LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   What to do when NOKEY on yum install? (https://www.linuxquestions.org/questions/linux-newbie-8/what-to-do-when-nokey-on-yum-install-4175466337/)

NotionCommotion 06-17-2013 08:20 AM
What to do when NOKEY on yum install?
 
I just received the following warning:
Code:
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
The rest is shown below. What does it mean? Should I be concerned, and if so, what steps should I take? Thank you

Code:
[root@centosBox Downloads]# yum install httpd
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
 * base: centos.mirror.lstn.net
 * extras: mirrors.usc.edu
 * updates: linux.mirrors.es.net
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.2.15-26.el6.centos will be updated
---> Package httpd.x86_64 0:2.2.15-28.el6.centos will be an update
--> Processing Dependency: httpd-tools = 2.2.15-28.el6.centos for package: httpd-2.2.15-28.el6.centos.x86_64
--> Running transaction check
---> Package httpd-tools.x86_64 0:2.2.15-26.el6.centos will be updated
---> Package httpd-tools.x86_64 0:2.2.15-28.el6.centos will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================
 Package                      Arch                    Version                                Repository                Size
=============================================================================================================================
Updating:
 httpd                        x86_64                  2.2.15-28.el6.centos                    updates                  821 k
Updating for dependencies:
 httpd-tools                  x86_64                  2.2.15-28.el6.centos                    updates                  73 k

Transaction Summary
=============================================================================================================================
Upgrade      2 Package(s)

Total download size: 894 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): httpd-2.2.15-28.el6.centos.x86_64.rpm                                                          | 821 kB    00:00   
(2/2): httpd-tools-2.2.15-28.el6.centos.x86_64.rpm                                                    |  73 kB    00:00   
-----------------------------------------------------------------------------------------------------------------------------
Total                                                                                        1.2 MB/s | 894 kB    00:00   
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Importing GPG key 0xC105B9DE:
 Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>
 Package: centos-release-6-4.el6.centos.10.x86_64 (@anaconda-CentOS-201303050102.x86_64/6.4)
 From  : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : httpd-tools-2.2.15-28.el6.centos.x86_64                                                                  1/4
  Updating  : httpd-2.2.15-28.el6.centos.x86_64                                                                        2/4
  Cleanup    : httpd-2.2.15-26.el6.centos.x86_64                                                                        3/4
  Cleanup    : httpd-tools-2.2.15-26.el6.centos.x86_64                                                                  4/4
  Verifying  : httpd-tools-2.2.15-28.el6.centos.x86_64                                                                  1/4
  Verifying  : httpd-2.2.15-28.el6.centos.x86_64                                                                        2/4
  Verifying  : httpd-2.2.15-26.el6.centos.x86_64                                                                        3/4
  Verifying  : httpd-tools-2.2.15-26.el6.centos.x86_64                                                                  4/4

Updated:
  httpd.x86_64 0:2.2.15-28.el6.centos                                                                                       

Dependency Updated:
  httpd-tools.x86_64 0:2.2.15-28.el6.centos                                                                                 

Complete!
[root@centosBox Downloads]#

acid_kewpie 06-17-2013 10:13 AM
taht suggests the officail CentOS signing key somehow isn't installed.

does:

rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'

show it is? if not install it again:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

shoudl do it. If the key file doesn't even exist, then it's here - http://centos.osuosl.org/RPM-GPG-KEY-CentOS-6 but TBH, somethign weird must've gone on to get to this situation, so don't necessarily jump into these things. They won't cause any probalems, but you might be masking the root cause a little.

Madhu Desai 06-17-2013 10:31 AM
No need to worry.

To ensure authenticity/integrity, RPM packages are digitally signed. RPMs that are digitally signed need a public key for verification, which is provided by author/repository. That public key must be installed in your system, so that next time you try to install rpm package from that repository, it will check RPM signature against installed public key.

In order to install public key, you have to import it first. (It is available in CentOS DVD1's root folder.)

Code:
# ls -lh /media/CentOS_6.4_Final/RPM-GPG-KEY-CentOS-*
-r--r--r--. 2 madhu madhu 1.7K Mar  2 23:16 /media/CentOS_6.4_Final/RPM-GPG-KEY-CentOS-6
-r--r--r--. 2 madhu madhu 1.7K Mar  2 23:16 /media/CentOS_6.4_Final/RPM-GPG-KEY-CentOS-Debug-6
-r--r--r--. 2 madhu madhu 1.7K Mar  2 23:16 /media/CentOS_6.4_Final/RPM-GPG-KEY-CentOS-Security-6
-r--r--r--. 2 madhu madhu 1.7K Mar  2 23:16 /media/CentOS_6.4_Final/RPM-GPG-KEY-CentOS-Testing-6

# rpm --import /media/CentOS_6.4_Final/RPM-GPG-KEY-CentOS-6
What if you dont have DVD, then, when you try to install any package for first time from that repository (in this case centos repo), it will check for public key, if not found, it will install it for you. Its one-time process.

Code:
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Importing GPG key 0xC105B9DE:
 Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>
 Package: centos-release-6-4.el6.centos.10.x86_64 (@anaconda-CentOS-201303050102.x86_64/6.4)
 From  : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Is this ok [y/N]: y
Public Keys are stored physically in /etc/pki/rpm-gpg/ (in CentOS)
Code:
# ls -lh /etc/pki/rpm-gpg/
-rw-r--r--. 1 root root 1.7K Mar  8  2011 RPM-GPG-KEY-adobe-linux
-rw-r--r--. 1 root root 1.7K Feb 25 14:27 RPM-GPG-KEY-CentOS-6
-rw-r--r--. 1 root root 1.7K Feb 25 14:27 RPM-GPG-KEY-CentOS-Debug-6
-rw-r--r--. 1 root root 1.7K Feb 25 14:27 RPM-GPG-KEY-CentOS-Security-6
-rw-r--r--. 1 root root 1.7K Feb 25 14:27 RPM-GPG-KEY-CentOS-Testing-6
-rw-r--r--. 1 root root 1.7K Nov  5  2012 RPM-GPG-KEY-EPEL-6
-rw-r--r--. 1 root root 3.1K Jun 25  2011 RPM-GPG-KEY-nux.ro
-rw-r--r--. 1 root root 1.4K May  9  2010 RPM-GPG-KEY-remi
-rw-r--r--. 1 root root 1.7K Apr 15  2011 RPM-GPG-KEY-rpmforge-dag
-rw-r--r--. 1 root root  992 Apr 15  2011 RPM-GPG-KEY-rpmforge-fabian
To display list of all keys that are installed:
Code:
# rpm -qa gpg-pubkey*
gpg-pubkey-c105b9de-4e0fd3a3
gpg-pubkey-00f97f56-467e318a
gpg-pubkey-85c6cd8a-4e060c35
gpg-pubkey-0608b895-4bd22942
gpg-pubkey-f6777c67-45e5b1b9
gpg-pubkey-66534c2b-50df7bda
gpg-pubkey-6b8d79e6-3f49313d
gpg-pubkey-5cc6587f-4db8bb87
To display more information for specific key:
Code:
# rpm -qi gpg-pubkey-c105b9de-4e0fd3a3
Name        : gpg-pubkey                  Relocations: (not relocatable)
Version    : c105b9de                          Vendor: (none)
Release    : 4e0fd3a3                      Build Date: Sat 01 Jun 2013 02:41:41 PM IST
Install Date: Sat 01 Jun 2013 02:41:41 PM IST      Build Host: localhost
Group      : Public Keys                  Source RPM: (none)
Size        : 0                                License: pubkey
Signature  : (none)
Summary    : gpg(CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.8.0 (NSS-3)

