When an administrator tries to download EDR Linux Sensor using below command:
[root@LINUX ~]# yum install --downloadonly --downloaddir=/tmp cb-linux-sensor-installer-7.3.2.93764-1.noarch
Updating Subscription Management repositories.
CarbonBlack 13 kB/s | 3.5 kB 00:00
CbOpenSource 35 kB/s | 3.0 kB 00:00
CbOpenSource2 91 kB/s | 3.0 kB 00:00
Dependencies resolved.
=================================================================================================================================================================================================
Package Architecture Version Repository Size
=================================================================================================================================================================================================
Installing:
cb-linux-sensor-installer noarch 7.3.2.93764-1 CarbonBlack 278 M
Transaction Summary
=================================================================================================================================================================================================
Install 1 Package
Total download size: 278 M
Installed size: 278 M
YUM will only download packages for the transaction.
Is this ok [y/N]: y
Downloading Packages:
cb-linux-sensor-installer-7.3.2.93764-1.noarch.rpm 22 MB/s | 278 MB 00:12
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 21 MB/s | 278 MB 00:13
CarbonBlack 5.4 kB/s | 1.7 kB 00:00
GPG key at https://yum.distro.carbonblack.io/enterprise/keys/public.asc (0x6AC57704) is already installed
The GPG keys listed for the "CarbonBlack" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: cb-linux-sensor-installer-7.3.2.93764-1.noarch
GPG Keys are configured as: https://yum.distro.carbonblack.io/enterprise/keys/public.asc
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED
When checking the signature status of the download package to /tmp folder, the package shows as not OK
[root@
LINUX
~]# ls -alt /tmp/cb-linux-sensor-installer-7.3.*-rw-r--r--. 1 root root 291595000 Jan 2 15:20 /tmp/cb-linux-sensor-installer-7.3.2.93764-1.noarch.rpm
-rw-r--r--. 1 root root 235965748 Jan 2 14:43 /tmp/cb-linux-sensor-installer-7.3.1.93494-1.noarch.rpm
[root@LINUX ~]# rpm -K /tmp/cb-linux-sensor-installer-7.3.*
/tmp/cb-linux-sensor-installer-7.3.1.93494-1.noarch.rpm: digests signatures OK
/tmp/cb-linux-sensor-installer-7.3.2.93764-1.noarch.rpm: digests SIGNATURES NOT OK
Starting with the 7.3.2 Linux sensor release, the sensor uses a new SHA-256 public key Verify Linux 7.1+ Install Files
KB article EDR: How can the public key be downloaded for RPM packages (NO KEY)? should be followed for EDR Linux sensor versions prior to 7.3.2