Not the answer you need?
Register and ask your own question!

YUM repository not signed with Percona's key (key change?)

tim-scalefactorytim-scalefactory EntrantInactive User Role Novice
I'm seeing trouble in our CI system when we test that it's possible to install the latest percona-toolkit package using YUM.
Dependencies Resolved

========================================================================================================================
 Package                      Arch                Version                     Repository                           Size
========================================================================================================================
Installing:
 percona-toolkit              x86_64              3.0.13-1.el7                percona-release-x86_64              7.4 M
Installing for dependencies:
 perl-DBD-MySQL               x86_64              4.023-6.el7                 base                                140 k
 perl-DBI                     x86_64              1.627-4.el7                 base                                802 k
 perl-Net-Daemon              noarch              0.48-5.el7                  base                                 51 k
 perl-PlRPC                   noarch              0.2020-14.el7               base                                 36 k

Transaction Summary
========================================================================================================================
Install  1 Package (+4 Dependent packages)

Total download size: 8.4 M
Installed size: 9.8 M
Is this ok [y/d/N]: y
Downloading packages:
(1/5): perl-DBD-MySQL-4.023-6.el7.x86_64.rpm                                                     | 140 kB  00:00:00    
(2/5): perl-Net-Daemon-0.48-5.el7.noarch.rpm                                                     |  51 kB  00:00:00    
(3/5): perl-PlRPC-0.2020-14.el7.noarch.rpm                                                       |  36 kB  00:00:00    
(4/5): perl-DBI-1.627-4.el7.x86_64.rpm                                                           | 802 kB  00:00:00    
warning: /var/cache/yum/x86_64/7/percona-release-x86_64/packages/percona-toolkit-3.0.13-1.el7.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 8507efa5: NOKEY
Public key for percona-toolkit-3.0.13-1.el7.x86_64.rpm is not installed
(5/5): percona-toolkit-3.0.13-1.el7.x86_64.rpm                                                   | 7.4 MB  00:00:07    
------------------------------------------------------------------------------------------------------------------------
Total                                                                                   1.2 MB/s | 8.4 MB  00:00:07    
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Percona


The GPG keys listed for the "Percona-Release YUM repository - x86_64" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.


 Failing package is: percona-toolkit-3.0.13-1.el7.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Percona

According to what I'm seeing here, the signature on the Percona-Release YUM repository doesn't match the key that signed percona-toolkit. I tried using the PGP key from https://www.percona.com/downloads/RPM-GPG-KEY-percona to validate the package instead, and that doesn't work either.

Where can I find a trustworthy source for the PGP key that Percona is signing packages with?

Tim

Comments

Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.