mQINBE4P06MBEACqn48FZgYkG2QrtUAVDV58H6LpDYEcTcv4CIFSkgs6dJ9TavCW
NyPBZRpM2R+Rg5eVqlborp7TmktBP/sSsxc8eJ+3P2aQWSWc5ol74Y0OznJUCrBr
bIdypJllsD9Fe+h7gLBXTh3vdBEWr2lR+xA+Oou8UlO2gFbVFQqMafUgU1s0vqaE
/hHH0TzwD0/tJ6eqIbHwVR/Bu6kHFK4PwePovhfvyYD9Y+C0vOYd5Ict2vbLHz1f
QBDZObv4M6KN3j7nzme47hKtdMd+LwFqxM5cXfM6b5doDulWPmuGV78VoX6OR7el
x1tlfpuiFeuXYnImm5nTawArcQ1UkXUSYcTUKShJebRDLR3BycxR39Q9jtbOQ29R
FumHginovEhdUcinRr22eRXgcmzpR00zFIWoFCwHh/OCtG14nFhefuZ8Z80qbVhW
2J9+/O4tksv9HtQBmQNOK5S8C4HNF2M8AfOWNTr8esFSDc0YA5/cxzdfOOtWam/w
lBpNcUUSSgddRsBwijPuWhVA3NmA/uQlJtAo4Ji5vo8cj5MTPG3+U+rfNqRxu1Yc
ioXRo4LzggPscaTZX6V24n0fzw0J2k7TT4sX007k+7YXwEMqmHpcMYbDNzdCzUer
Zilh5hihJwvGfdi234W3GofttoO+jaAZjic7a3p6cO1ICMgfVqrbZCUQVQARAQAB
tEZDZW50T1MtNiBLZXkgKENlbnRPUyA2IE9mZmljaWFsIFNpZ25pbmcgS2V5KSA8
Y2VudG9zLTYta2V5QGNlbnRvcy5vcmc+iQI8BBMBAgAmBQJOD9OjAhsDBQkSzAMA
BgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQCUb8osEFud6ajRAAnb6d+w6Y/v/d
MSy7UEy4rNquArix8xhqBwwjoGXpa37OqTvvcJrftZ1XgtzmTbkqXc+9EFch0C+w
ST10f+H0SPTUGuPwqLkg27snUkDAv1B8laub+l2L9erzCaRriH8MnFyxt5v1rqWA
mVlRymzgXK+EQDr+XOgMm1CvxVY3OwdjdoHNox4TdVQWlZl83xdLXBxkd5IRciNm
sg5fJAzAMeg8YsoDee3m4khg9gEm+/Rj5io8Gfk0nhQpgGGeS1HEXl5jzTb44zQW
qudkfcLEdUMOECbu7IC5Z1wrcj559qcp9C94IwQQO+LxLwg4kHffvZjCaOXDRiya
h8KGsEDuiqwjU9HgGq9fa0Ceo3OyUazUi+WnOxBLVIQ8cUZJJ2Ia5PDnEsz59kCp
JmBZaYPxUEteMtG3yDTa8c8jUnJtMPpkwpSkeMBeNr/rEH4YcBoxuFjppHzQpJ7G
hZRbOfY8w97TgJbfDElwTX0/xX9ypsmBezgGoOvOkzP9iCy9YUBc9q/SNnflRWPO
sMVrjec0vc6ffthu2xBdigBXhL7x2bphWzTXf2T067k+JOdoh5EGney6LhQzcp8m
YCTENStCR+L/5XwrvNgRBnoXe4e0ZHet1CcCuBCBvSmsPHp5ml21ahsephnHx+rl
JNGtzulnNP07RyfzQcpCNFH7W4lXzqM=
=jrWY
-----END PGP PUBLIC KEY BLOCK-----
phew!!! ...so ..that's it :D

NotionCommotion 06-17-2013 04:08 PM
Thanks! Makes sense. This is a brand new installation, and this was the first time the repository was used.


All times are GMT -5. The time now is 06:31 PM.