Enterprise Recon 2.10.0
GPG Keys (RPM Packages)
On ER 2.0.19 and later, installing Agent RPM packages on hosts that use RPM package managers will display a NOKEY warning.
This section covers the following topics:
- NOKEY Warning
- Remove the NOKEY Warning
- Download the Ground Labs GPG Public Key
- Verify the GPG Public Key
- Import the GPG Public Key
- Bad GPG Signature Error
NOKEY Warning
RPM packages from ER 2.0.19 and above are signed with a GPG key. This causes the rpm command to display a NOKEY warning when installing or upgrading ER 2.0.19 RPM packages.
rpm -i ./er2-2.0.19-linux26-x64-9277.rpm
# Displays output similar to:
# warning: er2-2.0.19-linux26-x64-9277.rpm: Header V4 RSA/SHA1 Signature, key ID c40aaef5: NOKEY
Despite the warning, you can still install RPM packages. It does not affect normal operation of ER2.
Remove the NOKEY Warning
The instructions below assume that you are installing the Node Agent RPM package onto hosts that use RPM package managers.
Before installing the ER2 Agent RPM package:
- Download the Ground Labs GPG Public Key.
- Import the GPG Public Key into the rpm list of trusted keys.
Download the Ground Labs GPG Public Key
You can download the Ground Labs GPG public key from either the Ground Labs Updates server or the Master Server.
From the Ground Labs Update Server
The Ground Labs GPG public key can be downloaded from the Ground Labs Update server at https://repo.groundlabs.com/gpg/RPM-GPG-KEY-GroundLabs.
To download the public key through the command line, run:
curl -o ./RPM-GPG-KEY-GroundLabs https://repo.groundlabs.com/gpg/RPM-GPG-KEY-GroundLabs
From the Master Server
Where Internet access or access to the Ground Labs updates server is not available, you can download the public key directly from the Master Server if you have installed the Master Server appliance from the ER2 ISO.
To Download the Public Key From the Command Line
In the command line of the Agent host, run as root:
# Where er-master is the hostname or IP address of the Master Server.
curl -o ./RPM-GPG-KEY-GroundLabs https://er-master/keys/RPM-GPG-KEY-GroundLabs
To Download the Public Key Through SSH
Log in to the Master Server.
-
On the Master Server console, start the SSHD service. Run as root:
# Starts the SSH server on the Master Server. service sshd start
-
On the Master Server console, start the SSHD service. Run as root:
# Connects to the Master Server via SSH and transfers 'RPM-GPG-KEY-GroundLabs' to the current working directory. # Where er-master is the host name or IP address of the Master Server. scp root@er-master:/etc/pki/rpm-gpg/RPM-GPG-KEY-GroundLabs ./
Verify the GPG Public Key
To check the authenticity of the GPG public key you have downloaded, run the following command:
gpg --show-keys --fingerprint ./RPM-GPG-KEY-GroundLabs
Verify that the output of the above command is similar to:
pub rsa2048 2016-12-14 [SC]
0BEC 1168 0D1E 6196 B4BC 7879 F2BB D90C C40A AEF5
uid Ground Labs <support@groundlabs.com>
sub rsa2048 2016-12-14 [E]
Import the GPG Public Key
Locate the downloaded GPG public key, and run the following command as root:
rpm --import ./RPM-GPG-KEY-GroundLabs
If the command line displays no errors, the rpm --import command has run successfully. You should no longer see the NOKEY warning when installing RPM packages from ER 2.0.19 and above.
rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} -- %{summary}\n'
Bad GPG Signature Error
Systems running older versions of GnuPG or similar GPG software may encounter the following error when attempting to install Node Agent RPM packages:
error: er2-2.0.21-linux26-rh-x64.rpm: Header V4 RSA/SHA1 signature: BAD, key ID c40aaef5
Node Agent RPM packages are signed with V4 GPG signatures. If your system does not support V4 GPG signatures, you have to skip the signature check when installing the Node Agent.
Skip GPG Signature Check
To skip the signature check when installing the Node Agent, run as root:
rpm -ivh --nosignature er2-2.0.21-linux26-rh-x64.rpm