Verification actions
The QNX Software Center performs the following types of verification:
At install time:
- Verification that the cryptographic hash of the package archive matches the cryptographic hash in the package manifest.
- Verification of the package manifest signatures.
- Verification of the payload after an install operation has been performed on disk.
After an installation:
- Automatic verification of the payload when opening the Advanced tab.
- Manual verification when invoking the Verify action.
Encountering errors during installation
During a package installation you can encounter the following errors, some of which are a result of verification at install time.
- Artifact not found; an error occurred while collecting items to be installed.
- Various io-errors (e.g. disk write failures).
- Problem downloading the artifact.
- Post installation verification issues. Possibly due to packaging issues, data-transfer issues, disk corruption, anti-virus interference, or malicious packages.
Causes and mitigation:
Packaging issue (duplicate files):
In some cases, two different packages may have the same file listed due to a packaging or dependency error. To resolve this issue, consult the release notes of the affected packages, identify the package with the correct file out of the two colliding packages, and invoke the Repair action on the identified package to make sure that the correct version of the file is written on disk. Once the package has been repaired, the error will persist if a manual verification is performed. The error will be reported as a checksum error, file size mismatch error or a duplicate file error, but no further action is required.
Antivirus Issue:
Occasionally, antivirus software can trigger false positives that mistakenly identify an installation as malicious activity. Consult the release notes of the package in question, if antivirus software interference is listed as a known issue, configure your antivirus software accordingly, restart QNX Software Center and re-install the affected package.
Disk Corruption:
If an installation is being repeated, this could cause various checksum errors, reporting multiple files as affected. If this is the case, use your host's disk validation utility to repair or replace the affected drive.
Disk Write Error:
- Permission issue.
- Read-only file system.
- File collision due to a packaging issue, or another issue listed above.
- Limited disk space.
- Installing and uninstalling components in parallel.
- Manually deleting files in parallel.
Data Transfer Issue:
It is possible that an error could have occurred during the file transfer protocol, causing a file to be improperly sent or received. This could also be a result of an issue with your firewall or proxy settings. If you have a firewall or a proxy server, see configuring proxy servers.
Malicious Package:
It is theoretically possible that a package you received could have been altered maliciously. It is highly unlikely that such a package would have been downloaded from the QNX Software Center server, but rather obtained in some other way. If this is the case, you will receive a warning that the affected package is not signed or that the signature validation has failed. If you continue to receive invalid checksum errors, and there is no other valid explanation, please contact QNX Technical Support.
Manual verification error codes and actions
Error code | Description | Linked to | Follow-up action |
---|---|---|---|
AssetListingViolation | Error while reading expected assets from the metadata. | Package | Investigate and proceed with actions to correct the appropriate package. |
ChangedFileSizeViolation | File size is different than the expected file size. | Package | Investigate and proceed with actions to correct the appropriate package. |
ExtraFileViolation | Unexpected file. | File | Delete the affected file. |
FileInMultiplePackagesViolation | File is listed in multiple packages. | Package | Investigate and proceed with actions to correct the appropriate package. |
IncorrectSignatureViolation | Package signature does not match key information. | Package | Investigate and proceed with actions to correct the appropriate package. |
MissingFileViolation | File not found. | Package | Investigate and proceed with actions to correct the appropriate package. |
NoPackagesViolation | No installation found in path. | Package | N/A |
PackageScanningViolation | Unable to scan the package metadata. | Package | Investigate and proceed with actions to correct the appropriate package. |
PackageVerificationViolation | Verification failed. | Package | Investigate and proceed with actions to correct the appropriate package. |
SignedWithTestKeyViolation | Package was signed with an untrusted key. | Package | Remove the affected package. |
SignedWithUnknownKeyViolation | Package signature references an unknown key. | Package | Remove the affected package. |
UnsignedViolation | Package is not signed. | Package | Remove the affected package. |