I just performed a fresh install of 64-bit Centos 5 on a system, booted fine, then performed a yum update, or at least tried to. Files downloaded, and were about to install, when it complained that the gpg keys could not be found.
I ran into this about a month ago and found a web page showing the path locally to where the keys live, and providing rpm --import /to/the/path.
But of course now I cannot find that page.
Could someone kindly remind me the path to the keys, or simply the one-liner rpm to import the keys?
Thanks.
Scott
On Wed, 11 Jul 2007, Scott Ehrlich wrote:
I just performed a fresh install of 64-bit Centos 5 on a system, booted fine, then performed a yum update, or at least tried to. Files downloaded, and were about to install, when it complained that the gpg keys could not be found.
I ran into this about a month ago and found a web page showing the path locally to where the keys live, and providing rpm --import /to/the/path.
But of course now I cannot find that page.
Could someone kindly remind me the path to the keys, or simply the one-liner rpm to import the keys?
Thanks.
Scott _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
The answer was rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY...
Thanks to the responses!
Scott
On Wednesday 11 July 2007, Scott Ehrlich wrote:
I just performed a fresh install of 64-bit Centos 5 on a system, booted fine, then performed a yum update, or at least tried to. Files downloaded, and were about to install, when it complained that the gpg keys could not be found.
...and asked you if you wanted it to add it for you (Y/N)
/Peter
Scott Ehrlich wrote:
Could someone kindly remind me the path to the keys, or simply the one-liner rpm to import the keys?
It should be right on the root of the CD, called: RPM-GPG-KEY-CentOS-5 (you can also import it off of any mirror)
But that's really strange because on my CentOS 5 install, as part of the yum update process, it asks me if I want to import the key. It was only pre-C5 that I had to do this manually.
johnn
hi Scott,
Scott Ehrlich wrote:
I just performed a fresh install of 64-bit Centos 5 on a system, booted fine, then performed a yum update, or at least tried to. Files downloaded, and were about to install, when it complained that the gpg keys could not be found.
I would be slightly concerned about this - your centos install isnt a standard install - which should cause some alarm and maybe point at potential compromised media.
I ran into this about a month ago and found a web page showing the path locally to where the keys live, and providing rpm --import /to/the/path.
Mechanisms for handling the key are built into yum, the fact that your system didnt come up with that would be further cause for concern.
did you sha1sum check the iso's ? did you run the media check on the install media ?
Media checked fine with both md5sum and sha1sum. I believe I obtained my DVD version from kernel.org, and were obtained within the last couple of months.
Other insights and ideas welcome.
Thanks.
Scott
On Wed, 11 Jul 2007, Karanbir Singh wrote:
hi Scott,
Scott Ehrlich wrote:
I just performed a fresh install of 64-bit Centos 5 on a system, booted fine, then performed a yum update, or at least tried to. Files downloaded, and were about to install, when it complained that the gpg keys could not be found.
I would be slightly concerned about this - your centos install isnt a standard install - which should cause some alarm and maybe point at potential compromised media.
I ran into this about a month ago and found a web page showing the path locally to where the keys live, and providing rpm --import /to/the/path.
Mechanisms for handling the key are built into yum, the fact that your system didnt come up with that would be further cause for concern.
did you sha1sum check the iso's ? did you run the media check on the install media ?
-- Karanbir Singh : http://www.karan.org/ : 2522219@icq _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Scott Ehrlich wrote:
Media checked fine with both md5sum and sha1sum. I believe I obtained my DVD version from kernel.org, and were obtained within the last couple of months.
what does this say : 'rpm -qf /etc/yum.repos.d/CentOS-Base.repo' and what does this say : 'rpm -V centos-release'
On Thu, 12 Jul 2007, Karanbir Singh wrote:
Scott Ehrlich wrote:
Media checked fine with both md5sum and sha1sum. I believe I obtained my DVD version from kernel.org, and were obtained within the last couple of months.
what does this say : 'rpm -qf /etc/yum.repos.d/CentOS-Base.repo' and what does this say : 'rpm -V centos-release'
I'll check tomorrow at work, but planning ahead, what should the results be?
