Re: Latest updated scap-security-guide signed with wrong GPG key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 05/20/2018 08:26 AM, cwlists wrote:
> Hi,
> 
> Today I tried to update my CentOS 7.5 with latest updates, but it fails to
> verify the signature of one of the packages:
> 
> ...
> scap-security-guide                    noarch  0.1.36-9.el7.centos
> updates
> 
> 
> It seems like this RPM was signed with AltArch PowerPC key (see further
> down):
> 
> Warning:
> /var/cache/yum/x86_64/7/updates/packages/scap-security-guide-0.1.36-9.el7.centos.noarch.rpm:
> Header V3 RSA/SHA256 Signature, key ID f533f4fa: NOKEY
> Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
> 
> 
> The GPG keys listed for the "CentOS-7 - Updates" repository are already
> installed but they are not correct for this package.
> Check that the correct key URLs are configured for this repository.
> 
> 
>  Failing package is: scap-security-guide-0.1.36-9.el7.centos.noarch
>  GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
> 
> 
> 
>>From https://www.centos.org/keys/
> ...
> PowerPC Key
> 
> download key
> <https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-AltArch-7-ppc64>
> 
> pub  2048R/F533F4FA 2015-11-27 CentOS AltArch SIG - PowerPC
> (https://wiki.centos.org/SpecialInterestGroup/AltArch)
> <security@xxxxxxxxxx>
>         Key fingerprint = BAFA 3436 FC50 768E 3C3C  2E4E A963 BBDB F533 F4FA




That is the ppc64 key for CentOS.  That noarch package fails to build
currently on x86_64, so it built on ppc64le .. and accidentially was
also signed by the ppc64le signing key.  Fixing it now to be signed by
the official x86_64 key.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux