Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-973

invalid GPG signatures on redhat stable packages

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Component/s: www
    • Labels:
      None
    • Similar Issues:

      Description

      I am unable to install packages on Centos 7 with gpgcheck enabled due to invalid GPG signatures on at least 2.7.4 and 2.19.2.

      $ sudo yum install jenkins
      Loaded plugins: fastestmirror
      Loading mirror speeds from cached hostfile
       * base: mirror.symnds.com
       * epel: mirror.symnds.com
       * extras: mirror.cogentco.com
       * updates: mirror.net.cen.ct.gov
      Resolving Dependencies
      --> Running transaction check
      ---> Package jenkins.noarch 0:2.19.2-1.1 will be installed
      --> Finished Dependency Resolution
      
      Dependencies Resolved
      
      =====================================================================================
       Package            Arch              Version               Repository          Size
      =====================================================================================
      Installing:
       jenkins            noarch            2.19.2-1.1            jenkins             66 M
      
      Transaction Summary
      =====================================================================================
      Install  1 Package
      
      Total download size: 66 M
      Installed size: 67 M
      Is this ok [y/d/N]: y
      Downloading packages:
      Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
      warning: /var/cache/yum/x86_64/7/jenkins/packages/jenkins-2.19.2-1.1.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID d50582e6: NOKEY
      Public key for jenkins-2.19.2-1.1.noarch.rpm is not installed
      jenkins-2.19.2-1.1.noarch.rpm                                 |  66 MB  00:00:02     
      Retrieving key from http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Importing GPG key 0xD50582E6:
       Userid     : "Kohsuke Kawaguchi <kk@kohsuke.org>"
       Fingerprint: 150f de3f 7787 e7d1 1ef4 e12a 9b7d 32f2 d505 82e6
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0x2376BFC7:
       Userid     : "Stephen Connolly (personal) <stevo@one-dash.com>"
       Fingerprint: 8a53 9937 85ef 0c35 634d 7a51 580e 8ad9 2376 bfc7
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0xDC743A19:
       Userid     : "Stephen Connolly (VCC Release Signing) <stephen.alan.connolly@gmail.com>"
       Fingerprint: 75b8 3534 d778 d292 05b7 9222 c03b 9eb0 dc74 3a19
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0xB7A2F5C0:
       Userid     : "Virtual Computer Control Project (java.net) <announce@vcc.dev.java.net>"
       Fingerprint: e097 c9d2 18f8 7929 4da9 fbad 2834 45ba b7a2 f5c0
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0xAF5EC452:
       Userid     : "Dennis Lundberg (CODE SIGNING KEY) <dennisl@apache.org>"
       Fingerprint: b920 d295 bf0e 61cb 4cf0 896c 33cd 6733 af5e c452
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0x4A2F92BB:
       Userid     : "CloudBees, Inc. <engineering@cloudbees.com>"
       Fingerprint: 64fe 12b4 6343 4b13 fbb5 c187 b6a6 99a4 4a2f 92bb
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0xB620D787:
       Userid     : "Stephen Connolly <stephenc@apache.org>"
       Fingerprint: 042b 29e9 2899 5b9d b963 c636 c7ca 19b7 b620 d787
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0x3F51E16F:
       Userid     : "R. Tyler Croy (Primary GnuPG key) <tyler@monkeypox.org>"
       Fingerprint: 9062 865a 46e8 c749 2bf1 88d7 1426 c7dc 3f51 e16f
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0x6E33EEFA:
       Userid     : "Jenkins project CLA (Used to encrypt Jenkins CLA papers) <jenkinsci-board@googlegroups.com>"
       Fingerprint: 6700 1114 1555 fcf3 99f3 9b7b fc59 c362 6e33 eefa
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0x4B624311:
       Userid     : "Jesse Glick <jglick@codehaus.org>"
       Fingerprint: 618c a586 a048 52de 7bce 1c58 1dda 69d9 4b62 4311
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0xE8101D5A:
       Userid     : "Caleb Tennis <caleb.tennis@gmail.com>"
       Fingerprint: 9941 3f98 1175 3c5e b28a 09ac 5ef1 d39c e810 1d5a
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0x47EAF7F3:
       Userid     : "Operating system distro security contacts <distros@vs.openwall.org>"
       Fingerprint: b217 afa7 a294 9376 3c96 4330 d6ce 4cae 47ea f7f3
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0x68771A01:
       Userid     : "Jenkins Release Process (For signing Jenkins releases) <jenkinsci-board@googlegroups.com>"
       Fingerprint: e117 f441 30bf ecc8 172a ee9a ce90 5869 6877 1a01
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0xAF9AF9AC:
       Userid     : "MITRE CVE Numbering Authority <cve-assign@mitre.org>"
       Fingerprint: 9f4d 81b7 60e2 20d7 8a86 fe9f a965 5407 af9a f9ac
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0x9CB33414:
       Userid     : "Ryan Campbell <ryan.campbell@gmail.com>"
       Fingerprint: 824f 9b93 f9e5 07cc 449b 6763 b847 92a7 9cb3 3414
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0xEC8C9492:
       Userid     : "Keybase.io Merkle Signing (v1) <merkle@keybase.io>"
       Fingerprint: 03e1 46cd af81 3668 0ad5 6691 2a32 340c ec8c 9492
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0xFFE2CC0B:
       Userid     : "Ben Walding <ben@walding.com>"
       Fingerprint: 78db c03e a153 1ca3 7d79 e448 f610 8786 ffe2 cc0b
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      Importing GPG key 0x2511645D:
       Userid     : "Seahorse <shiori@shiori.us>"
       Fingerprint: 23ad 7aa3 19e8 09b4 b8ce 1f56 534f 9667 2511 645d
       From       : http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      Is this ok [y/N]: y
      
      
      Public key for jenkins-2.19.2-1.1.noarch.rpm is not installed
      
      
       Failing package is: jenkins-2.19.2-1.1.noarch
       GPG Keys are configured as: http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
      

        Attachments

          Issue Links

            Activity

            Hide
            rtyler R. Tyler Croy added a comment -

            Yep, I'm working on this right now, looks like the wrong set of keys were exported for me

            Show
            rtyler R. Tyler Croy added a comment - Yep, I'm working on this right now , looks like the wrong set of keys were exported for me
            Hide
            jhoblitt Joshua Hoblitt added a comment -

            Is https://ci.jenkins-ci.org/ setup to use the docker pipeline plugin? Might be worth having a job to test installation from the yum repos.

            Show
            jhoblitt Joshua Hoblitt added a comment - Is https://ci.jenkins-ci.org/ setup to use the docker pipeline plugin? Might be worth having a job to test installation from the yum repos.
            Hide
            rtyler R. Tyler Croy added a comment -

            Joshua Hoblitt, fwiw, I've added some tests to jenkins-infra/acceptance-tests which are running hourly on ci.jenkins.io

            Show
            rtyler R. Tyler Croy added a comment - Joshua Hoblitt , fwiw, I've added some tests to jenkins-infra/acceptance-tests which are running hourly on ci.jenkins.io
            Hide
            jhoblitt Joshua Hoblitt added a comment - - edited

            I looked briefly and they look reasonable to me. Prompt me next time to write the tests...

            Show
            jhoblitt Joshua Hoblitt added a comment - - edited I looked briefly and they look reasonable to me. Prompt me next time to write the tests...

              People

              Assignee:
              rtyler R. Tyler Croy
              Reporter:
              jhoblitt Joshua Hoblitt
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: