On 05/20/2018 08:26 AM, cwlists wrote: > Hi, > > Today I tried to update my CentOS 7.5 with latest updates, but it fails to > verify the signature of one of the packages: > > ... > scap-security-guide noarch 0.1.36-9.el7.centos > updates > > > It seems like this RPM was signed with AltArch PowerPC key (see further > down): > > Warning: > /var/cache/yum/x86_64/7/updates/packages/scap-security-guide-0.1.36-9.el7.centos.noarch.rpm: > Header V3 RSA/SHA256 Signature, key ID f533f4fa: NOKEY > Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 > > > The GPG keys listed for the "CentOS-7 - Updates" repository are already > installed but they are not correct for this package. > Check that the correct key URLs are configured for this repository. > > > Failing package is: scap-security-guide-0.1.36-9.el7.centos.noarch > GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 > > > >>From https://www.centos.org/keys/ > ... > PowerPC Key > > download key > <https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-AltArch-7-ppc64> > > pub 2048R/F533F4FA 2015-11-27 CentOS AltArch SIG - PowerPC > (https://wiki.centos.org/SpecialInterestGroup/AltArch) > <security@xxxxxxxxxx> > Key fingerprint = BAFA 3436 FC50 768E 3C3C 2E4E A963 BBDB F533 F4FA That is the ppc64 key for CentOS. That noarch package fails to build currently on x86_64, so it built on ppc64le .. and accidentially was also signed by the ppc64le signing key. Fixing it now to be signed by the official x86_64 key.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
