Public key issue with Roundcubemail Addressbook Plugin



  • I have the same problem on RHEL7:

    warning: /var/cache/yum/x86_64/7Server/Kolab_16/packages/roundcubemail-plugin-kolab_addressbook-assets-3.3.6-2.3.el7.kolab_16.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID 0038d0db: NOKEY

    Public key for roundcubemail-plugin-kolab_addressbook-assets-3.3.6-2.3.el7.kolab_16.noarch.rpm is not installed

    I could not install the latest updates. Help needed.

    < added a little later >
    I fixed it the dirty way:
    yum --nogpg update

    everything was updated (but without Public Key check)



  • @hobby-user

    Thank you hobby-user for the workaround.
    I don't feel happy overriding the security implementation, but if there's no alternative I will follow your example.



  • It's never a great idea to circumvent signatures, give it time before updating, they will get it sorted out.



  • @mudmanc4
    You are right, this was a temporary workaround.

    I have a new solution. This works for me (RHEL_7). Please correct me, if I am wrong with this procedure.

    edit: Kolab:16.repo in /etc/yum.repos.d
    [Kolab_16]
    name=Kolab 16: Stable Release (RHEL_7)
    type=rpm-md
    baseurl=http://obs.kolabsys.com/repositories/Kolab:/16/RHEL_7/

    add the next line

    gpgkey=http://obs.kolabsys.com/repositories/Kolab:/16/RHEL_7/repodata/repomd.xml.key
    gpgcheck=1
    enabled=1
    priority = 60

    Next a test and reinstall roundcubemail-plugin-pdfviewer.noarch from Kolab repo. After importing the key, yum will not ask again for it.

    [root@thales rpm-gpg]# yum reinstall roundcubemail-plugin-pdfviewer.noarch
    Geladene Plugins: langpacks, priorities, product-id, search-disabled-repos, subscription-manager
    Kolab_16 | 1.5 kB 00:00:00
    108 packages excluded due to repository priority protections
    Abhängigkeiten werden aufgelöst
    --> Transaktionsprüfung wird ausgeführt
    ---> Paket roundcubemail-plugin-pdfviewer.noarch 0:3.3.6-2.3.el7.kolab_16 markiert, um reinstalliert zu werden
    --> Abhängigkeitsauflösung beendet

    Abhängigkeiten aufgelöst

    ============================================================================================================================================================
    Package Arch Version Paketquelle Größe

    Neuinstallieren:
    roundcubemail-plugin-pdfviewer noarch 3.3.6-2.3.el7.kolab_16 Kolab_16 26 k

    Transaktionsübersicht

    Neu installieren 1 Paket

    Gesamtgröße: 26 k
    Installationsgröße: 26 k
    Is this ok [y/d/N]: y
    Downloading packages:
    Warnung: /var/cache/yum/x86_64/7Server/Kolab_16/packages/roundcubemail-plugin-pdfviewer-3.3.6-2.3.el7.kolab_16.noarch.rpm: Header V3 RSA/SHA1 Signature, Schlüssel-ID 0038d0db: NOKEY
    Schlüssel wird von http://obs.kolabsys.com/repositories/Kolab:/16/RHEL_7/repodata/repomd.xml.key geholt
    GPG-Schlüssel 0x0038D0DB importieren:
    Benutzerkennung : "Kolab Package Signing (Community Packages) devel@lists.kolab.org"
    Fingerabdruck: a21e 9661 1060 cf0b 4df1 1e64 a01d 0ca8 0038 d0db
    Von : http://obs.kolabsys.com/repositories/Kolab:/16/RHEL_7/repodata/repomd.xml.key
    Ist dies in Ordnung? [j/N] :y
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
    Installieren : roundcubemail-plugin-pdfviewer-3.3.6-2.3.el7.kolab_16.noarch 1/1
    Überprüfung läuft: roundcubemail-plugin-pdfviewer-3.3.6-2.3.el7.kolab_16.noarch 1/1

    Installiert:
    roundcubemail-plugin-pdfviewer.noarch 0:3.3.6-2.3.el7.kolab_16

    Komplett!





  • @hobby-user

    Thank you very much for your proposal!
    It worked for me without issues!



  • Is there any "official" news that Kolab is rolling out a new GPG key?

    I'm not willing to install a new key without any kind of information that this is the official key and the packages aren't manipulated by 3rd party.

    What makes me also a little bit upset is that in the comment of the original key is the phrase "key without passphrase", which doesn't make me feel good using Kolab.

    [root@mail ~]# rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'                                                                               
    gpg-pubkey-f4a80eb5-53a7ff4b    gpg(CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>)
    gpg-pubkey-446d5a45-53f490b1    gpg(Kolab Development Coordination Mailing List <devel@lists.kolab.org>)
    gpg-pubkey-352c64e5-52ae6884    gpg(Fedora EPEL (7) <epel@fedoraproject.org>)
    gpg-pubkey-420c4b8b-521f679f    gpg(private OBS (key without passphrase)     <defaultkey@localobs>)
    [root@mail ~]# rpm -qi gpg-pubkey-420c4b8b-521f679f
    Name        : gpg-pubkey
    Version     : 420c4b8b
    Release     : 521f679f
    Architecture: (none)
    Install Date: Sa 26 Mai 2018 11:18:18 CEST
    Group       : Public Keys
    Size        : 0
    License     : pubkey
    Signature   : (none)
    Source RPM  : (none)
    Build Date  : Do 29 Aug 2013 17:24:15 CEST
    Build Host  : localhost
    Relocations : (not relocatable)
    Packager    : private OBS (key without passphrase) <defaultkey@localobs>
    Summary     : gpg(private OBS (key without passphrase) <defaultkey@localobs>)
    Description :
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: rpm-4.11.3 (NSS-3)
    
    mQGiBFIfZ58RBADxhOUSLnSeQgLtCE8DglIT80JIbb9+NdEKHzYz6zou5AjlskfK
    WbwMzbOKpIvbAhkW+uDviCPG1iNkHhM0kaM+dS4dxlfTMCeWPrgniqFF6LQPIoFs
    U4x449Gb52cBDi3Ael0SNLVtAiCu8Hz3YYY6+KaoCR+fCfAiwnjp6/Q3rwCgxHMI
    1qlvksZaYg3sw9pUMvhS2YMEAKnjsh9IpMzHj64ozHC/cPX4YDYpAaYCgbOSDunI
    kjpMx9Lk7qkMGMO/RdfsKjJgXCVuOx28Tm01w1QdYbThiKnkL962/YGqtv25vNcV
    /hsBZ/PkjVTdEZlshVaLXM0dq+sMjFSXBWWEgti961fy17OvtpaCVm5sLINscTKf
    BvVZA/4mEqvzFJlM5oXlXs8KBNm4KeZPHOnLh7NO/UMvX9HqOf4pnAMMToy2yQho
    hmklWJ+34VhIE5aZFdrwFR1iEUf69ydxCAdJp/JiaMHJ3kKB3SeBskNZwwnu7T2q
    CBTNNydhleL3TlD/+ETiHhs563n/UNTkBHBdOvGxenlGSfU0wLQ6cHJpdmF0ZSBP
    QlMgKGtleSB3aXRob3V0IHBhc3NwaHJhc2UpIDxkZWZhdWx0a2V5QGxvY2Fsb2Jz
    PohjBBMRAgAjBQJSH2efAhsjBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQ
    Rs1huUIMS4sx+QCgrYCnBBlHaSpsncsPweaVVVF3JjMAn1ZMFFaFnQQ3+/ma0KzM
    lulmUOXyuQENBFIfZ58QBACnQjOaOci43v3lHKxyaomNE732s6FOFj7lboWCIckB
    G/6POQtdJGuDrPbEPZQbKuFiLKzV3BCAzQRsC3/QAS6MzUYiHQAsLmSkpSA8Db3I
    5PKdpA6eqZEczxIcpYX5IJZ+XIweHP3QLlmX/UosLTrpkPjRodZtNkQwH9NGZrXW
    vwADBwP+MCpVXaRC2w9wC0Q1GEc3lqJAFrjP8QQYRoU0/h5BeN/lnJz1liPICr0t
    kt0dGazRHIdI0xcGW+UtBNTOEGNhN6Tt7daN5kpO9HTduXkd2e7V730tom+NHCOR
    rZDtMsxF/h3nU+uU/aVcVzgbv7zp5BtdAlOdd4KMXZTWQn8btgSISQQYEQIACQUC
    Uh9nnwIbDAAKCRBGzWG5QgxLi9smAJ41m16xs42UxidoscBGnj+iHUeP0wCdGB/F
    P49cEnJVvsA1UFFtWBUhTTg=
    =6/Kn
    -----END PGP PUBLIC KEY BLOCK-----


  • @hobby-user my issue came in the form roundcubemail-plugin-kolab_tags-skin-larry-3.3.6-2.6.el7.kolab_16.noarch.rpm

    warning: /var/cache/yum/x86_64/7/Kolab_16/packages/roundcubemail-plugin-kolab_tags-skin-larry-3.3.6-2.6.el7.kolab_16.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID 0038d0db: NOKEY

    Public key for roundcubemail-plugin-kolab_tags-skin-larry-3.3.6-2.6.el7.kolab_16.noarch.rpm is not installed

    Thanks adding the gpgkey worked.



  • what I have done, was

    yum clean all

    rpm --import http://obs.kolabsys.com/repositories/Kolab:/16/CentOS_7/repodata/repomd.xml.key

    and vim /etc/yum.repos.d/Kolab:16.repo

    [Kolab_16]
    name=Kolab 16: Stable Release (CentOS_7)
    type=rpm-md
    baseurl=http://obs.kolabsys.com/repositories/Kolab:/16/CentOS_7/
    gpg=http://obs.kolabsys.com/repositories/Kolab:/16/CentOS_7/repodata/repomd.xml.key
    gpgcheck=1
    enabled=1
    priority = 60

    then do "yum update"

    after that, I could update without asking key again


Log in to reply