Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] GPG key issue when upgrading condor-classads from 8.8 to 9.0.1

Hi Bryce,


Our release manager is out today so he may have a better answer when he gets back, but I can provide a workaround.


Starting with the 9.0 series, we have been signing our RPMs (and DEBs) with a different key per release series. Check if you have a copy of the 9.0 key in /etc/pki/rpm-gpg/RPM-GPG-KEY-HTCondor-9.0. If not, you can obtain a copy of the current key from https://research.cs.wisc.edu/htcondor/repo/keys/HTCondor-9.0-Key; download that file to the aforementioned location.


Find the .repo file in /etc/yum.repos.d that provides the definition for the LIGO_LCS-Stack_HTCondor repo, and add file:///etc/pki/rpm-gpg/RPM-GPG-KEY-HTCondor-9.0 to the gpgkey= line (you can list multiple space-separated GPG key files in there).


Give that a shot; let us know how it goes.


Thanks,

-Mat


On 6/25/21 11:32 AM, Cousins, Bryce S wrote:
Hello,

I administer one of the LIGO HTCondor sites and I'm testing out the upgrade from 8.8 to 9.0. When doing yum upgrade condorâ on a test server, it appears that there is a missing GPG key when updating condor-classads [1], although the key is installed properly [2]. The other condor*9.0.1 packages don't have this issue.

I checked our RPM-GPG-KEY-HTCondor fingerprint and content with what's provided atÂhttps://research.cs.wisc.edu/htcondor/yum/RPM-GPG-KEY-HTCondor, and there are no differences.

It seems that there is another GPG key (RPM-GPG-KEY-HTCondor-9.0) in our yum cache [3], could this be part of the problem? There doesn't appear to be a corresponding key available on HTCondor (I naively checked https://research.cs.wisc.edu/htcondor/yum/RPM-GPG-KEY-HTCondor-9.0). Any ideas on resolving the install without --nogpgcheck ?

Thank you,
Bryce


[1]:
# yum update condor
Loaded plugins: product-id, search-disabled-repos, subscription-manager
<snip>
Dependencies Resolved

============================================================================================================================================================================================================
ÂPackage                      Arch                  ÂVersion                      Repository                        ÂSize
============================================================================================================================================================================================================
Updating:
Âcondor                      Âx86_64                 Â9.0.1-1.el7                    LIGO_LSC-Stack_HTCondor                 Â6.8 M
Installing for dependencies:
Âcondor-boinc                   Âx86_64                 Â7.16.16-1.el7                   LIGO_LSC-Stack_HTCondor                  73 k
Âcondor-externals                 Âx86_64                 Â9.0.1-1.el7                    LIGO_LSC-Stack_HTCondor                  54 k
Updating for dependencies:
Âblahp                       x86_64                 Â2.0.1-1.el7                    LIGO_LSC-Stack_HTCondor                 Â300 k
Âcondor-classads                  x86_64                 Â9.0.1-1.el7                    LIGO_LSC-Stack_HTCondor                 Â275 k
Âcondor-procd                   Âx86_64                 Â9.0.1-1.el7                    LIGO_LSC-Stack_HTCondor                 Â148 k
Âpython2-condor                  Âx86_64                 Â9.0.1-1.el7                    LIGO_LSC-Stack_HTCondor                 Â654 k
Âpython3-condor                  Âx86_64                 Â9.0.1-1.el7                    LIGO_LSC-Stack_HTCondor                 Â702 k

Transaction Summary
============================================================================================================================================================================================================
Install       ( 2 Dependent packages)
Upgrade Â1 Package Â(+5 Dependent packages)

Total size: 9.0 M
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/LIGO_LSC-Stack_HTCondor/packages/condor-classads-9.0.1-1.el7.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 748e8328: NOKEY
Retrieving key from https://foreman01.gwave.ics.psu.edu/katello/api/repositories/96/gpg_key_content

The GPG keys listed for the "HTCondor" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.

ÂFailing package is: condor-classads-9.0.1-1.el7.x86_64
ÂGPG Keys are configured as: https://foreman01.gwave.ics.psu.edu/katello/api/repositories/96/gpg_key_content


[2]:
# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' | grep -i condor
gpg-pubkey-670079f6-52a8bd93 --> gpg(Tim Theisen (HTCondor Release Manager) <tim@xxxxxxxxxxx>)

[3]:

[root@comp-ex-0186 bfc5288]# grep -R 'RPM-GPG-KEY-HTCondor-9.0' /var/cache/yum/x86_64/7/
/var/cache/yum/x86_64/7/LIGO_LSC-Stack_HTCondor/gen/primary.xml: Â<file>/etc/pki/rpm-gpg/RPM-GPG-KEY-HTCondor-9.0</file>



-----

Bryce Cousins

LIGO R&D Engineer

Penn State Institute for Computational and Data Sciences

bfc5288@xxxxxxx

317-721-4236


_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/