Atomicorp
https://forums.atomicorp.com/

Public key error when updating mod_security RPM
https://forums.atomicorp.com/viewtopic.php?f=1&t=7591
Page 1 of 1

Author:  cmaxwell [ Sat Apr 12, 2014 11:27 am ]
Post subject:  Public key error when updating mod_security RPM

We are trying to update to the new version of mod_security from the Atomic repository on some CentOS 6.5 boxes, but are getting the following error:

Code:
The GPG keys listed for the "CentOS / Red Hat Enterprise Linux 6 - atomicrocketturtle.com" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.


Have tried removing the key from the RPM database and re-adding it, as well as reinstalling the atomic-release package - this results in the following:

Code:
Downloading Packages:
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID 4520afa9: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt
Importing GPG key 0x5EBD2744:
 Userid : Atomic Rocket Turtle <admin@atomicrocketturtle.com>
 Package: atomic-release-1.0-18.el6.art.noarch (installed)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt
Is this ok [y/N]: y


Public key for mod_security-2.7.7-18.el6.art.x86_64.rpm is not installed


Anyone have any suggestions how to get this to work? I'm guessing the key has changed due to Heartbleed.

Thanks in advance.

Cheers,
Chris

Author:  freethought [ Sun Apr 13, 2014 11:54 am ]
Post subject:  Re: Public key error when updating mod_security RPM

We're seeing this as well, and only on the mod_security-2.7.7-18.el6.art RPM.

The key used to sign the other RPMs in the repository is 5ebd2744 (which gets installed from https://www.atomicorp.com/RPM-GPG-KEY.art.txt when you install the Atomic repository), but the one on the mod_security-2.7.7-18.el6.art RPM is 4520afa9.

I'm not sure what that key is, but it's mentioned in a couple of threads from 2012 on here, so AtomiCorp have pushed RPMs into the atomic repository using this key before and it caused similar problems. Perhaps it's a testing key or someone's personal key which was used accidentally.

If you want to skip the GPG signature checks (not recommended) when installing/updating the mod_security-2.7.7-18.el6.art RPM, you can use yum's "--nogpgcheck" option.

Author:  scott [ Sun Apr 13, 2014 6:55 pm ]
Post subject:  Re: Public key error when updating mod_security RPM

We're consolidating under the atomicorp key, you can define multple keys in the .repo file like:

Code:
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt   
         file:///etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt


We'll do a updated atomic-release with it soon.

Author:  cmaxwell [ Mon Apr 14, 2014 7:35 am ]
Post subject:  Re: Public key error when updating mod_security RPM

Thanks guys - that works. For anyone else experiencing this, you therefore need to do:

Code:
rpm --import https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt


And then modify your /etc/yum.repos.d/atomic.repo file with the following:

Code:
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt   
         file:///etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt

Author:  lucy albert [ Sun Feb 05, 2017 11:54 am ]
Post subject:  Re: Public key error when updating mod_security RPM

Finall i fixed that. Worth sharing.
poikilothermiahyperthymesiadorsalgia

Author:  mikeshinn [ Fri Mar 01, 2019 4:07 pm ]
Post subject:  Re: Public key error when updating mod_security RPM

You should definitely not use that version of modsecurity. There are both bugs and limitations in 2.7.7, you should use 2.9.2 or 2.9.3.

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/