Public key error when updating mod_security RPM

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
cmaxwell
Forum User
Forum User
Posts: 20
Joined: Thu Oct 19, 2006 7:33 am

Public key error when updating mod_security RPM

Unread post by cmaxwell »

We are trying to update to the new version of mod_security from the Atomic repository on some CentOS 6.5 boxes, but are getting the following error:

Code: Select all

The GPG keys listed for the "CentOS / Red Hat Enterprise Linux 6 - atomicrocketturtle.com" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.
Have tried removing the key from the RPM database and re-adding it, as well as reinstalling the atomic-release package - this results in the following:

Code: Select all

Downloading Packages:
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID 4520afa9: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt
Importing GPG key 0x5EBD2744:
 Userid : Atomic Rocket Turtle <admin@atomicrocketturtle.com>
 Package: atomic-release-1.0-18.el6.art.noarch (installed)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt
Is this ok [y/N]: y


Public key for mod_security-2.7.7-18.el6.art.x86_64.rpm is not installed
Anyone have any suggestions how to get this to work? I'm guessing the key has changed due to Heartbleed.

Thanks in advance.

Cheers,
Chris
freethought
Forum User
Forum User
Posts: 6
Joined: Sun Aug 30, 2009 8:25 am

Re: Public key error when updating mod_security RPM

Unread post by freethought »

We're seeing this as well, and only on the mod_security-2.7.7-18.el6.art RPM.

The key used to sign the other RPMs in the repository is 5ebd2744 (which gets installed from https://www.atomicorp.com/RPM-GPG-KEY.art.txt when you install the Atomic repository), but the one on the mod_security-2.7.7-18.el6.art RPM is 4520afa9.

I'm not sure what that key is, but it's mentioned in a couple of threads from 2012 on here, so AtomiCorp have pushed RPMs into the atomic repository using this key before and it caused similar problems. Perhaps it's a testing key or someone's personal key which was used accidentally.

If you want to skip the GPG signature checks (not recommended) when installing/updating the mod_security-2.7.7-18.el6.art RPM, you can use yum's "--nogpgcheck" option.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8338
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Public key error when updating mod_security RPM

Unread post by scott »

We're consolidating under the atomicorp key, you can define multple keys in the .repo file like:

Code: Select all

gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt    
         file:///etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt
We'll do a updated atomic-release with it soon.
cmaxwell
Forum User
Forum User
Posts: 20
Joined: Thu Oct 19, 2006 7:33 am

Re: Public key error when updating mod_security RPM

Unread post by cmaxwell »

Thanks guys - that works. For anyone else experiencing this, you therefore need to do:

Code: Select all

rpm --import https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt
And then modify your /etc/yum.repos.d/atomic.repo file with the following:

Code: Select all

gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt    
         file:///etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt
lucy albert
New Forum User
New Forum User
Posts: 1
Joined: Sun Feb 05, 2017 11:52 am
Location: Georgia

Re: Public key error when updating mod_security RPM

Unread post by lucy albert »

Finall i fixed that. Worth sharing.
poikilothermiahyperthymesiadorsalgia
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4132
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Public key error when updating mod_security RPM

Unread post by mikeshinn »

You should definitely not use that version of modsecurity. There are both bugs and limitations in 2.7.7, you should use 2.9.2 or 2.9.3.
Post Reply