Verification actions

The QNX Software Center performs the following types of verification:

At install time:

  • Verification that the cryptographic hash of the package archive matches the cryptographic hash in the package manifest.
  • Verification of the package manifest signatures.
  • Verification of the payload after an install operation has been performed on disk.

After an installation:

  • Automatic verification of the payload when opening the Advanced tab.
  • Manual verification when invoking the Verify action.

Encountering errors during installation

During a package installation you can encounter the following errors, some of which are a result of verification at install time.

  • Artifact not found; an error occurred while collecting items to be installed.
  • Various io-errors (e.g. disk write failures).
  • Problem downloading the artifact.
  • Post installation verification issues. Possibly due to packaging issues, data-transfer issues, disk corruption, anti-virus interference, or malicious packages.

Causes and mitigation:

Packaging issue (duplicate files):

In some cases, two different packages may have the same file listed due to a packaging or dependency error. To resolve this issue, consult the release notes of the affected packages, identify the package with the correct file out of the two colliding packages, and invoke the Repair action on the identified package to make sure that the correct version of the file is written on disk. Once the package has been repaired, the error will persist if a manual verification is performed. The error will be reported as a checksum error, file size mismatch error or a duplicate file error, but no further action is required.

Antivirus Issue:

Occasionally, antivirus software can trigger false positives that mistakenly identify an installation as malicious activity. Consult the release notes of the package in question, if antivirus software interference is listed as a known issue, configure your antivirus software accordingly, restart QNX Software Center and re-install the affected package.

Disk Corruption:

If an installation is being repeated, this could cause various checksum errors, reporting multiple files as affected. If this is the case, use your host's disk validation utility to repair or replace the affected drive.

Disk Write Error:

If you receive an error stating that a file cannot be written to a disk, it could be any of the following issues:
  • Permission issue.
  • Read-only file system.
  • File collision due to a packaging issue, or another issue listed above.
  • Limited disk space.
  • Installing and uninstalling components in parallel.
  • Manually deleting files in parallel.
Once the correct issue has been addressed, re-try the installation.

Data Transfer Issue:

It is possible that an error could have occurred during the file transfer protocol, causing a file to be improperly sent or received. This could also be a result of an issue with your firewall or proxy settings. If you have a firewall or a proxy server, see configuring proxy servers.

Malicious Package:

It is theoretically possible that a package you received could have been altered maliciously. It is highly unlikely that such a package would have been downloaded from the QNX Software Center server, but rather obtained in some other way. If this is the case, you will receive a warning that the affected package is not signed or that the signature validation has failed. If you continue to receive invalid checksum errors, and there is no other valid explanation, please contact QNX Technical Support.

Manual verification error codes and actions

Error codeDescriptionLinked toFollow-up action
AssetListingViolation Error while reading expected assets from the metadata. Package Investigate and proceed with actions to correct the appropriate package.
ChangedFileSizeViolation File size is different than the expected file size. Package Investigate and proceed with actions to correct the appropriate package.
ExtraFileViolation Unexpected file. File Delete the affected file.
FileInMultiplePackagesViolation File is listed in multiple packages. Package Investigate and proceed with actions to correct the appropriate package.
IncorrectSignatureViolation Package signature does not match key information. Package Investigate and proceed with actions to correct the appropriate package.
MissingFileViolation File not found. Package Investigate and proceed with actions to correct the appropriate package.
NoPackagesViolation No installation found in path. Package N/A
PackageScanningViolation Unable to scan the package metadata. Package Investigate and proceed with actions to correct the appropriate package.
PackageVerificationViolation Verification failed. Package Investigate and proceed with actions to correct the appropriate package.
SignedWithTestKeyViolation Package was signed with an untrusted key. Package Remove the affected package.
SignedWithUnknownKeyViolation Package signature references an unknown key. Package Remove the affected package.
UnsignedViolation Package is not signed. Package Remove the affected package.
Page updated: