nexus-repository-installer icon indicating copy to clipboard operation
nexus-repository-installer copied to clipboard

Published 20 hours ago verified publisher icon sonatype-nexus-community

debug rpm key file update/install issue, then update Apt package manager key files

Open bhamail opened this issue 2 years ago • 0 comments

Tracking issue for remaining TODO items from PR #28

Well now, that didn't go as planned: Updating the RPM-GPG-KEY-Sonatype.asc leads to the following error when installing in CentOS 9 Stream. Will revert changes to RPM-GPG-KEY-Sonatype.asc for now.

# yum install nexus-iq-server
Sonatype Community                                                        413 kB/s | 474 kB     00:01    
CentOS Stream 9 - BaseOS                                                  3.2 MB/s | 6.0 MB     00:01    
CentOS Stream 9 - AppStream                                               4.7 MB/s |  16 MB     00:03    
CentOS Stream 9 - Extras packages                                          17 kB/s | 9.2 kB     00:00    
Dependencies resolved.
==========================================================================================================
 Package                          Arch        Version                       Repository               Size
==========================================================================================================
Installing:
 nexus-iq-server                  noarch      1.151.0_01-1.el7              sonatype-community      153 M
Installing dependencies:
 copy-jdk-configs                 noarch      4.0-3.el9                     appstream                28 k
 java-1.8.0-openjdk-headless      x86_64      1:1.8.0.352.b08-2.el9         appstream                33 M
 javapackages-filesystem          noarch      6.0.0-3.el9                   appstream                14 k
 lksctp-tools                     x86_64      1.0.19-2.el9                  baseos                   94 k
 lua                              x86_64      5.4.2-7.el9                   appstream               187 k
 lua-posix                        x86_64      35.0-8.el9                    appstream               151 k
 tzdata-java                      noarch      2022g-1.el9                   appstream               230 k

Transaction Summary
==========================================================================================================
Install  8 Packages

Total download size: 187 M
Installed size: 287 M
Is this ok [y/N]: y
Downloading Packages:
(1/8): copy-jdk-configs-4.0-3.el9.noarch.rpm                              303 kB/s |  28 kB     00:00    
(2/8): lksctp-tools-1.0.19-2.el9.x86_64.rpm                               679 kB/s |  94 kB     00:00    
(3/8): javapackages-filesystem-6.0.0-3.el9.noarch.rpm                     206 kB/s |  14 kB     00:00    
(4/8): lua-5.4.2-7.el9.x86_64.rpm                                         1.4 MB/s | 187 kB     00:00    
(5/8): lua-posix-35.0-8.el9.x86_64.rpm                                    1.9 MB/s | 151 kB     00:00    
(6/8): tzdata-java-2022g-1.el9.noarch.rpm                                 2.4 MB/s | 230 kB     00:00    
(7/8): nexus-iq-server-1.151.0_01-1.el7.noarch.rpm                         11 MB/s | 153 MB     00:13    
(8/8): java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el9.x86_64.rpm         2.0 MB/s |  33 MB     00:16    
----------------------------------------------------------------------------------------------------------
Total                                                                      11 MB/s | 187 MB     00:16     
Sonatype Community                                                        4.3 kB/s | 1.7 kB     00:00    
Importing GPG key 0x382A0E3A:
 Userid     : "Sonatype Community PGP <[email protected]>"
 Fingerprint: 8090 0DA1 952D 7C79 68F3 CFD9 8C79 C4D0 382A 0E3A
 From       : https://repo.sonatype.com/repository/community-hosted/pki/rpm-gpg/RPM-GPG-KEY-Sonatype.asc
Is this ok [y/N]: y
Key imported successfully
Import of key(s) didn't help, wrong key(s)?
Public key for nexus-iq-server-1.151.0_01-1.el7.noarch.rpm is not installed. Failing package is: nexus-iq-server-1.151.0_01-1.el7.noarch
 GPG Keys are configured as: https://repo.sonatype.com/repository/community-hosted/pki/rpm-gpg/RPM-GPG-KEY-Sonatype.asc
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED

Helpful commands for rpm key fun in CentOS 9 Stream:

List installed yum keys:

# rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
gpg-pubkey-8483c65d-5ccc5b19	CentOS (CentOS Official Signing Key) <[email protected]> public key
gpg-pubkey-382a0e3a-628566cb	Sonatype Community PGP <[email protected]> public key
gpg-pubkey-0aa4f31a-5d54bfc0	Sonatype Community <[email protected]> public key

Erase a yum key:

# rpm -e gpg-pubkey-0aa4f31a-5d54bfc0

Hold off on the steps below until the above issue is understood.

  • [ ] Update Apt repository signing key with new private key (requires admin access to Nexus repository configuration).
  • [ ] Commit new Apt public key file (comunity-hosted/pki/deb-gpg/DEB-GPG-KEY-Sonatype.asc) to git repository. Should be then be identical to the Rpm public key file (comunity-hosted/pki/rpm-gpg/RPM-GPG-KEY-Sonatype.asc).
  • [ ] Publish this new Apt public key file (comunity-hosted/pki/deb-gpg/DEB-GPG-KEY-Sonatype.asc) to raw hosted repo: https://repo.sonatype.com/repository/community-hosted/pki/deb-gpg/DEB-GPG-KEY-Sonatype.asc.

relates to Issue #27, PR #28

bhamail avatar Dec 13 '22 21:12 bhamail