Post by King Beowulf
I ran a 'slackpkg update' and this time, I got an error response,
"ERROR: Verification of the gpg signature on CHECKSUM.md5 failed!...."
Of course I could ignore it,
or come back later, or, ??
This time I'd like to get it right. I'm in my Slackware64 14.1
environment. At this point, what does a knowledgeable techie do? Why?
Thanks -- Martha Adams [Wed 2017 Nov 29]
check "/etc/slackpkg/mirrors" to make sure you have selected and known
good and reputable mirror. Make sure you are not trying to pull in 14.2
run "slackpkg update gpg" and check if the correct key is getting
downloaded. go to slackware.com and get THAT public key (dated 29-
Aug-2012) and compare with the one grabbed via slackpkg
3. Clear the files in /var/cache/packages/? (I use Slackpkg+ so mine's a
bit different) and "slackpkg update" to grab a fresh set.
Hi, King. This is helpful progress but I'm still puzzling. I think the
first thing I was doing wrong was, I had set my /etc/slackpkg/mirrors
to choose a mirror site any old how, with result, I couldn't see where
my updates came from. That was ok to my earlier self who thought, an
update is an update let's get on with the work. Which seems to my
present self, to be a mistake.
So now my /etc/slackpkg/mirrors choice is pair.com, who host my personal
web pages and I know they are good people. One down, but I'm not doing
more updates until I feel more safe than now.
I did the 'slackpkg update gpg' bit but this keys business which looks
deeply significant, is presently also deeply puzzling. I.e., I just
don't see what this is about. Is this discussed somewhere in public
I looked into my /var/cache/packages/ and I found a short list of
deeper directories. Somehow this list triggers my sensitivities so
here it is:
and I don't feel comfortable those all really belong there. Is a
I'm in Slackware64, 14.1 updated but presently no longer current.
Thanks -- Martha Adams [Sat 2017 Dec 23]