Packaging mistake prevents security updates from being installed
Description
Environment
rpm -qi percona-release
Name : percona-release
Version : 1.0
Release : 26
Architecture: noarch
Install Date: Sat Feb 20 12:33:12 2021
Group : System Environment/Base
Size : 32182
License : GPL-3.0+
Signature : DSA/SHA1, Thu Feb 11 10:48:14 2021, Key ID 1c4cbdcdcd2efd2a
Source RPM : percona-release-1.0-26.src.rpm
Build Date : Thu Feb 11 15:48:11 2021
Build Host : minimal-centos-6-x32-219
Relocations : (not relocatable)
Summary : Package to install Percona GPG key and YUM repo
Description :
percona-release package contains Percona GPG public keys and Percona repository configuration for YUM
rpm -qi gpg-pubkey-8507efa5-5b02c2fb
Name : gpg-pubkey
Version : 8507efa5
Release : 5b02c2fb
Architecture: (none)
Install Date: Sat Feb 20 12:37:54 2021
Group : Public Keys
Size : 0
License : pubkey
Signature : (none)
Source RPM : (none)
Build Date : Mon May 21 15:00:43 2018
Build Host : localhost
Relocations : (not relocatable)
Packager : Percona MySQL Development Team (Packaging key) <mysql-dev@percona.com>
Summary : gpg(Percona MySQL Development Team (Packaging key) <mysql-dev@percona.com>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.14.3 (NSS-3)
mQINBFd0veABEADyFa8jPHXhhX1XS9W7Og4p+jLxB0aowElk4Kt6lb/mYjwKmQ77
9ZKUAvb1xRYFU1/NEaykEl/jxE7RA/fqlqheZzBblB3WLIPM0sMfh/D4fyFCaKKF
k2CSwXtYfhk9DOsBP2K+ZEg0PoLqMbLIBUxPl61ZIy2tnF3G+gCfGu6pMHK7WTtI
nnruMKk51s9Itc9vUeUvRGDcFIiEEq0xJhEX/7J/WAReD5Am/kD4CvkkunSqbhhu
B6DV9tAeEFtDppEHdFDzfHfTOwlHLgTvgVETDgLgTRXzztgBVKl7Gdvc3ulbtowB
uBtbuRr49+QIlcBdFZmM6gA4V5P9/qrkUaarvuIkXWQYs9/8oCd3SRluhdxXs3xX
1/gQQXYHUhcdAWrqS56txncXf0cnO2v5kO5rlOX1ovpNQsc69R52LJKOLA1Kmjca
JNtC+4e+SF2upK14gtXK384z7owXYUA4NRZOEu+UAw7wAoiIWPUfzMEHYi8I3Rsz
EtpVyOQC5YyYgwzIdt4YxlVJ0CUoinvtIygies8LkA5GQvaGJHYG1aQ3i9WDddCX
wtoV1uA4EZlEWjTXlSRc92jhSKut/EWbmYHEUhmvcfFErrxUPqirpVZHSaXY5Rdh
KVFyx9JcRuIQ0SJxeHQPlaEkyhKpTDN5Cw7USLwoXfIu2w0w0W06LdXZ7wARAQAB
tDtQZXJjb25hIERldmVsb3BtZW50IFRlYW0gKFBhY2thZ2luZyBrZXkpIDxpbmZv
