[Triumf-linux-managers] Failing security updates - new SL signing
keys
Andrew Daviel
advax at triumf.ca
Wed Jul 22 19:07:18 PDT 2009
On Tue, 21 Jul 2009, Kelvin Raywood wrote:
> On all SL-4 systems do:
>
> rpm --import http://mirror.triumf.ca/SL/keys/RPM-GPG-KEY-sl{,4}
RPM seems happy to import multiple copies of GPG keys, which may be
confusing.
To check what keys you have installed:
# rpm -qa gpg-pubkey*
gives e.g.
gpg-pubkey-9505722e-4a576b54.(none)
# rpm -qi gpg-pubkey-9505722e-4a576b54
gives gory details
The required keys for SL are:
gpg-pubkey-192a7d7d-4a5769d0.(none) RPM-GPG-KEY-sl
gpg-pubkey-13a0a2dc-4a576ba5.(none) RPM-GPG-KEY-sl5
gpg-pubkey-9b1fd350-4a576be4.(none) RPM-GPG-KEY-sl6
gpg-pubkey-9505722e-4a576b54.(none) RPM-GPG-KEY-sl4
If you have multiple instances and find it annoying, you can delete them
with e.g.
# rpm -e --allmatches gpg-pubkey-0b86274e-48b5dd6f
You can also import them into gpg, which won't double-import and can
check signatures:
# gpg --import /triumfcs/mirror/SL/keys/RPM-GPG-KEY-sl6
# gpg --list-sigs 9B1FD350 (case insensitive; key matches field in RPM listing)
The curious can then see who exactly signed the CENTOS master key
# gpg --recv-keys D8C4C138
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager
More information about the Triumf-linux-managers
mailing list