gpg key mismatch with packages in repo?
sandwitch opened this issue · 4 comments
sandwitch commented
On a fresh installed Rocky 8 machine (1-10-2024), we get an error installing icinga2. Might it be the packages are not signed with the new key from yesterday?
To Reproduce
[root@haagbeuk ~]# /bin/dnf install icinga2
Rocky Linux 8 - AppStream 26 MB/s | 13 MB 00:00
Rocky Linux 8 - BaseOS 28 MB/s | 7.2 MB 00:00
Rocky Linux 8 - Extras 76 kB/s | 14 kB 00:00
Rocky Linux 8 - PowerTools 9.9 MB/s | 3.4 MB 00:00
Elastic package repository. 33 MB/s | 20 MB 00:00
ELRepo.org Community Enterprise Linux Repository - el8 1.0 MB/s | 249 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 19 MB/s | 14 MB 00:00
ICINGA (stable release for epel) 2.8 MB/s | 461 kB 00:00
Puppet 7 Repository el 8 - x86_64 28 MB/s | 21 MB 00:00
Dependencies resolved.
===================================================================================================================================================================================================================================
Package Architecture Version Repository Size
===================================================================================================================================================================================================================================
Installing:
icinga2 x86_64 2.13.2-1.el8.icinga icinga-stable-release 34 k
Installing dependencies:
boost-atomic x86_64 1.66.0-13.el8 appstream 13 k
boost-chrono x86_64 1.66.0-13.el8 appstream 22 k
boost-context x86_64 1.66.0-13.el8 appstream 14 k
boost-coroutine x86_64 1.66.0-13.el8 appstream 31 k
boost-date-time x86_64 1.66.0-13.el8 appstream 29 k
boost-filesystem x86_64 1.66.0-13.el8 appstream 48 k
boost-program-options x86_64 1.66.0-13.el8 appstream 140 k
boost-regex x86_64 1.66.0-13.el8 appstream 280 k
boost-system x86_64 1.66.0-13.el8 appstream 17 k
boost-thread x86_64 1.66.0-13.el8 appstream 58 k
icinga2-bin x86_64 2.13.2-1.el8.icinga icinga-stable-release 4.5 M
icinga2-common x86_64 2.13.2-1.el8.icinga icinga-stable-release 162 k
Transaction Summary
===================================================================================================================================================================================================================================
Install 13 Packages
Total download size: 5.3 M
Installed size: 23 M
Is this ok [y/N]: y
Downloading Packages:
(1/13): boost-context-1.66.0-13.el8.x86_64.rpm 421 kB/s | 14 kB 00:00
(2/13): boost-chrono-1.66.0-13.el8.x86_64.rpm 631 kB/s | 22 kB 00:00
(3/13): boost-atomic-1.66.0-13.el8.x86_64.rpm 320 kB/s | 13 kB 00:00
(4/13): boost-date-time-1.66.0-13.el8.x86_64.rpm 3.0 MB/s | 29 kB 00:00
(5/13): boost-coroutine-1.66.0-13.el8.x86_64.rpm 2.5 MB/s | 31 kB 00:00
(6/13): boost-filesystem-1.66.0-13.el8.x86_64.rpm 3.9 MB/s | 48 kB 00:00
(7/13): boost-program-options-1.66.0-13.el8.x86_64.rpm 8.2 MB/s | 140 kB 00:00
(8/13): boost-system-1.66.0-13.el8.x86_64.rpm 1.7 MB/s | 17 kB 00:00
(9/13): boost-regex-1.66.0-13.el8.x86_64.rpm 13 MB/s | 280 kB 00:00
(10/13): boost-thread-1.66.0-13.el8.x86_64.rpm 2.3 MB/s | 58 kB 00:00
(11/13): icinga2-2.13.2-1.el8.icinga.x86_64.rpm 556 kB/s | 34 kB 00:00
(12/13): icinga2-common-2.13.2-1.el8.icinga.x86_64.rpm 2.0 MB/s | 162 kB 00:00
(13/13): icinga2-bin-2.13.2-1.el8.icinga.x86_64.rpm 27 MB/s | 4.5 MB 00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 14 MB/s | 5.3 MB 00:00
ICINGA (stable release for epel) 40 kB/s | 1.6 kB 00:00
GPG key at https://packages.icinga.com/icinga.key (0xAA7F2382) is already installed
The GPG keys listed for the "ICINGA (stable release for epel)" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: icinga2-2.13.2-1.el8.icinga.x86_64
GPG Keys are configured as: https://packages.icinga.com/icinga.key
Public key for icinga2-bin-2.13.2-1.el8.icinga.x86_64.rpm is not installed. Failing package is: icinga2-bin-2.13.2-1.el8.icinga.x86_64
GPG Keys are configured as: https://packages.icinga.com/icinga.key
Public key for icinga2-common-2.13.2-1.el8.icinga.x86_64.rpm is not installed. Failing package is: icinga2-common-2.13.2-1.el8.icinga.x86_64
GPG Keys are configured as: https://packages.icinga.com/icinga.key
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
Expected behavior
Install key and packages
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Your Environment
Include as many relevant details about the environment you experienced the problem in
- Version used (
icinga2 --version): - Operating System and version:
- Enabled features (
icinga2 feature list): - Icinga Web 2 version and modules (System - About):
- Config validation (
icinga2 daemon -C): - If you run multiple Icinga 2 instances, the
zones.conffile (oricinga2 object list --type Endpointandicinga2 object list --type Zone) from all affected nodes.
Additional context
Add any other context about the problem here.
julianbrost commented
Please enclose console snippets in triple backticks so that they are rendered as code blocks and not as random markup:
```
like this
```
/bin/dnf install icinga2
[...]
Installing:
icinga2 x86_64 2.13.2-1.el8.icinga icinga-stable-release
That's not the latest version Icinga 2. Are you by any chance using the old CentOS 8 repository? At least the version matches the last version uploaded there. We don't update that one anymore since CentOS 8 reached its end of life and therefor this repo also wasn't signed with the new key.
sandwitch commented
We are using the epel repo, however seems to be a symlink to CentOS. So yes you are right. Which repo should we use for Rocky 8?
cat /etc/yum.repos.d/icinga-stable-release.repo
[icinga-stable-release]
name=ICINGA (stable release for epel)
baseurl=https://packages.icinga.com/epel/$releasever/release/
enabled=1
gpgcheck=1
gpgkey=https://packages.icinga.com/icinga.key
Al2Klimov commented
You can
- disable gpgcheck (HTTPS is fine),
- pin the old gpgkey explicitly
- or use the RHEL repo: https://icinga.com/subscriptions/developer-subscription/
sandwitch commented
Oké nice that is clear.
We where already in the proces of ordering a subscription.
Thanks for all the swift answers