I’m seeing trouble in our CI system when we test that it’s possible to install the latest percona-toolkit package using YUM.
Dependencies Resolved
========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Installing:
percona-toolkit x86_64 3.0.13-1.el7 percona-release-x86_64 7.4 M
Installing for dependencies:
perl-DBD-MySQL x86_64 4.023-6.el7 base 140 k
perl-DBI x86_64 1.627-4.el7 base 802 k
perl-Net-Daemon noarch 0.48-5.el7 base 51 k
perl-PlRPC noarch 0.2020-14.el7 base 36 k
Transaction Summary
========================================================================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 8.4 M
Installed size: 9.8 M
Is this ok [y/d/N]: y
Downloading packages:
(1/5): perl-DBD-MySQL-4.023-6.el7.x86_64.rpm | 140 kB 00:00:00
(2/5): perl-Net-Daemon-0.48-5.el7.noarch.rpm | 51 kB 00:00:00
(3/5): perl-PlRPC-0.2020-14.el7.noarch.rpm | 36 kB 00:00:00
(4/5): perl-DBI-1.627-4.el7.x86_64.rpm | 802 kB 00:00:00
warning: /var/cache/yum/x86_64/7/percona-release-x86_64/packages/percona-toolkit-3.0.13-1.el7.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 8507efa5: NOKEY
Public key for percona-toolkit-3.0.13-1.el7.x86_64.rpm is not installed
(5/5): percona-toolkit-3.0.13-1.el7.x86_64.rpm | 7.4 MB 00:00:07
------------------------------------------------------------------------------------------------------------------------
Total 1.2 MB/s | 8.4 MB 00:00:07
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Percona
The GPG keys listed for the "Percona-Release YUM repository - x86_64" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.
Failing package is: percona-toolkit-3.0.13-1.el7.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Percona
According to what I’m seeing here, the signature on the Percona-Release YUM repository doesn’t match the key that signed percona-toolkit. I tried using the PGP key from [URL]https://www.percona.com/downloads/RPM-GPG-KEY-percona[/URL] to validate the package instead, and that doesn’t work either.
Where can I find a trustworthy source for the PGP key that Percona is signing packages with?
Tim