QHBlcmNvbmEuY29tPokCNwQTAQgAIQUCWwLC+wIbAwULCQgHAgYVCAkKCwIEFgID
AQIeAQIXgAAKCRCTNKJfhQfvpYf+D/oD7dFS0eXR4OH2g8CACNeTWB2EJ57W0gyL
wko42IjBSOSogB4BMm/3vlk8PefikTU5+Z/fYK3OIJV7kMIEXNfnNzr3QWvafHRR
qGUoTmvP29O5Y4s7oGllIUOlr9gwtSGfHnjtF+WZBhko2uH6KvXBJay28ye4S8sS
zDQdk8RULFN4hfIT4duOjo7Clf4iZtoUX7bVN32NRYH8Ss4IvbdDOAjlzjQa+NgO
SEsDvP3DwRoZQcAIMXngOMlPa/SA87pAcOup/8AvX3i7F7ZfWkKys3jpoSRyt0Ol
InpOrlJqJY4ugSxNkCgz+21kb1EVtIjSY8LAMPzZ5OAiiG0MyOTUyKFhzAkE1Mn3
Cs9TzNjybPlvPGt6CsckjgReL2XQBqITRsmLOwzWguuqduBlPISVoeGUPpEBj7Hv
Ca7p9QbEaXtN5JmlAFLwPTuM4S5IxG5bEXMFECKL45J8F9G/EGs/qO/HSebQsJ/+
i5Ct6gElUwIOaaCUPpWG0qwR2aP4QAndvLsaGN7v6BmtLYw8+n5vjIueFXh/gRyI
8eOIxrCUYhukkdM+YQ0h6Xd+X8FvHdYRGHmW86Ro2HkBqqKyXbab04+769jpzCdM
b0oKzXapU94mKuWZ+fOncshTpUN17neFzb1YIc2kcwb3rQxDJNd7IR3mq+d3yapk
vTYlP7uFk7RGUGVyY29uYSBNeVNRTCBEZXZlbG9wbWVudCBUZWFtIChQYWNrYWdp
bmcga2V5KSA8bXlzcWwtZGV2QHBlcmNvbmEuY29tPokCOQQwAQgAIwUCWwLD2Rwd
IFVzZXIgSUQgaXMgbm8gbG9uZ2VyIHZhbGlkAAoJEJM0ol+FB++lW4UQALX2/ofm
ALXhdC0nlh4X1MJLPpmLjyZKTyK3YNOUJukzGW0LVGIq4SAvPxw4oc4zQ1PCQuUG
oj062Fd4sWF1oGFQBOVUAebnyCOcAE1ybcpw9FhdB6ZGa0hTx1RD9jg+OT8e1u62
XbQyRuLBbbncyIt/lhTcqnCVv14auolAVLuFqiFx5uk2n1x5Y5bs6ABt9Ka0MhYZ
m6Qyhm0kGNYn+AiHEwNgdAboe155zp2augVVDmGS+s+tVD60nnWzZLsZGCCZh2gJ
jyxxXNaIeY7OyaMRQFa3gBVGd7UeJZ1d3MR4nR7wlKMUXSC8a0l+bkgi/sgyAJNg
X3bCiEDRIGxGv/Dgg1/ahKVEch/W0Y+0DyifPzAFtnCBH0c2GJUrU8/c2i1iKhYf
/r/711136Oqd5LDROQGzo4dnzdTs3qEeWdIVkgSwaLUFrw6Kq0tAnZSqHK2WQw3C
1oPdlBMimysOhJnwsmYbtlgRF2/rU7QiuJvMHXqBPfOSHKRcy5hoa5S2+PCe/IXB
Qmod1MlmfsUH6TjwC5SWGFaIm76+ROsiQKie28fAqRLKqeNvuaMqxTsVpYofQZXE
JcSyhwhTcaQxsrYYM+4z8sbdxiIqR7PW6BthsAKCrOr6U53Pm00+yI16Tt7FNcVc
wHl+lRTe/EhDQ93LvbFvB4/Svx/GLdlvdsHaiQI3BBMBCgAhBQJXdL3gAhsDBQsJ
CAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEJM0ol+FB++l4koQAKkrRP+K/p/TGlnq
lbNyS5gdSIB1hxT3iFwIdF9EPZq0U+msh8OY7omV/82rJp4T5cIJFvivtWQpEwpU
jJtqBzVrQlF+12D1RFPSoXkmk6t4opAmCsAmAtRHaXIzU9WGJETaHl57Trv5IPMv
15X3TmLnk1mDMSImJoxWJMyUHzA37BlPjvqQZv5meuweLCbL4qJS015s7Uz+1f/F
siDLsrlE0iYCAScfBeRSKF4MSnk5huIGgncaltKJPnNYppXUb2wt+4X2dpY3/V0B
oiG8YBxV6N7sA7lC/OoYF6+H3DMlSxGBQEb1i9b6ypwZIbG6CnM2abLqO67D3XGx
559/FtAgxrDBX1f63MQKlu+tQ9mOrCvSbt+bMGT6frFopgH6XiSOhOiMmjUazVRB
sXRK/HM5qIk5MK0tGPSgpc5tr9NbMDmp58OQZYQscslKhx0EDDYHQyHfYFS2qodu
RwQG4BgpZm2xjGM/auCvdZ+pxjqy7dnEXvMVf0i1BylkyW4p+oK5nEwY3KHljsRx
uJ0+gjfyj64ihNMSqDX5k38T2GPSXm5XAN+/iazlIuiqPQKLZWUjTOwr2/AA6Azt
U/fmsXV2swz8WekqT2fphvWKUOISr3tEGG+HF1iIY43BoAMHYYOcdSI1ZODZq3Wi
c+zlN1WzPshDB+d3acxeV5JhstvPuQINBFd0veABEACfuHVbey5qG5P6rRhAX2pd
d/f7iwHdcW1+evxCfCR5fHzsO1LRwlHM9GRqlztKzgxzAIfgUXqdMXUs6vW8agfk
u553h8gBqrhdq9NH65/YenzV/Sv9c/EGzsBQurau1RC4gfJ4jgAedu4FQKZvVr//
0NTWuJm3el3orYYz4rLq79avSgD7Q/uK8/j71zgCJixsFzjC8ehRlOtMdetPTY36
zc2LjQSMTSpE7SvEbrk6yDKpQvZabl3dmkEkBvoFpat7x+i3ZtBCzRFTx2rH/9DW
KCO+SuGVBXs8vhLtAvKKjbWGGU9LrmESZcahI6fliH5w28NvpOuJlr8Rn/6jQmJD
DPKO50XKM8hpT6DBqIE99YqYLUzXAKf4Y88FyHvlO6kiVbXaOYz1OTqCWVqjaMYF
biPW6NgDX0hyE9uG0lfNA9P5edqyPSEaTN+kpD9OVqG6R0uPBCFY8u25NrNRhMqI
FQdvI54eEtN0ktFP0FrlFFkg6S+l+3Qsr9sMDKCUVTJ/BkKwqkdhTv5XY4KiIEJQ
jvMKr0vH5lYiPDGX/3KsJL+rxJjA++4Wh40WBLYDSDWSAfCPSokg1lRjOaMDhnH5
YnUeEk6Mhy61DQRsH+xEpeL/F1L06u0Wh+0iXqKXJA4jvU4XwGSkzg3yaablkYnu
n5myhIQYswIdCyEH4Wl3SQARAQABiQIfBBgBCgAJBQJXdL3gAhsMAAoJEJM0ol+F
B++lxqkQAIC7jz1CWt+tbKgutLRFcxexNQZoTAAPTk3OjqqeCLWO1cmHtmjNSXTc
5rpX78vPEYQjzQpAARZxAppAdeJHBzm9Qrfiyo7TW8P0Gf9c9p1mPUtl2g0BNvRU
7zYzgCF1aIwKtS+XO2UdTT56Gy5vaxd1BiTg8J9ytkIGSkuSXSOASeGC5RmN3SaD
6yomVa483k9kVhhSOUzKwYK9f2WgGhI1xxpVF5LbbRhCoEz4ia/TqJoWdH/agul3
4AGWOgPRhMu+FEpb/nons73XTwQtcXiZAe9z4ZltVsSciolgRzPwkXxMmWVMme9Y
ymVCPTrzxPi6nc6npSZzE275m02u86V2htwD2MbSuGmcTdmAPPfXgQ5XM57ELElD
bNA1eN1jZAhzYBLv63X+nNOy6ysuac5Q7ozyBOIpNksLleA0+FzsnYmPlGqzYtnD
6nFglDn898jk/LWkwitL472fh8RRbDYffsXealiy6W2TYKrQl52ajLV7D5PUUS9x
SlAPcdPSuXAzh7GhOKDommWwLfPo0uYN3Xja+AkW135ctz4evCpvZjkBTfog07FG
lumduUK5fHvJYiSyV1P5SKr4722C8jWCo2YcS+IsZgVFFuY1bG6HtiImpP75IM0G
3g1uyd2OhF9nGDSxjp4kKWnUoGdV0P1bUXaAbvXRzlIcx7dOD7tZ
=cTh+
----END PGP PUBLIC KEY BLOCK----
cat /etc/redhat-release
Red Hat Enterprise Linux release 8.4 (Ootpa)
relates to
Smart Checklist
Activity
Evgeniy Patlan August 18, 2021 at 9:53 AM
thanks for your report.
