This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree
Skip to end of metadata
Go to start of metadata

If you run "sa-update -D" and see something like this:

[26406] dbg: gpg: calling gpg
[26406] dbg: gpg: gpg: Signature made Thu 18 Oct 2007 02:54:04 AM EDT using RSA key ID 24F434CE
[26406] dbg: gpg: gpg: WARNING: signing subkey 24F434CE is not cross-certified
[26406] dbg: gpg: gpg: please see for more 
[26406] dbg: gpg: [GNUPG:] ERRSIG 6C55397824F434CE 1 2 00 1192690444 1
[26406] dbg: gpg: gpg: Can't check signature: general error
error: GPG validation failed!
The update downloaded successfully, but the GPG signature verification
channel: GPG validation failed, channel failed
[26406] dbg: generic: cleaning up temporary directory/files
[26406] dbg: diag: updates complete, exiting with code 4

Then you need to download an updated sa-update key.

As bug 5775 describes, the GnuPG developers decided to create a new error condition for a potentially-dangerous signature style, which unfortunately was one we use for the SpamAssassin update-signing key.

Running this should fix it:

    sa-update --import GPG.KEY
  • No labels