Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

debug rpm key file update/install issue, then update Apt package manager key files #29

Open
3 tasks
bhamail opened this issue Dec 13, 2022 · 0 comments
Open
3 tasks

Comments

@bhamail
Copy link
Contributor

bhamail commented Dec 13, 2022

Tracking issue for remaining TODO items from PR #28

Well now, that didn't go as planned: Updating the RPM-GPG-KEY-Sonatype.asc leads to the following error when installing in CentOS 9 Stream. Will revert changes to RPM-GPG-KEY-Sonatype.asc for now.

# yum install nexus-iq-server
Sonatype Community                                                        413 kB/s | 474 kB     00:01    
CentOS Stream 9 - BaseOS                                                  3.2 MB/s | 6.0 MB     00:01    
CentOS Stream 9 - AppStream                                               4.7 MB/s |  16 MB     00:03    
CentOS Stream 9 - Extras packages                                          17 kB/s | 9.2 kB     00:00    
Dependencies resolved.
==========================================================================================================
 Package                          Arch        Version                       Repository               Size
==========================================================================================================
Installing:
 nexus-iq-server                  noarch      1.151.0_01-1.el7              sonatype-community      153 M
Installing dependencies:
 copy-jdk-configs                 noarch      4.0-3.el9                     appstream                28 k
 java-1.8.0-openjdk-headless      x86_64      1:1.8.0.352.b08-2.el9         appstream                33 M
 javapackages-filesystem          noarch      6.0.0-3.el9                   appstream                14 k
 lksctp-tools                     x86_64      1.0.19-2.el9                  baseos                   94 k
 lua                              x86_64      5.4.2-7.el9                   appstream               187 k
 lua-posix                        x86_64      35.0-8.el9                    appstream               151 k
 tzdata-java                      noarch      2022g-1.el9                   appstream               230 k

Transaction Summary
==========================================================================================================
Install  8 Packages

Total download size: 187 M
Installed size: 287 M
Is this ok [y/N]: y
Downloading Packages:
(1/8): copy-jdk-configs-4.0-3.el9.noarch.rpm                              303 kB/s |  28 kB     00:00    
(2/8): lksctp-tools-1.0.19-2.el9.x86_64.rpm                               679 kB/s |  94 kB     00:00    
(3/8): javapackages-filesystem-6.0.0-3.el9.noarch.rpm                     206 kB/s |  14 kB     00:00    
(4/8): lua-5.4.2-7.el9.x86_64.rpm                                         1.4 MB/s | 187 kB     00:00    
(5/8): lua-posix-35.0-8.el9.x86_64.rpm                                    1.9 MB/s | 151 kB     00:00    
(6/8): tzdata-java-2022g-1.el9.noarch.rpm                                 2.4 MB/s | 230 kB     00:00    
(7/8): nexus-iq-server-1.151.0_01-1.el7.noarch.rpm                         11 MB/s | 153 MB     00:13    
(8/8): java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el9.x86_64.rpm         2.0 MB/s |  33 MB     00:16    
----------------------------------------------------------------------------------------------------------
Total                                                                      11 MB/s | 187 MB     00:16     
Sonatype Community                                                        4.3 kB/s | 1.7 kB     00:00    
Importing GPG key 0x382A0E3A:
 Userid     : "Sonatype Community PGP <[email protected]>"
 Fingerprint: 8090 0DA1 952D 7C79 68F3 CFD9 8C79 C4D0 382A 0E3A
 From       : https://repo.sonatype.com/repository/community-hosted/pki/rpm-gpg/RPM-GPG-KEY-Sonatype.asc
Is this ok [y/N]: y
Key imported successfully
Import of key(s) didn't help, wrong key(s)?
Public key for nexus-iq-server-1.151.0_01-1.el7.noarch.rpm is not installed. Failing package is: nexus-iq-server-1.151.0_01-1.el7.noarch
 GPG Keys are configured as: https://repo.sonatype.com/repository/community-hosted/pki/rpm-gpg/RPM-GPG-KEY-Sonatype.asc
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED

Helpful commands for rpm key fun in CentOS 9 Stream:

List installed yum keys:

# rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
gpg-pubkey-8483c65d-5ccc5b19	CentOS (CentOS Official Signing Key) <[email protected]> public key
gpg-pubkey-382a0e3a-628566cb	Sonatype Community PGP <[email protected]> public key
gpg-pubkey-0aa4f31a-5d54bfc0	Sonatype Community <[email protected]> public key

Erase a yum key:

# rpm -e gpg-pubkey-0aa4f31a-5d54bfc0

Hold off on the steps below until the above issue is understood.

  • Update Apt repository signing key with new private key (requires admin access to Nexus repository configuration).
  • Commit new Apt public key file (comunity-hosted/pki/deb-gpg/DEB-GPG-KEY-Sonatype.asc) to git repository. Should be then be identical to the Rpm public key file (comunity-hosted/pki/rpm-gpg/RPM-GPG-KEY-Sonatype.asc).
  • Publish this new Apt public key file (comunity-hosted/pki/deb-gpg/DEB-GPG-KEY-Sonatype.asc) to raw hosted repo: https://repo.sonatype.com/repository/community-hosted/pki/deb-gpg/DEB-GPG-KEY-Sonatype.asc.

relates to Issue #27, PR #28

bhamail added a commit that referenced this issue Dec 13, 2022
…28)

Remaining tasks for Apt repo tracking in Issue #29.
@bhamail bhamail changed the title update Apt package manager key files debug rpm key file update/install issue, then update Apt package manager key files Dec 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant