How can the public key be downloaded for RPM packages (NO KEY)?
search cancel

How can the public key be downloaded for RPM packages (NO KEY)?

book

Article ID: 286269

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How can the public key be downloaded when receiving an error message like this for rpm packages on the EDR Server?

warning: /tmp/cb-linux-sensor-installer-6.1.9.10139-1.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID 6ac57704: NOKEY
WARNING: SensorInstallerDirLinux config value not found or empty -- using default value (/usr/share/cb/coreservices/installers/linux)

Environment

  • Carbon Black EDR Server: All Versions
  • Carbon Black EDR Sensor: All Versions
  • Linux: All Supported Versions
  • macOS: All Supported Versions
  • Microsoft Windows: All Supported Versions

Resolution

  1. You can download the cb.asc and public.asc keys directly.  
    curl -SL 'https://yum.distro.carbonblack.io/enterprise/keys/cb.asc' --cert /etc/cb/certs/carbonblack-alliance-client.crt --key /etc/cb/certs/carbonblack-alliance-client.key | gpg --import -

curl -SL 'https://yum.distro.carbonblack.io/enterprise/keys/public.asc' --cert /etc/cb/certs/carbonblack-alliance-client.crt --key /etc/cb/certs/carbonblack-alliance-client.key | gpg --import -

    If this is for an airgapped server, download from your internet facing server into a local file. That file can be brough over to the airgapped server and import it.

    1. Download the public.asc  
      curl -SL 'https://yum.distro.carbonblack.io/enterprise/keys/public.asc' --cert /etc/cb/certs/carbonblack-alliance-client.crt --key /etc/cb/certs/carbonblack-alliance-client.key >> public.asc
    2. Download the cb.asc  
      curl -SL 'https://yum.distro.carbonblack.io/enterprise/keys/cb.asc' --cert /etc/cb/certs/carbonblack-alliance-client.crt --key /etc/cb/certs/carbonblack-alliance-client.key >> cb.asc
    3. Move the files to the airgap server and run the following.  
      gpg --import public.asc
gpg --import cb.asc
  2. Run the rpm install command again. 

Additional Information

  • This will be included in a the Yum repository in a future release
  • Update the /etc/yum.repos.d/CarbonBlack.repo gpgkey if these are missing.  
    gpgkey=https://yum.distro.carbonblack.io/enterprise/keys/public.asc
gpgkey=https://yum.distro.carbonblack.io/enterprise/keys/cb.asc
  • The error message is seen due to gpgcheck being enabled in the yum repo. This is not enabled by default
  • Note: A restart of the services can ingest the sensor package when the default config value is used per the error message

Attachments

public.asc get_app
Powered by Wolken Software