Receiving "Error: GPG check FAILED" when attempting to download EDR Linux Sensor 7.3.2+
Article ID: 385421
Updated On:
Products
Carbon Black EDR
Issue/Introduction
When an administrator tries to download EDR Linux Sensor using below command:
[root@LINUX ~]# yum install --downloadonly --downloaddir=/tmp cb-linux-sensor-installer-7.3.2.93764-1.noarchUpdating Subscription Management repositories.CarbonBlack 13 kB/s | 3.5 kB 00:00CbOpenSource 35 kB/s | 3.0 kB 00:00CbOpenSource2 91 kB/s | 3.0 kB 00:00Dependencies resolved.=================================================================================================================================================================================================Package Architecture Version Repository Size=================================================================================================================================================================================================Installing:cb-linux-sensor-installer noarch 7.3.2.93764-1 CarbonBlack 278 MTransaction Summary=================================================================================================================================================================================================Install 1 PackageTotal download size: 278 MInstalled size: 278 MYUM will only download packages for the transaction.Is this ok [y/N]: yDownloading Packages:cb-linux-sensor-installer-7.3.2.93764-1.noarch.rpm 22 MB/s | 278 MB 00:12-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Total 21 MB/s | 278 MB 00:13CarbonBlack 5.4 kB/s | 1.7 kB 00:00GPG key at https://yum.distro.carbonblack.io/enterprise/keys/public.asc (0x6AC57704) is already installedThe GPG keys listed for the "CarbonBlack" repository are already installed but they are not correct for this package.Check that the correct key URLs are configured for this repository.. Failing package is: cb-linux-sensor-installer-7.3.2.93764-1.noarchGPG Keys are configured as: https://yum.distro.carbonblack.io/enterprise/keys/public.ascThe downloaded packages were saved in cache until the next successful transaction.You can remove cached packages by executing 'yum clean packages'.Error: GPG check FAILED
When checking the signature status of the download package to /tmp folder, the package shows as not OK
[root@LINUX~]# ls -alt /tmp/cb-linux-sensor-installer-7.3.*-rw-r--r--. 1 root root 291595000 Jan 2 15:20 /tmp/cb-linux-sensor-installer-7.3.2.93764-1.noarch.rpm-rw-r--r--. 1 root root 235965748 Jan 2 14:43 /tmp/cb-linux-sensor-installer-7.3.1.93494-1.noarch.rpm[root@LINUX ~]# rpm -K /tmp/cb-linux-sensor-installer-7.3.*/tmp/cb-linux-sensor-installer-7.3.1.93494-1.noarch.rpm: digests signatures OK/tmp/cb-linux-sensor-installer-7.3.2.93764-1.noarch.rpm: digests SIGNATURES NOT OK
Environment
- Carbon Black EDR Server: All Supported Versions
Cause
Starting with the 7.3.2 Linux sensor release, the sensor uses a new SHA-256 public key Verify Linux 7.1+ Install Files
Resolution
Additional Information
KB article EDR: How can the public key be downloaded for RPM packages (NO KEY)? should be followed for EDR Linux sensor versions prior to 7.3.2
Feedback
Yes
No
Powered by
