Description:
The latest update to mysql80-community-release-el8 is not gpg signed at all.
This causes update failures.
[root@localhost tmp]# rpm -qpi ./mysql80-community-release-el8-3.noarch.rpm | grep Signature
Signature : RSA/SHA256, Mon 10 Jan 2022 05:20:47 AM CST, Key ID 467b942d3a79bd29
[root@localhost tmp]# rpm -qpi ./mysql80-community-release-el8-4.noarch.rpm | grep Signature
Signature : (none)
How to repeat:
Start on an EL8 variant server -- I am testing using AlmaLinux 8.5
Install the old version of mysql80-community-release-el8 (which was signed):
dnf install https://repo.mysql.com//mysql80-community-release-el8-3.noarch.rpm
Then, disable the AlmaLinux mysql module to ensure we can use the community repos:
dnf module disable mysql
Install the community server -- and accept the gpg signature during the install:
dnf install mysql-community-server
...
Importing GPG key 0x3A79BD29:
Userid : "MySQL Release Engineering <[email protected]>"
Fingerprint: 859B E8D7 C586 F538 430B 19C2 467B 942D 3A79 BD29
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
Is this ok [y/N]: y
Key imported successfully
MySQL 8.0 Community Server 1.9 MB/s | 1.9 kB 00:00
Importing GPG key 0x5072E1F5:
Userid : "MySQL Release Engineering <[email protected]>"
Fingerprint: A4A9 4068 76FC BD3C 4567 70C8 8C71 8D3B 5072 E1F5
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
Is this ok [y/N]: y
...
This ensures that we have accepted the signing keys.
Then, finally, try to update the mysql80-community-release package to the latest version:
dnf upgrade mysql80-community-release
It will fail with the following:
Package mysql80-community-release-el8-4.noarch.rpm is not signed
Error: GPG check FAILED
Suggested fix:
Ensure that the rpm files are properly signed.
Description: The latest update to mysql80-community-release-el8 is not gpg signed at all. This causes update failures. [root@localhost tmp]# rpm -qpi ./mysql80-community-release-el8-3.noarch.rpm | grep Signature Signature : RSA/SHA256, Mon 10 Jan 2022 05:20:47 AM CST, Key ID 467b942d3a79bd29 [root@localhost tmp]# rpm -qpi ./mysql80-community-release-el8-4.noarch.rpm | grep Signature Signature : (none) How to repeat: Start on an EL8 variant server -- I am testing using AlmaLinux 8.5 Install the old version of mysql80-community-release-el8 (which was signed): dnf install https://repo.mysql.com//mysql80-community-release-el8-3.noarch.rpm Then, disable the AlmaLinux mysql module to ensure we can use the community repos: dnf module disable mysql Install the community server -- and accept the gpg signature during the install: dnf install mysql-community-server ... Importing GPG key 0x3A79BD29: Userid : "MySQL Release Engineering <[email protected]>" Fingerprint: 859B E8D7 C586 F538 430B 19C2 467B 942D 3A79 BD29 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022 Is this ok [y/N]: y Key imported successfully MySQL 8.0 Community Server 1.9 MB/s | 1.9 kB 00:00 Importing GPG key 0x5072E1F5: Userid : "MySQL Release Engineering <[email protected]>" Fingerprint: A4A9 4068 76FC BD3C 4567 70C8 8C71 8D3B 5072 E1F5 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql Is this ok [y/N]: y ... This ensures that we have accepted the signing keys. Then, finally, try to update the mysql80-community-release package to the latest version: dnf upgrade mysql80-community-release It will fail with the following: Package mysql80-community-release-el8-4.noarch.rpm is not signed Error: GPG check FAILED Suggested fix: Ensure that the rpm files are properly signed.