/8e5e6bcc/attachment-0001.html>


More information about the tex-live mailing list.