[Triumf-linux-managers] Failing security updates - new SL signing
keys
Andrew Daviel
advax at triumf.ca
Wed Aug 5 18:47:01 PDT 2009
FYI
I turned on gpgcheck on an SL4.2 machine.
It had cron.daily/yum.cron, but did not seem to be working
# rpm -qa gpg-pubkey*
gave nothing
# rpm --import /triumfcs/mirror/SL/keys/RPM-GPG-KEY-sl4
appeared to work, but I suspect failed
/etc/pki/gpg-rpm did not exist, or /etc/pki.
In RedHat 9 and SL 5.3, /etc/pki comes in the filesystem RPM.
/etc/pki/gpg-rpm comes in sl-release on SL5.
When I tried "yum update netpbm", I got
Retrieving GPG key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-csieh
GPG key retrieval failed: [Errno 5] OSError: [Errno 2] No such file or
directory: '/etc/pki/rpm-gpg/RPM-GPG-KEY-csieh'
This file (Connie Sieh's key) did in fact exist on the machine, in
/usr/share/doc/sl-release-4.2
I created /etc/pki/rpm-gpg/, copied the keys across, and tried again.
Now it said
Importing GPG key 0xA7048F8D "Connie Sieh (Constance J. Sieh) <csieh at fnal.gov>"
and the install worked.
When I retried the import from mirror/SL/keys, and retried
rpm -qa gpg-pubkey*, it correctly listed the installed keys
Not sure if this is a generic 4.2 problem, or just some weirdness on that
machine.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager
More information about the Triumf-linux-managers
mailing list