Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re^3: Key Not Certified in CPAN

by pryrt (Abbot)
on Feb 24, 2022 at 23:16 UTC ( #11141628=note: print w/replies, xml ) Need Help??


in reply to Re^2: Key Not Certified in CPAN
in thread SOLVED: Key Not Certified in CPAN

Anyone with suggestions I can try to get the CHECKSUMS working

I don't use the default CPAN client. But the two suggestions I have:

  1. Don't override the mirror; per my understanding of the blog post, an extra layer of security can be added by the main cpan.org site that isn't available on the mirrors. (I am not a security expert; this is just what I've gathered.)
    Back in the 90s, with the much slower network backbone speeds available, and not many resources behind any individual machine name, it made sense to have a mirroring system and pick a nearby mirror. But in today's load-balanced systems, where the same machine name (www.cpan.org) can point to any number of physical machines that are serving out those results, possibly in geographically separate locations, there isn't as much need for the mirror. (I am not a networking expert; this is just what I've gathered.)
  2. The warning said that your system didn't trust the PAUSE key; that is a GPG-related topic. If you believe me when I say that I believe PAUSE publishes their public key at https://pause.perl.org/pause/query?ACTION=pause_04about#pubkeybat and that the fingerprint that your warning printed out was the same as the fingerprint published there, and if you believe that the key shown there really is the PAUSE Batch Signing Key, then you might want to import that public key into your keyring -- I believe this will eliminate that error.

However, I don't know that I'm convinced either of those will solve your problem: the message you quoted originally says that the actual CHECKSUMS file signature was okay; the problem it seemed to have was with opening a temporary CHECKSUMS.77905 file that wasn't there; I do not know what that file is, as compared to the CHECKSUMS file that was downloaded when you tried to get the package. I don't know whether doing the two above things will allow that temporary file to be correctly generated/extracted and thus allow the process to move forward. But since you were asking for any suggestions for things to try, I think this qualifies, fruitful or not ;-).

Replies are listed 'Best First'.
Re^4: Key Not Certified in CPAN
by dorko (Prior) on Feb 25, 2022 at 16:07 UTC
    Let me say I'm very happy with where I'm at. I can get work done and that's a good thing.

    I did spend a little time with it this morning. I imported two keys thusly:

    bshawadmin@NET3862:~/.cpan/CPAN$ sudo /bin/gpg --import /home/ad/bshaw +admin/publickey01.key gpg: key 450F89EC: "PAUSE Batch Signing Key 2022 <pause@pause.perl.org +>" 8 new signatures gpg: Total number processed: 1 gpg: new signatures: 8 gpg: no ultimately trusted keys found bshawadmin@NET3862:~/.cpan/CPAN$ sudo /bin/gpg --import /home/ad/bshaw +admin/publickey02.key gpg: key A317C15D: "Andreas J. Koenig <andreas.koenig.7os6VVqR@franz.a +k.mind.de>" not changed gpg: Total number processed: 1 gpg: unchanged: 1
    The keys are from https://pause.perl.org/pause/query?ACTION=pause_04about#pubkeybat as suggested by pryrt. I also did rm -rf /root/.cpan/CPAN/* to force new downloads of things (thank you Ken). Lastly I pointed my urllist to https://www.cpan.org/. (I previously had urllist pointed to an internal CPAN mirror on our network suggested to me by our networking / admin staff.)

    Despite those changes, I'm still seeing the "key not certified with a trusted signature" problem:

    cpan> get Data::Dumper Running get for module 'Data::Dumper' WARNING: This key is not certified with a trusted signature! Primary key fingerprint: 2E66 557A B97C 19C7 91AF 8E20 328D A867 450F + 89EC Signature for /root/.cpan/sources/authors/id/N/NW/NWCLARK/CHECKSUMS ok Could not open /tmp/CHECKSUMS-3F6L/CHECKSUMS.64163: No such file or di +rectory
    And I agree the "could not open" error is problematic as well.

    I'm more than happy to switch check_sigs back to 0 and declare victory. If anyone has any other suggestions, I'm willing to tinker to see if I can get things working as we all know they could be.

    Thanks again.

    Cheers,

    Brent

    -- Yup, I'm a Delt.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11141628]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (2)
As of 2022-10-03 21:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My preferred way to holiday/vacation is:











    Results (15 votes). Check out past polls.

    Notices?