Enterprise Recon 2.1

GPG Keys (RPM Packages)

On ER 2.0.19 and later, installing Agent RPM packages on hosts that use RPM package managers will display a NOKEY warning.

This section covers the following topics:

NOKEY Warning

RPM packages from ER 2.0.19 and above are signed with a GPG key. This causes the rpm command to display a NOKEY warning when installing or upgrading ER 2.0.19 RPM packages.

rpm -i ./er2-2.0.19-linux26-x64-9277.rpm # Displays output similar to: # warning: er2-2.0.19-linux26-x64-9277.rpm: Header V4 RSA/SHA1 Signature, key ID c40aaef5: NOKEY

Despite the warning, you can still install RPM packages. It does not affect normal operation of ER2.

Remove the NOKEY Warning

The instructions below assume that you are installing the Node Agent RPM package onto hosts that use RPM package managers.

Before installing the ER2 Agent RPM package:

  1. Download the Ground Labs GPG Public Key.
  2. Import the GPG Public Key into the rpm list of trusted keys.

Download the Ground Labs GPG Public Key

You can download the Ground Labs GPG public key from either the Ground Labs Updates server or the Master Server.

From the Ground Labs Update Server

The Ground Labs GPG public key can be downloaded from the Ground Labs Update server at https://updates.groundlabs.com:8843/er/RPM-GPG-KEY-GroundLabs.

To download the public key through the command line, run:

curl -k -o ./RPM-GPG-KEY-GroundLabs https://updates.groundlabs.com:8843/er/RPM-GPG-KEY-GroundLabs

From the Master Server

Where Internet access or access to the Ground Labs updates server is not available, you can download the public key from the Master Server if you have installed the Master Server from a ER 2.0.19 ISO installer (see On ER 2.0.19 and above).

If you have performed a yum update to upgrade your Master Server from ER 2.0.18 and below, see On ER 2.0.18 and below.

On ER 2.0.19 and above

You can download the public key from directly from the Master Server.

To Download the Public Key From the Command Line

In the command line of the Agent host, run as root:

# Where er-master is the hostname or IP address of the Master Server. curl -k -o ./RPM-GPG-KEY-GroundLabs https://er-master/keys/RPM-GPG-KEY-GroundLabs

To Download the Public Key Through SSH

Log into the Master Server.

  1. On the Master Server console, start the SSHD service. Run as root:

    # Starts the SSH server on the Master Server. service sshd start

  2. On the Master Server console, start the SSHD service. Run as root:

    # Connects to the Master Server via SSH and transfers 'RPM-GPG-KEY-GroundLabs' to the current working directory. # Where er-master is the host name or IP address of the Master Server. scp root@er-master:/etc/pki/rpm-gpg/RPM-GPG-KEY-GroundLabs ./

On ER 2.0.18 and below

Master Servers and Agent hosts for ER 2.0.18 and below do not need to install the Ground Labs GPG key.

The Ground Labs GPG key is only available on Master Servers running ER 2.0.19 and above.

If you still want to download the GPG key, obtain it from the Ground Labs update server.

To download the GPG key and make it available on the Master Server, run the following command on the Master Server console as root:

# Downloads the Ground Labs GPG key from the Ground Labs updates server and places it in '/etc/pki/rpm-gpg/' on the Master Server. curl -k -o /etc/pki/rpm-gpg/RPM-GPG-KEY-GroundLabs https://updates.groundlabs.com:8843/er/RPM-GPG-KEY-GroundLabs

The command downloads the public key file from the Ground Labs updates server, and places it in the /etc/pki/rpm-gpg/ folder, where it can be accessed with the following URL: https://er-master/keys/RPM-GPG-KEY-GroundLabs

Other hosts on the network can then download the Ground Labs public key file from the Master Server by running:

# Where er-master is the hostname or IP address of the Master Server. curl -k -o ./RPM-GPG-KEY-GroundLabs https://er-master/keys/RPM-GPG-KEY-GroundLabs

Verify the GPG Public Key

To check the authenticity of the GPG public key you have downloaded, run:

gpg --with-fingerprint ./RPM-GPG-KEY-GroundLabs # Displays output similar to: # pub 2048R/C40AAEF5 2016-12-14 # Key fingerprint = 0BEC 1168 0D1E 6196 B4BC 7879 F2BB D90C C40A AEF5 # uid Ground Labs <support@groundlabs.com> # sub 2048R/929AAFC1 2016-12-14</code>

Import the GPG Public Key

Locate the downloaded GPG public key, and run the following command as root:

rpm --import ./RPM-GPG-KEY-GroundLabs

If the command line displays no errors, the rpm --import command has run successfully. You should no longer see the NOKEY warning when installing RPM packages from ER 2.0.19 and above.

To see a list of all imported GPG public keys, run: rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} -- %{summary}\n'

Bad GPG Signature Error

Systems running older versions of GnuPG or similar GPG software may encounter the following error when attempting to install Node Agent RPM packages:

error: er2-2.0.21-linux26-rh-x64.rpm: Header V4 RSA/SHA1 signature: BAD, key ID c40aaef5

Node Agent RPM packages are signed with V4 GPG signatures. If your system does not support V4 GPG signatures, you have to skip the signature check when installing the Node Agent.

Skip GPG Signature Check

To skip the signature check when installing the Node Agent, run as root:

rpm -ivh --nosignature er2-2.0.21-linux26-rh-x64.rpm