We are in process of changing the gpg sign for packages.
Currently the issue is fixed - thank you for pointing to this.
Yeah the only thing you need to do is to remove cached packages.
Sorry for inconvenience .
Details
Assignee
Evgeniy PatlanEvgeniy PatlanReporter
Oden ErikssonOden ErikssonTime tracking
30m loggedComponents
Affects versions
Priority
Critical
Details
Details
Assignee
Evgeniy PatlanReporter
Oden ErikssonTime tracking
Components
Affects versions
Priority
CriticalSmart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Smart Checklist
Hi,
It's the second time I report this issue or a similar issue and the last time you didn't care much and tried to belittle the problem. I suggest you employ someone with the adequate skills this time to fix the problem permanently. It's not that hard really...
PoC:
yum update
Updating Subscription Management repositories.
Last metadata expiration check: 0:01:10 ago on Wed Aug 18 10:56:21 2021.
Dependencies resolved.
=============================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=============================================================================================================================================================================================================================================
Upgrading:
libsss_autofs x86_64 2.4.0-9.el8_4.2 rhel-8-for-x86_64-baseos-rpms 113 k
libsss_certmap x86_64 2.4.0-9.el8_4.2 rhel-8-for-x86_64-baseos-rpms 150 k
libsss_idmap x86_64 2.4.0-9.el8_4.2 rhel-8-for-x86_64-baseos-rpms 116 k
libsss_nss_idmap x86_64 2.4.0-9.el8_4.2 rhel-8-for-x86_64-baseos-rpms 122 k
libsss_sudo x86_64 2.4.0-9.el8_4.2 rhel-8-for-x86_64-baseos-rpms 111 k
percona-release noarch 1.0-27 prel-release-noarch 20 k
sssd-client x86_64 2.4.0-9.el8_4.2 rhel-8-for-x86_64-baseos-rpms 197 k
sssd-common x86_64 2.4.0-9.el8_4.2 rhel-8-for-x86_64-baseos-rpms 1.6 M
sssd-kcm x86_64 2.4.0-9.el8_4.2 rhel-8-for-x86_64-baseos-rpms 236 k
sssd-nfs-idmap x86_64 2.4.0-9.el8_4.2 rhel-8-for-x86_64-baseos-rpms 111 k
Transaction Summary
=============================================================================================================================================================================================================================================
Upgrade 10 Packages
Total download size: 2.8 M
Is this ok [y/N]: y
Downloading Packages:
(1/10): percona-release-1.0-27.noarch.rpm 114 kB/s | 20 kB 00:00
(2/10): libsss_autofs-2.4.0-9.el8_4.2.x86_64.rpm 328 kB/s | 113 kB 00:00
(3/10): libsss_sudo-2.4.0-9.el8_4.2.x86_64.rpm 315 kB/s | 111 kB 00:00
(4/10): libsss_certmap-2.4.0-9.el8_4.2.x86_64.rpm 462 kB/s | 150 kB 00:00
(5/10): libsss_idmap-2.4.0-9.el8_4.2.x86_64.rpm 569 kB/s | 116 kB 00:00
(6/10): sssd-common-2.4.0-9.el8_4.2.x86_64.rpm 4.3 MB/s | 1.6 MB 00:00
(7/10): sssd-client-2.4.0-9.el8_4.2.x86_64.rpm 841 kB/s | 197 kB 00:00
(8/10): sssd-nfs-idmap-2.4.0-9.el8_4.2.x86_64.rpm 251 kB/s | 111 kB 00:00
(9/10): libsss_nss_idmap-2.4.0-9.el8_4.2.x86_64.rpm 652 kB/s | 122 kB 00:00
(10/10): sssd-kcm-2.4.0-9.el8_4.2.x86_64.rpm 878 kB/s | 236 kB 00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 2.8 MB/s | 2.8 MB 00:01
warning: /var/cache/dnf/prel-release-noarch-583df9cca0e25047/packages/percona-release-1.0-27.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID cd2efd2a: NOKEY
Percona Release release/noarch YUM repository 4.5 MB/s | 4.7 kB 00:00
GPG key at file:///etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY (0x8507EFA5) is already installed
The GPG keys listed for the "Percona Release release/noarch YUM repository" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: percona-release-1.0-27.noarch
GPG Keys are configured as: file:///etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED