Click here to get back home

Invalid signature errors, CPAN, gpg
 HomeNewsGroups | Search | About
Login Password
Register Now!
 comp.lang.perl.modules    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Invalid signature errors, CPAN, gpg Ian 08-22-2006
Get Chitika Premium
Posted by Ian on August 22, 2006, 11:56 am
Please log in for more thread options

When I try to install some packages (most notably Bundle::CPAN) using CPAN, I
get the following errors:

gpg: Signature made Mon Feb 27 01:57:02 2006 EST using DSA key ID A317C15D
gpg: requesting key A317C15D from x-hkp://pgp.mit.edu:11371 ...
gpg: no valid OpenPGP data found.
gpg: Can't check signature: public key not found
==> BAD/TAMPERED signature detected! <==

What's wrong, how can I fix it, and can I run the install without checking
signatures? Thanks.
Ian

Posted by Sisyphus on August 23, 2006, 6:40 am
Please log in for more thread options


> When I try to install some packages (most notably Bundle::CPAN) using
CPAN, I
> get the following errors:
>
> gpg: Signature made Mon Feb 27 01:57:02 2006 EST using DSA key ID A317C15D
> gpg: requesting key A317C15D from x-hkp://pgp.mit.edu:11371 ...
> gpg: no valid OpenPGP data found.
> gpg: Can't check signature: public key not found
> ==> BAD/TAMPERED signature detected! <==
>

Does that terminate the process ?

> What's wrong, how can I fix it, and can I run the install without checking
> signatures? Thanks.

I don't know the answer as I never use CPAN.pm to install modules. I just
manually download the source, extract to some location, 'cd' to that
location and run (in succession) 'perl Makefile.PL', 'make test', and 'make
install'. That way, the problem of verifying gpg signatures is avoided.

Cheers,
Rob



Posted by Ian on August 23, 2006, 5:27 pm
Please log in for more thread options


Thanks Rob,

Yes it does terminate the process, otherwise I wouldn't care. The error seems to
occur in two places: before it compiles, I think, which is fatal, and later when
it runs the tests, which I can turn off.

I used CPAN because it did all the interdependencies for me so I wouldn't have
to manually install every module. It was good while it still worked. Oh well.

Ian

Sisyphus wrote:
>> When I try to install some packages (most notably Bundle::CPAN) using
> CPAN, I
>> get the following errors:
>>
>> gpg: Signature made Mon Feb 27 01:57:02 2006 EST using DSA key ID A317C15D
>> gpg: requesting key A317C15D from x-hkp://pgp.mit.edu:11371 ...
>> gpg: no valid OpenPGP data found.
>> gpg: Can't check signature: public key not found
>> ==> BAD/TAMPERED signature detected! <==
>>
>
> Does that terminate the process ?
>
>> What's wrong, how can I fix it, and can I run the install without checking
>> signatures? Thanks.
>
> I don't know the answer as I never use CPAN.pm to install modules. I just
> manually download the source, extract to some location, 'cd' to that
> location and run (in succession) 'perl Makefile.PL', 'make test', and 'make
> install'. That way, the problem of verifying gpg signatures is avoided.
>
> Cheers,
> Rob
>
>

Posted by Sisyphus on August 23, 2006, 7:18 pm
Please log in for more thread options



> Thanks Rob,
>
> Yes it does terminate the process, otherwise I wouldn't care.

I expect that there's a way of avoiding that termination - but, like I said,
I can't really help.

>
> I used CPAN because it did all the interdependencies for me so I wouldn't
have
> to manually install every module.

Yes - that's the temptation it offers. The drawback is that you might have
to spend the time and energy you saved (and more) working out how to get
CPAN.pm to behave as you wish.

Mostly the depenedencies aren't too extensive - but there are exceptions,
and those exceptions will probably increase over time as authors assume that
CPAN.pm is being used, and it therefore doesn't matter if their module needs
20 other obscure modules, because the whole process is automated.

For some reason CPAN.pm really irritates me - to the extent that I just
cannot bring myself to use it. (That's mainly just me, however :-)

Cheers,
Rob



Similar ThreadsPosted
EOCD Signature errors with Archive::Zip July 22, 2006, 1:44 pm
How does signature check in CPAN work? September 25, 2008, 7:02 am
CPAN Errors Installing Tk Module November 26, 2004, 9:56 pm
Errors installing XML::Parser from CPAN on Solaris 9 September 7, 2005, 10:29 am
Authors -- Trusted Signature help available May 13, 2006, 3:34 am
Invalid value for shared scalar June 14, 2005, 1:57 pm
invalid COMMPROP block length= 100...... November 16, 2005, 8:21 am
Invalid Page Fault With Win32::GUI Under Win98 July 9, 2004, 5:27 pm
Net::SNMP - ERROR: Invalid IpAddress length (8 bytes) January 20, 2006, 1:41 pm
Strange errors August 9, 2004, 7:17 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap