signature verification error from 2020-05-03

Zenny garbytrash at gmail.com
Sat May 16 08:08:46 CEST 2020 

Hi again,

The bug disappeared for a few days on its own and returned back from
yesterday. I checked Sebastian's reply at
https://tug.org/pipermail/tex-live/2020-May/045573.html, but that
didn't helped either:

[QUOTE]
# tlmgr -v update --all repository ctan
D:appending to package log file: /opt/texlive/2020/texmf-var/web2c/tlmgr.log
D:tlmgr:main: ::tldownload_server hash::
{enabled:1,errorcount:0,initcount:0,initcout:1,ua:LWP::UserAgent=HASH(0x557de6bc7eb8)}
D:setup_programs: preferring system versions
D:program curl found in path
D:program wget found in path
D:program lz4 not usable from path
D:(unix) trying to set up lz4, default
/opt/texlive/2020/tlpkg/installer/lz4/lz4.x86_64-linux, arg --version
D: Using shipped
/opt/texlive/2020/tlpkg/installer/lz4/lz4.x86_64-linux for lz4
(tested).
D:program gzip found in path
D:program xz found in path
D:Using checksum method digest::sha
D:Testing for gpg in gpg
D: ... gpg ok! [gpg --version >/dev/null 2>&1]
D:setup_gpg: using additional keyring
/opt/texlive/2020/tlpkg/gpg/repository-keys.gpg
D:gpg command line: gpg --homedir "/opt/texlive/2020/tlpkg/gpg"
--keyring repository-keys.gpg --no-secmem-warning
--no-permission-warning --lock-never
D:will verify cryptographic signatures
D:persistent connection set up, trying to get
http://ftp.acc.umu.se/mirror/CTAN/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512
(for /tmp/D40WNslc6Z/L_BEDkadDo)
D:TLUtils::download_file: downloading using lwp succeeded
D:persistent connection set up, trying to get
http://ftp.acc.umu.se/mirror/CTAN/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
(for /tmp/D40WNslc6Z/Wvq6Jn9gQT)
D:TLUtils::download_file: downloading using lwp succeeded
D:STATUS OUTPUT
[GNUPG:] BADSIG 4CE1877E19438C70 TeX Live Distribution
<tex-live at tug.org>D:verify_checksum: returning 2 and cryptographic
signature verification of
  /tmp/D40WNslc6Z/L_BEDkadDo
against
  http://ftp.acc.umu.se/mirror/CTAN/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
failed. Output was:
gpg: Signature made Thu May 14 16:34:16 2020 CEST using RSA key ID 19438C70
gpg: BAD signature from "TeX Live Distribution <tex-live at tug.org>"

Please try from a different mirror and/or wait a few minutes
and try again; usually this is because of transient updates.
If problems persist, feel free to report to texlive at tug.org.


/opt/texlive/2020/bin/x86_64-linux/tlmgr: signature verification error
of /opt/texlive/2020/tlpkg/texlive.tlpdb.c123338267992f1eaedc17d45585d6f3
from http://ftp.acc.umu.se/mirror/CTAN/systems/texlive/tlnet/tlpkg/texlive.tlpdb:
cryptographic signature verification of
  /tmp/D40WNslc6Z/L_BEDkadDo
against
  http://ftp.acc.umu.se/mirror/CTAN/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
failed. Output was:
gpg: Signature made Thu May 14 16:34:16 2020 CEST using RSA key ID 19438C70
gpg: BAD signature from "TeX Live Distribution <tex-live at tug.org>"

Please try from a different mirror and/or wait a few minutes
and try again; usually this is because of transient updates.
If problems persist, feel free to report to texlive at tug.org.
[/QUOTE]

How to sort out this once and all? Thanks and remain safe

Cheers,
/z

On 5/4/20, Zenny <garbytrash at gmail.com> wrote:
> Hi,
>
> I am on voidlinux with the latest texlive package. It was working smoothly
> till yesterday. All of the sudden `tlmgr` started giving signature
> verification error as follows:
>
> /opt/texlive/2020/bin/x86_64-linux/tlmgr: signature verification error of
>> /opt/texlive/2020/tlpkg/texlive.tlpdb.c123338267992f1eaedc17d45585d6f3
>> from
>> http://ftp.acc.umu.se/mirror/CTAN/systems/texlive/tlnet/tlpkg/texlive.tlpdb:
>> cryptographic signature verification of
>>   /tmp/iz4CbvzOTR/DLOIKh7VlU
>> against
>>
>> http://ftp.acc.umu.se/mirror/CTAN/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
>> failed. Output was:
>> gpg: Signature made Sat May  2 01:58:00 2020 CEST using RSA key ID
>> 19438C70
>> gpg: BAD signature from "TeX Live Distribution <tex-live at tug.org>"
>>
>> Please try from a different mirror and/or wait a few minutes
>> and try again; usually this is because of transient updates.
>> If problems persist, feel free to report to texlive at tug.org.
>>
>
> The key list shows:
>
> # tlmgr key list
>> /opt/texlive/2020/tlpkg/gpg/pubring.gpg
>> ---------------------------------------
>> pub   2048R/06BAB6BC 2016-03-19
>> uid                  TeX Live Distribution <tex-live at tug.org>
>> sub   2048R/B001980F 2016-03-19
>> sub   2048R/19438C70 2016-03-19 [expires: 2021-07-30]
>>
>
> Trying to pull the upstream key gives:
>
> # curl -fsSL
>> http://ftp.acc.umu.se/mirror/CTAN/systems/texlive/tlnet/tlpkg/texlive.tlpdb.sha512.asc
>> | tlmgr key add -
>> tlmgr: key import failed, output:
>> gpg: no valid OpenPGP data found.
>> gpg: Total number processed: 0
>>
>
> Thus, I am stuck as `tlmgr` cannot proceed anything further. Any clue
> appreciated.
>
> Cheers and stay safe,
> /z
>
> -.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.
> CONFIDENTIALITY NOTICE AND DISCLAIMER: Access to this e-mail and its
> contents by anyone other than the intended recipient is unauthorized as it
> contains privileged and confidential information, and is subject to legal
> privilege. Please do not re/distribute it.  If you are not the intended
> recipient (or responsible for delivery of the message to such person), you
> may not use, copy, distribute or deliver the email and part of its contents
> to anyone this message (or any part of its contents or take any action in
> connection to it. In such case, you should destroy this message, and notify
> the sender immediately. If you have received this email in error, please
> notify the sender or your sysadmin immediately by e-mail or telephone, and
> delete the e-mail from any computer. If you or your employer does not
> consent to internet e-mail messages of this kind, please notify the sender
> immediately. All reasonable precautions have been taken to ensure no
> viruses are present in this e-mail and attachments included. As the sender
> cannot accept responsibility for any loss or damage arising from the use of
> this e-mail or attachments it is recommended that you are responsible to
> follow your virus checking procedures prior to use. The views, opinions,
> conclusions and other informations expressed in this electronic mail are
> not given or endorsed by any company including the network providers unless
> otherwise indicated by an authorized representative independent of this
> message.
> -.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.
>


-- 
Cheers,
/z

-.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.
CONFIDENTIALITY NOTICE AND DISCLAIMER: Access to this e-mail and its
contents by anyone other than the intended recipient is unauthorized as it
contains privileged and confidential information, and is subject to legal
privilege. Please do not re/distribute it.  If you are not the intended
recipient (or responsible for delivery of the message to such person), you
may not use, copy, distribute or deliver the email and part of its contents
to anyone this message (or any part of its contents or take any action in
connection to it. In such case, you should destroy this message, and notify
the sender immediately. If you have received this email in error, please
notify the sender or your sysadmin immediately by e-mail or telephone, and
delete the e-mail from any computer. If you or your employer does not
consent to internet e-mail messages of this kind, please notify the sender
immediately. All reasonable precautions have been taken to ensure no
viruses are present in this e-mail and attachments included. As the sender
cannot accept responsibility for any loss or damage arising from the use of
this e-mail or attachments it is recommended that you are responsible to
follow your virus checking procedures prior to use. The views, opinions,
conclusions and other informations expressed in this electronic mail are
not given or endorsed by any company including the network providers unless
otherwise indicated by an authorized representative independent of this
message.
-.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.

More information about the tex-live mailing list.