-- Karanbir Singh : http://www.karan.org/ : 2522219@icq _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Quoting Karanbir Singh mail-lists@karan.org:
Scott Ehrlich wrote:
Media checked fine with both md5sum and sha1sum. I believe I obtained my DVD version from kernel.org, and were obtained within the last couple of months.
what does this say : 'rpm -qf /etc/yum.repos.d/CentOS-Base.repo'
sudo rpm -qf /etc/yum.repos.d/CentOS-Base.repo centos-release-5-0.0.el5.centos.2
and what does this say : 'rpm -V centos-release'
this shows nothing.
-- Karanbir Singh : http://www.karan.org/ : 2522219@icq _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Scott R Ehrlich wrote:
Quoting Karanbir Singh mail-lists@karan.org:
Scott Ehrlich wrote:
Media checked fine with both md5sum and sha1sum. I believe I obtained my DVD version from kernel.org, and were obtained within the last couple of months.
what does this say : 'rpm -qf /etc/yum.repos.d/CentOS-Base.repo'
sudo rpm -qf /etc/yum.repos.d/CentOS-Base.repo centos-release-5-0.0.el5.centos.2
and what does this say : 'rpm -V centos-release'
this shows nothing.
Before we take this any further ... was the key you imported to a repository other than an official CentOS one. (for example, RPMForge, ATRPMS, etc.).
The default CentOS-Base.repo has this line in it:
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
All packages in the official repos should be signed with that key ... if you only have the CentOS Default repos enabled, you should not have been able to install a package that needed updating without yum asking you if you wanted to install that key.
If you had to add the CentOS-5 key ... then something is not setup in the default way.
On Thu, 12 Jul 2007, Johnny Hughes wrote:
Before we take this any further ... was the key you imported to a repository other than an official CentOS one. (for example, RPMForge, ATRPMS, etc.).
The install was from DVD, default packages (I planned to use yum for updates, etc). No other repos added. Straight out of the box.
The default CentOS-Base.repo has this line in it:
Mine shows it, too.
All packages in the official repos should be signed with that key ... if you only have the CentOS Default repos enabled, you should not have been able to install a package that needed updating without yum asking you if you wanted to install that key.
If you had to add the CentOS-5 key ... then something is not setup in the default way.
So, what is the verdict thus far?
Scott
--- Scott Ehrlich scott@MIT.EDU wrote:
On Thu, 12 Jul 2007, Johnny Hughes wrote:
Before we take this any further ... was the key
you imported to a
repository other than an official CentOS one. (for
example, RPMForge,
ATRPMS, etc.).
The install was from DVD, default packages (I planned to use yum for updates, etc). No other repos added. Straight out of the box.
The default CentOS-Base.repo has this line in it:
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
Mine shows it, too.
All packages in the official repos should be
signed with that key ... if
you only have the CentOS Default repos enabled,
you should not have been
able to install a package that needed updating
without yum asking you if
you wanted to install that key.
If you had to add the CentOS-5 key ... then
something is not setup in
the default way.
So, what is the verdict thus far?
Scott _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
something really screwy around here!
Steven
Get your Art Supplies @ www.littleartstore.com
On Thu, 12 Jul 2007, Steven Vishoot wrote:
something really screwy around here!
Steven
What do others have to say? Now that I think of it, I also had the same situation occur on a 32-bit install on a laptop from CDs. Again, my preferred source mirrors are either from kernel.org or lbl.gov, so I have no reason to doubt the images were tainted. Also, I know my dns server is very secure from poisoning.
And the downloads are within the last few months. So unless I somehow downloaded beta copies, I feel confident they are legit. And the checksums all are ok.
Anyone else have insights/thoughts?
Thanks.
Scott
-
Johnny Hughes -
Johnny Tan -
Karanbir Singh -
Peter Kjellstrom -
Scott Ehrlich -
Scott R Ehrlich
-
Steven Vishoot