Hi,
Today I tried to update my CentOS 7.5 with latest updates, but it fails to verify the signature of one of the packages:
... scap-security-guide noarch 0.1.36-9.el7.centos updates
It seems like this RPM was signed with AltArch PowerPC key (see further down):
Warning: /var/cache/yum/x86_64/7/updates/packages/scap-security-guide-0.1.36-9.el7.centos.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f533f4fa: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
The GPG keys listed for the "CentOS-7 - Updates" repository are already installed but they are not correct for this package. Check that the correct key URLs are configured for this repository.
Failing package is: scap-security-guide-0.1.36-9.el7.centos.noarch GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
... PowerPC Key
download key https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-AltArch-7-ppc64
pub 2048R/F533F4FA 2015-11-27 CentOS AltArch SIG - PowerPC (https://wiki.centos.org/SpecialInterestGroup/AltArch) security@centos.org Key fingerprint = BAFA 3436 FC50 768E 3C3C 2E4E A963 BBDB F533 F4FA
On 05/20/2018 08:26 AM, cwlists wrote:
Hi,
Today I tried to update my CentOS 7.5 with latest updates, but it fails to verify the signature of one of the packages:
... scap-security-guide noarch 0.1.36-9.el7.centos updates
It seems like this RPM was signed with AltArch PowerPC key (see further down):
Warning: /var/cache/yum/x86_64/7/updates/packages/scap-security-guide-0.1.36-9.el7.centos.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f533f4fa: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
The GPG keys listed for the "CentOS-7 - Updates" repository are already installed but they are not correct for this package. Check that the correct key URLs are configured for this repository.
Failing package is: scap-security-guide-0.1.36-9.el7.centos.noarch GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
... PowerPC Key
download key https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-AltArch-7-ppc64
pub 2048R/F533F4FA 2015-11-27 CentOS AltArch SIG - PowerPC (https://wiki.centos.org/SpecialInterestGroup/AltArch) security@centos.org Key fingerprint = BAFA 3436 FC50 768E 3C3C 2E4E A963 BBDB F533 F4FA
That is the ppc64 key for CentOS. That noarch package fails to build currently on x86_64, so it built on ppc64le .. and accidentially was also signed by the ppc64le signing key. Fixing it now to be signed by the official x86_64 key.
-
cwlists -
Johnny Hughes