On Mon, Aug 25, 2008 at 12:10:25PM +0930, Tom Lanyon wrote: > On 25/08/2008, at 10:54 AM, Tom Lanyon wrote: > >> Hi list, >> >> Trying to upgrade someone's workstation here to 5.2 (was installed from a >> 5.0 DVD I think). >> >> The RPMs on our internal mirror are in-tact and pass a 'rpm --checksig' >> test, yet when I run a 'yum upgrade' a large portion of them are corrupted >> and fail the GPG check. >> >> This seems to be isolated to yum, as downloading the RPM directly via FTP >> with wget or lftpget provides an RPM that *does* pass the GPG check. >> >> I have upgraded key packages to the latest version (eg. yum upgrade >> 'yum*') and tried again to no avail. >> >> Anyone seen this before? >> >> Thanks, >> Tom > > There's no proxy server in between these machines; nothing seems to corrupt > the download when downloading manually via FTP. > > Also, yum seems to use the python URLGrabber module to download its RPMs. I > just wrote a quick python test script to download some problematic RPMs > using the URLGrabber module and they also passed the RPM GPG check! > > Yum is doing something crazy internally with the RPMs its downloading into > memory, I think. What's the exact error you get from yum? One thing you can do is to check the output of sha1sum against the RPM in the Yum cache on the client machine and compare that against the checksum value stored in the primary.xml.gz file for one of the bad packages. Ray