Re: [CentOS] Centos 5 yum update needs gpg key import
Quoting Karanbir Singh [EMAIL PROTECTED]: Scott Ehrlich wrote: Media checked fine with both md5sum and sha1sum. I believe I obtained my DVD version from kernel.org, and were obtained within the last couple of months. what does this say : 'rpm -qf /etc/yum.repos.d/CentOS-Base.repo' sudo rpm -qf /etc/yum.repos.d/CentOS-Base.repo centos-release-5-0.0.el5.centos.2 and what does this say : 'rpm -V centos-release' this shows nothing. -- Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 yum update needs gpg key import
Scott R Ehrlich wrote: Quoting Karanbir Singh [EMAIL PROTECTED]: Scott Ehrlich wrote: Media checked fine with both md5sum and sha1sum. I believe I obtained my DVD version from kernel.org, and were obtained within the last couple of months. what does this say : 'rpm -qf /etc/yum.repos.d/CentOS-Base.repo' sudo rpm -qf /etc/yum.repos.d/CentOS-Base.repo centos-release-5-0.0.el5.centos.2 and what does this say : 'rpm -V centos-release' this shows nothing. Before we take this any further ... was the key you imported to a repository other than an official CentOS one. (for example, RPMForge, ATRPMS, etc.). The default CentOS-Base.repo has this line in it: gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 All packages in the official repos should be signed with that key ... if you only have the CentOS Default repos enabled, you should not have been able to install a package that needed updating without yum asking you if you wanted to install that key. If you had to add the CentOS-5 key ... then something is not setup in the default way. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 yum update needs gpg key import
On Thu, 12 Jul 2007, Johnny Hughes wrote: Before we take this any further ... was the key you imported to a repository other than an official CentOS one. (for example, RPMForge, ATRPMS, etc.). The install was from DVD, default packages (I planned to use yum for updates, etc). No other repos added. Straight out of the box. The default CentOS-Base.repo has this line in it: gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 Mine shows it, too. All packages in the official repos should be signed with that key ... if you only have the CentOS Default repos enabled, you should not have been able to install a package that needed updating without yum asking you if you wanted to install that key. If you had to add the CentOS-5 key ... then something is not setup in the default way. So, what is the verdict thus far? Scott ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 yum update needs gpg key import
--- Scott Ehrlich [EMAIL PROTECTED] wrote: On Thu, 12 Jul 2007, Johnny Hughes wrote: Before we take this any further ... was the key you imported to a repository other than an official CentOS one. (for example, RPMForge, ATRPMS, etc.). The install was from DVD, default packages (I planned to use yum for updates, etc). No other repos added. Straight out of the box. The default CentOS-Base.repo has this line in it: gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 Mine shows it, too. All packages in the official repos should be signed with that key ... if you only have the CentOS Default repos enabled, you should not have been able to install a package that needed updating without yum asking you if you wanted to install that key. If you had to add the CentOS-5 key ... then something is not setup in the default way. So, what is the verdict thus far? Scott ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos something really screwy around here! Steven Get your Art Supplies @ www.littleartstore.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 yum update needs gpg key import
On Thu, 12 Jul 2007, Steven Vishoot wrote: http://lists.centos.org/mailman/listinfo/centos something really screwy around here! Steven What do others have to say? Now that I think of it, I also had the same situation occur on a 32-bit install on a laptop from CDs. Again, my preferred source mirrors are either from kernel.org or lbl.gov, so I have no reason to doubt the images were tainted. Also, I know my dns server is very secure from poisoning. And the downloads are within the last few months. So unless I somehow downloaded beta copies, I feel confident they are legit. And the checksums all are ok. Anyone else have insights/thoughts? Thanks. Scott ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 yum update needs gpg key import
On Wednesday 11 July 2007, Scott Ehrlich wrote: I just performed a fresh install of 64-bit Centos 5 on a system, booted fine, then performed a yum update, or at least tried to. Files downloaded, and were about to install, when it complained that the gpg keys could not be found. ...and asked you if you wanted it to add it for you (Y/N) /Peter signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 yum update needs gpg key import
Media checked fine with both md5sum and sha1sum. I believe I obtained my DVD version from kernel.org, and were obtained within the last couple of months. Other insights and ideas welcome. Thanks. Scott On Wed, 11 Jul 2007, Karanbir Singh wrote: hi Scott, Scott Ehrlich wrote: I just performed a fresh install of 64-bit Centos 5 on a system, booted fine, then performed a yum update, or at least tried to. Files downloaded, and were about to install, when it complained that the gpg keys could not be found. I would be slightly concerned about this - your centos install isnt a standard install - which should cause some alarm and maybe point at potential compromised media. I ran into this about a month ago and found a web page showing the path locally to where the keys live, and providing rpm --import /to/the/path. Mechanisms for handling the key are built into yum, the fact that your system didnt come up with that would be further cause for concern. did you sha1sum check the iso's ? did you run the media check on the install media ? -- Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 yum update needs gpg key import
Scott Ehrlich wrote: Media checked fine with both md5sum and sha1sum. I believe I obtained my DVD version from kernel.org, and were obtained within the last couple of months. what does this say : 'rpm -qf /etc/yum.repos.d/CentOS-Base.repo' and what does this say : 'rpm -V centos-release' -- Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 yum update needs gpg key import
On Thu, 12 Jul 2007, Karanbir Singh wrote: Scott Ehrlich wrote: Media checked fine with both md5sum and sha1sum. I believe I obtained my DVD version from kernel.org, and were obtained within the last couple of months. what does this say : 'rpm -qf /etc/yum.repos.d/CentOS-Base.repo' and what does this say : 'rpm -V centos-release' I'll check tomorrow at work, but planning ahead, what should the results be? -- Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
