[CentOS] Latest updated scap-security-guide signed with wrong GPG key
Johnny Hughes
johnny at centos.org
Sun May 20 13:50:26 UTC 2018
On 05/20/2018 08:26 AM, cwlists wrote:
> Hi,
>
> Today I tried to update my CentOS 7.5 with latest updates, but it fails to
> verify the signature of one of the packages:
>
> ...
> scap-security-guide noarch 0.1.36-9.el7.centos
> updates
>
>
> It seems like this RPM was signed with AltArch PowerPC key (see further
> down):
>
> Warning:
> /var/cache/yum/x86_64/7/updates/packages/scap-security-guide-0.1.36-9.el7.centos.noarch.rpm:
> Header V3 RSA/SHA256 Signature, key ID f533f4fa: NOKEY
> Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
>
>
> The GPG keys listed for the "CentOS-7 - Updates" repository are already
> installed but they are not correct for this package.
> Check that the correct key URLs are configured for this repository.
>
>
> Failing package is: scap-security-guide-0.1.36-9.el7.centos.noarch
> GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
>
>
>
>>From https://www.centos.org/keys/
> ...
> PowerPC Key
>
> download key
> <https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-AltArch-7-ppc64>
>
> pub 2048R/F533F4FA 2015-11-27 CentOS AltArch SIG - PowerPC
> (https://wiki.centos.org/SpecialInterestGroup/AltArch)
> <security at centos.org>
> Key fingerprint = BAFA 3436 FC50 768E 3C3C 2E4E A963 BBDB F533 F4FA
That is the ppc64 key for CentOS. That noarch package fails to build
currently on x86_64, so it built on ppc64le .. and accidentially was
also signed by the ppc64le signing key. Fixing it now to be signed by
the official x86_64 key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20180520/ec418784/attachment.sig>
More information about the CentOS
mailing list