SOLVED [UPS-421] MySQL 5.7.36 -> 5.7.37 upgrade failed due to GPG keys, causing upcp/rpmup failure warning email

[volex]

Received an email that upcp had an issue on a number of servers due to rpmup failing, after running this manually it's due to the mysql 5.7.36 -> 5.7.37 upgrade failing, errors below:

warning: /var/cache/yum/x86_64/7/mysql57-community/packages/mysql-community-libs-compat-5.7.37-1.el7.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 3a79bd29: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

The GPG keys listed for the "MySQL 5.7 Community Server" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.

Failing package is: mysql-community-libs-compat-5.7.37-1.el7.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

I'd imagine this will be a pretty widespread issue so any comment appreciated.

 

[strongsurf]

Hi, I also received similar errors today

Downloading packages:
warning: /var/cache/yum/x86_64/7/mysql57-community/packages/mysql-community-libs-compat-5.7.37-1.el7.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 3a79bd29: NOKEY
Retrieving key from http://repo.mysql.com/RPM-GPG-KEY-mysql


The GPG keys listed for the "MySQL 5.7 Community Server" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.


Failing package is: mysql-community-libs-compat-5.7.37-1.el7.x86_64
GPG Keys are configured as: http://repo.mysql.com/RPM-GPG-KEY-mysql

(XID 6y7h6k) “/usr/bin/yum” reported error code “1” when it ended:

 

[hatchet_au]

Seeing the same here on DNSONLY servers. Not seeing the issue on CloudLinux enabled servers at this stage when running /usr/local/cpanel/scripts/rpmup

 

[Jeic]

Hi There,

Same issue here. Around 6 servers affected.

 

[jimhermann]

Failing package is: mysql-community-libs-compat-5.7.37-1.el7.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

I'd imagine this will be a pretty widespread issue so any comment appreciated.

I had the same problem with two DNS-ONLY servers.

I edited the /etd/yum.repos.d/Mysql57.repo file and changed all the "gpgcheck=1" lines to "gpgcheck=0"

Then I executed yum update

Then I edited the /etd/yum.repos.d/Mysql57.repo file and changed all the "gpgcheck=0" lines back to "gpgcheck=1"

Finally, I updated the cPanel software.

Jim

 

[sasha]

I had the same problem with two DNS-ONLY servers.

I edited the /etd/yum.repos.d/Mysql57.repo file and changed all the "gpgcheck=1" lines to "gpgcheck=0"

Then I executed yum update

Then I edited the /etd/yum.repos.d/Mysql57.repo file and changed all the "gpgcheck=0" lines back to "gpgcheck=1"

Finally, I updated the cPanel software.

Jim

I would not do that unless you personally know that is valid package and not a compromised drop in.
This may be just a simple omission but signing keys are there for a reason.

 

[MarcoP]

Same issue on CloudLinux v7.9.0.

 

[MarcoP]

I've also tried

cp /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql{,.bak}
wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql https://repo.mysql.com/RPM-GPG-KEY-mysql
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
/usr/local/cpanel/scripts/rpmup

But it didn't solve the issue.

Moreover after noticing the huge filesize different between the original and the just downloaded GPG key I did moved the original key back.

mv /etc/pki/rpm-gpg/RPM-GPG-KEY-{mysql.bak,mysql}
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

 

[andrew.n]

The GPG keys for the new release has been changed. See this for further info:

MySQL GPG keys expired, preventing installation/upgrade of MySQL packages from the official repository.

Symptoms The GPG keys for the official MySQL repository have expired preventing installation or update of MySQL packages. The errors are similar to: The GPG keys listed for the "MySQL 8.0 Communit...

support.cpanel.net

--------------

The updated MySQL GPG will need to be installed. For existing systems, the MySQL repository file in /etc/yum.repos.d/ will need to have its 'gpgkey' line adjusted to:

gpgkey=https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Once adjusted, run the update once more:

/usr/local/cpanel/scripts/upcp

For new installations you can import the key before running the installer:

rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Ubuntu:

wget -q -O https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 | apt-key add -

-------------

 

[hatchet_au]

I'd hope this will be something that cPanel push out as part of the update cycle rather than requiring every customer to do.

 

[ffeingol]

Not sure if it was updated, but the support article says there is an auto-fixer, so it "should" correct itself tonight or tomorrow night.

 

[volex]

Not sure if it was updated, but the support article says there is an auto-fixer, so it "should" correct itself tonight or tomorrow night.

Yep that's an update as it didn't say that earlier today, I have just tested the manual method running /scripts/autorepair mysql_gpg_key then an rpmup on a dev system and it's worked without issue so assuming it does fire correctly it should resolve the issue.

Actually further to that I've ran a upcp on an affected system and that has correctly completed without any manual intervention required so it appears it should auto-resolve once nightly upcp runs so should be solved.

 

[cPanelAnthony]

Hello! The GPG keys for the official MySQL repository have expired preventing installation or update of MySQL packages. Andrew provided the correct article with the autofixer script. We are keeping track in UPS-421 and I will update this thread once resolved.

 

[HostLABTR]

Hello @cPanelAnthony , every time the autorepair command (UPS-423) is run, "-2022" string is added to the repo files. You must have forgotten to write a control for it.

 

[volex]

Further to previous update unfortunately this doesn't appear to have resolved the issue via automatic nightly upcp's, not sure if it's due to timeouts being hit but on servers notably with more packages to update the automatic upcp has continued to fail, however manually running an rpmup has resolved for failing servers.

 

[strongsurf]

Hi, automatic upcp still shows failure as of 6 hours ago.

Fortunately manually running /usr/local/cpanel/scripts/upcp resolved this issue.

 

[mikeviv]

Hello I am having this same issue, can someone please point me in the right direction and tell me where to find /scripts/autorepair mysql_gpg_key to slove this problem

 

[ThGe]

This issue is solved for me, the update worked last night.

 

[cPanelAnthony]

Hello I am having this same issue, can someone please point me in the right direction and tell me where to find /scripts/autorepair mysql_gpg_key to slove this problem

Hello! Can you check out this article? It should help.

 

[saffa]

The GPG keys for the new release has been changed. See this for further info:

MySQL GPG keys expired, preventing installation/upgrade of MySQL packages from the official repository.

Symptoms The GPG keys for the official MySQL repository have expired preventing installation or update of MySQL packages. The errors are similar to: The GPG keys listed for the "MySQL 8.0 Communit...

support.cpanel.net

--------------

The updated MySQL GPG will need to be installed. For existing systems, the MySQL repository file in /etc/yum.repos.d/ will need to have its 'gpgkey' line adjusted to:

gpgkey=https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Once adjusted, run the update once more:

/usr/local/cpanel/scripts/upcp

For new installations you can import the key before running the installer:

rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Ubuntu:

wget -q -O https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 | apt-key add -

-------------

HUGE thank you for this!