warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, ke

[stevenfoo]

While performing yum update for veeam agent we are encountering the following error. Previously we don't have any issue.
This is just today we notice this error. Other package is running fine.

warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID efdcea77: NOKEY
Retrieving key from http://repository.veeam.com/keys/RPM-GP ... ftwareRepo
Retrieving key from file:///etc/pki/rpm-gpg/VeeamSoftwareRepo


GPG key signature on key http://repository.veeam.com/keys/RPM-GP ... reRepo.asc does not match CA Key for repo: veeam

Server version: CentOS release 6.9 (Final)

Please help.

[PTide]

Hi,

Kindly get the updated version of veeam-release package from the website or from the repository.

Thanks

[SebCharp]

I got the same issue. The problem is due to the missing GPG signature in the VEEAM update package.
Sot, this should do the trick:
yum update --nogpgcheck veeam-release-el6

If you want to update the RPM package, you will get the same problem (NOKEY), so for rpm update you must run this command:
rpm -Uvh --nosignature veeam-release-el6-1.0.5-1.x86_64.rpm

Seb

[PTide]

Hi,

That's right - the repository signature has changed, so you have to either import new signature manually, or download the updated package from the repository using wget and install it.

Thanks

[SebCharp]

I tried the following command on our both compute servers (RHEL6.9):

Code: Select all

yum update --nogpgcheck veeam-release-el6

It just worked fine.

[hajek]

@PTide
Of the keys listed at http://repository.veeam.com/keys/ can you specify which one(s) are the correct ones or if that is not the correct location for keys can you specify the correct location? Are the keys the same for EL6 and EL7?
On my systems I see the following 2 keys:
rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' |grep -i veeam
gpg-pubkey-8aaddc66-57342db2gpg(Veeam Software Repository key for RPM <support@veeam.com>)
gpg-pubkey-fbf8a590-572c831egpg(Veeam Software Repository key <support@veeam.com>)
Are those then safe to remove?
thanks

[SebCharp]

@PTide
Of the keys listed at http://repository.veeam.com/keys/ can you specify which one(s) are the correct ones or if that is not the correct location for keys can you specify the correct location? Are the keys the same for EL6 and EL7?
On my systems I see the following 2 keys:
rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' |grep -i veeam
gpg-pubkey-8aaddc66-57342db2gpg(Veeam Software Repository key for RPM <support@veeam.com>)
gpg-pubkey-fbf8a590-572c831egpg(Veeam Software Repository key <support@veeam.com>)
Are those then safe to remove?
thanks

Did you try this:

Code: Select all

yum update --nogpgcheck veeam-release-el6

[PTide]

Well, although that will work too, it might be not allowed by certain security rules. To import GPG key on CentOS you have to do the following:

Code: Select all

rpm --import http://repository.veeam.com/keys/RPM-EFDCEA77

Older keys are safe to be removed.

Thanks

[hajek]

Thanks,
I was able to remove the old keys, add the new one and then update.

Code: Select all

sudo rpm -ev gpg-pubkey-8aaddc66-57342db2
sudo rpm -ev gpg-pubkey-fbf8a590-572c831e
sudo rpm --import http://repository.veeam.com/keys/RPM-EFDCEA77
sudo yum update

[SebCharp]

I learn one more thing today.
Thanks to both of you.

[markhensler]

I'm still getting errors on SLES 11 SP4. Any advice?

Code: Select all

hostname:~/veeam # rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' |grep -i veeam
hostname:~/veeam # rpm --import http://repository.veeam.com/keys/RPM-EFDCEA77
hostname:~/veeam # rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' |grep -i veeam
gpg-pubkey-efdcea77-5ae2e3dc    gpg(Veeam Software RPM Repository <support@veeam.com>)
cxprod:~/veeam # rpm -q veeam*
package veeam-release-SLE_11_SP4-1.0.5-1.noarch.rpm is not installed
hostname:~/veeam # zypper install veeamsnap-kmp-default
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following NEW package is going to be installed:
  veeamsnap-kmp-default

The following package is not supported by its vendor:
  veeamsnap-kmp-default

1 new package to install.
Overall download size: 80.0 KiB. After the operation, additional 468.0 KiB will be used.
Continue? [y/n/? shows all options] (y): y
Retrieving package veeamsnap-kmp-default-2.0.0.400_3.0.101_63-2.1.x86_64 (1/1), 80.0 KiB (468.0 KiB unpacked)
Retrieving: veeamsnap-kmp-default-2.0.0.400_3.0.101_63-2.1.x86_64.rpm [done]
Installing: veeamsnap-kmp-default-2.0.0.400_3.0.101_63-2.1 [error]
Installation of veeamsnap-kmp-default-2.0.0.400_3.0.101_63-2.1 failed:
(with --nodeps --force) Error: Subprocess failed. Error: RPM failed: error: /var/cache/zypp/packages/veeam/x86_64/veeamsnap-kmp-default-2.0.0.400_3.0.101_63-2.1.x86_64.rpm: Header V4 RSA/SHA1 signature: BAD, key ID efdcea77
error: /var/cache/zypp/packages/veeam/x86_64/veeamsnap-kmp-default-2.0.0.400_3.0.101_63-2.1.x86_64.rpm cannot be installed


Abort, retry, ignore? [a/r/i] (a):

[PTide]

Hi and sorry for the delay,

It seems that rpm and gpg used in SLES 11 do not support the singature that we use for our packages. You need to use gpg v2.0.22 wich requires libc.so.6 to work. We will update the packages on the repository shortly so that you'll be able to install them onto SLES 11. Another option would be to just ingore the signature and force installation without signature check.

Thank you

[markhensler]

Sorry for the delayed update. But, I wanted to post the solution to my ticket #03011988 in case any other SLES 11 users find this thread.

first download required packages from repository.veeam.com to this machine:
veeam-2.0.0.400-1.sles11.x86_64.rpm
veeamsnap-kmp-default-2.0.0.400_3.0.101_63-2.1.x86_64.rpm

then install the packages invoking rpm with the following options:

Code: Select all

rpm --nosignature -ivh veeam-2.0.0.400-1.sles11.x86_64.rpm