store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Mon Sep 16, 2019 10:18 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Public key error when updating mod_security RPM
Unread postPosted: Sat Apr 12, 2014 11:27 am 
Offline
Forum User
Forum User

Joined: Thu Oct 19, 2006 7:33 am
Posts: 20
We are trying to update to the new version of mod_security from the Atomic repository on some CentOS 6.5 boxes, but are getting the following error:

Code:
The GPG keys listed for the "CentOS / Red Hat Enterprise Linux 6 - atomicrocketturtle.com" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.


Have tried removing the key from the RPM database and re-adding it, as well as reinstalling the atomic-release package - this results in the following:

Code:
Downloading Packages:
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID 4520afa9: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt
Importing GPG key 0x5EBD2744:
 Userid : Atomic Rocket Turtle <admin@atomicrocketturtle.com>
 Package: atomic-release-1.0-18.el6.art.noarch (installed)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt
Is this ok [y/N]: y


Public key for mod_security-2.7.7-18.el6.art.x86_64.rpm is not installed


Anyone have any suggestions how to get this to work? I'm guessing the key has changed due to Heartbleed.

Thanks in advance.

Cheers,
Chris


Top
 Profile  
Reply with quote  
 Post subject: Re: Public key error when updating mod_security RPM
Unread postPosted: Sun Apr 13, 2014 11:54 am 
Offline
Forum User
Forum User

Joined: Sun Aug 30, 2009 8:25 am
Posts: 6
We're seeing this as well, and only on the mod_security-2.7.7-18.el6.art RPM.

The key used to sign the other RPMs in the repository is 5ebd2744 (which gets installed from https://www.atomicorp.com/RPM-GPG-KEY.art.txt when you install the Atomic repository), but the one on the mod_security-2.7.7-18.el6.art RPM is 4520afa9.

I'm not sure what that key is, but it's mentioned in a couple of threads from 2012 on here, so AtomiCorp have pushed RPMs into the atomic repository using this key before and it caused similar problems. Perhaps it's a testing key or someone's personal key which was used accidentally.

If you want to skip the GPG signature checks (not recommended) when installing/updating the mod_security-2.7.7-18.el6.art RPM, you can use yum's "--nogpgcheck" option.


Top
 Profile  
Reply with quote  
 Post subject: Re: Public key error when updating mod_security RPM
Unread postPosted: Sun Apr 13, 2014 6:55 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 8329
Location: earth
We're consolidating under the atomicorp key, you can define multple keys in the .repo file like:

Code:
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt   
         file:///etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt


We'll do a updated atomic-release with it soon.


Top
 Profile  
Reply with quote  
 Post subject: Re: Public key error when updating mod_security RPM
Unread postPosted: Mon Apr 14, 2014 7:35 am 
Offline
Forum User
Forum User

Joined: Thu Oct 19, 2006 7:33 am
Posts: 20
Thanks guys - that works. For anyone else experiencing this, you therefore need to do:

Code:
rpm --import https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt


And then modify your /etc/yum.repos.d/atomic.repo file with the following:

Code:
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt   
         file:///etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt


Top
 Profile  
Reply with quote  
 Post subject: Re: Public key error when updating mod_security RPM
Unread postPosted: Sun Feb 05, 2017 11:54 am 
Offline
New Forum User
New Forum User

Joined: Sun Feb 05, 2017 11:52 am
Posts: 1
Location: Georgia
Finall i fixed that. Worth sharing.
poikilothermiahyperthymesiadorsalgia


Top
 Profile  
Reply with quote  
 Post subject: Re: Public key error when updating mod_security RPM
Unread postPosted: Fri Mar 01, 2019 4:07 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4084
Location: Chantilly, VA
You should definitely not use that version of modsecurity. There are both bugs and limitations in 2.7.7, you should use 2.9.2 or 2.9.3.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group