Receiving "Error: GPG check FAILED" when attempting to download EDR Linux Sensor 7.3.2+
search cancel

Receiving "Error: GPG check FAILED" when attempting to download EDR Linux Sensor 7.3.2+

book

Article ID: 385421

calendar_today

Updated On: 03-27-2025

Products

Carbon Black EDR

Issue/Introduction

When an administrator tries to download EDR Linux Sensor using below command:

[root@LINUX ~]#  yum install --downloadonly --downloaddir=/tmp cb-linux-sensor-installer-7.3.2.93764-1.noarch
Updating Subscription Management repositories.
CarbonBlack                                                                                                                                                       13 kB/s | 3.5 kB     00:00
CbOpenSource                                                                                                                                                      35 kB/s | 3.0 kB     00:00
CbOpenSource2                                                                                                                                                     91 kB/s | 3.0 kB     00:00
Dependencies resolved.
=================================================================================================================================================================================================
 Package                                                  Architecture                          Version                                         Repository                                  Size
=================================================================================================================================================================================================
Installing:
 cb-linux-sensor-installer                                noarch                                7.3.2.93764-1                                   CarbonBlack                                278 M

Transaction Summary
=================================================================================================================================================================================================
Install  1 Package

Total download size: 278 M
Installed size: 278 M
YUM will only download packages for the transaction.
Is this ok [y/N]: y
Downloading Packages:
cb-linux-sensor-installer-7.3.2.93764-1.noarch.rpm                                                                                                                22 MB/s | 278 MB     00:12
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                             21 MB/s | 278 MB     00:13
CarbonBlack                                                                                                                                                      5.4 kB/s | 1.7 kB     00:00
GPG key at https://yum.distro.carbonblack.io/enterprise/keys/public.asc (0x6AC57704) is already installed
The GPG keys listed for the "CarbonBlack" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: cb-linux-sensor-installer-7.3.2.93764-1.noarch
 GPG Keys are configured as: https://yum.distro.carbonblack.io/enterprise/keys/public.asc
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED

 

When checking the signature status of the download package to /tmp folder, the package shows as not OK

[root@LINUX ~]# ls -alt /tmp/cb-linux-sensor-installer-7.3.*
-rw-r--r--. 1 root root 291595000 Jan  2 15:20 /tmp/cb-linux-sensor-installer-7.3.2.93764-1.noarch.rpm
-rw-r--r--. 1 root root 235965748 Jan  2 14:43 /tmp/cb-linux-sensor-installer-7.3.1.93494-1.noarch.rpm
[root@LINUX ~]# rpm -K /tmp/cb-linux-sensor-installer-7.3.*
/tmp/cb-linux-sensor-installer-7.3.1.93494-1.noarch.rpm: digests signatures OK
/tmp/cb-linux-sensor-installer-7.3.2.93764-1.noarch.rpm: digests SIGNATURES NOT OK

 

Environment

  • Carbon Black EDR Server: All Supported Versions

Cause

Starting with the 7.3.2 Linux sensor release, the sensor uses a new SHA-256 public key Verify Linux 7.1+ Install Files

Resolution

 

Update EDR to point to the new cb.asc public key following these steps

 

Additional Information

KB article EDR: How can the public key be downloaded for RPM packages (NO KEY)? should be followed for EDR Linux sensor versions prior to 7.3.2