SOLVED [UPS-421] MySQL 5.7.36 -> 5.7.37 upgrade failed due to GPG keys, causing upcp/rpmup failure warning email

volex

Member
PartnerNOC
Feb 5, 2008
19
10
53
cPanel Access Level
DataCenter Provider
Received an email that upcp had an issue on a number of servers due to rpmup failing, after running this manually it's due to the mysql 5.7.36 -> 5.7.37 upgrade failing, errors below:

warning: /var/cache/yum/x86_64/7/mysql57-community/packages/mysql-community-libs-compat-5.7.37-1.el7.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 3a79bd29: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

The GPG keys listed for the "MySQL 5.7 Community Server" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.

Failing package is: mysql-community-libs-compat-5.7.37-1.el7.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

I'd imagine this will be a pretty widespread issue so any comment appreciated.
 
Last edited by a moderator:

strongsurf

Registered
Jun 3, 2021
3
0
1
Kuala Lumpur
cPanel Access Level
Root Administrator
Hi, I also received similar errors today

Downloading packages:
warning: /var/cache/yum/x86_64/7/mysql57-community/packages/mysql-community-libs-compat-5.7.37-1.el7.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 3a79bd29: NOKEY
Retrieving key from http://repo.mysql.com/RPM-GPG-KEY-mysql


The GPG keys listed for the "MySQL 5.7 Community Server" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.


Failing package is: mysql-community-libs-compat-5.7.37-1.el7.x86_64
GPG Keys are configured as: http://repo.mysql.com/RPM-GPG-KEY-mysql

(XID 6y7h6k) “/usr/bin/yum” reported error code “1” when it ended:
 

jimhermann

Well-Known Member
Jan 20, 2008
76
3
58
Failing package is: mysql-community-libs-compat-5.7.37-1.el7.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

I'd imagine this will be a pretty widespread issue so any comment appreciated.
I had the same problem with two DNS-ONLY servers.

I edited the /etd/yum.repos.d/Mysql57.repo file and changed all the "gpgcheck=1" lines to "gpgcheck=0"

Then I executed yum update

Then I edited the /etd/yum.repos.d/Mysql57.repo file and changed all the "gpgcheck=0" lines back to "gpgcheck=1"

Finally, I updated the cPanel software.

Jim
 

sasha

Member
Nov 5, 2002
16
3
153
I had the same problem with two DNS-ONLY servers.

I edited the /etd/yum.repos.d/Mysql57.repo file and changed all the "gpgcheck=1" lines to "gpgcheck=0"

Then I executed yum update

Then I edited the /etd/yum.repos.d/Mysql57.repo file and changed all the "gpgcheck=0" lines back to "gpgcheck=1"

Finally, I updated the cPanel software.

Jim
I would not do that unless you personally know that is valid package and not a compromised drop in.
This may be just a simple omission but signing keys are there for a reason.
 

MarcoP

Member
Nov 17, 2006
9
1
153
cPanel Access Level
Root Administrator
I've also tried
Bash:
cp /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql{,.bak}
wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql https://repo.mysql.com/RPM-GPG-KEY-mysql
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
/usr/local/cpanel/scripts/rpmup
But it didn't solve the issue.

Moreover after noticing the huge filesize different between the original and the just downloaded GPG key I did moved the original key back.
Bash:
mv /etc/pki/rpm-gpg/RPM-GPG-KEY-{mysql.bak,mysql}
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
 

andrew.n

Well-Known Member
Jun 9, 2020
930
345
63
EU
cPanel Access Level
Root Administrator
The GPG keys for the new release has been changed. See this for further info:


--------------

The updated MySQL GPG will need to be installed. For existing systems, the MySQL repository file in /etc/yum.repos.d/ will need to have its 'gpgkey' line adjusted to:

gpgkey=https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Once adjusted, run the update once more:

/usr/local/cpanel/scripts/upcp

For new installations you can import the key before running the installer:

rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Ubuntu:

wget -q -O https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 | apt-key add -

-------------
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
765
310
363
cPanel Access Level
DataCenter Provider
Not sure if it was updated, but the support article says there is an auto-fixer, so it "should" correct itself tonight or tomorrow night.
 
  • Like
Reactions: volex

volex

Member
PartnerNOC
Feb 5, 2008
19
10
53
cPanel Access Level
DataCenter Provider
Not sure if it was updated, but the support article says there is an auto-fixer, so it "should" correct itself tonight or tomorrow night.
Yep that's an update as it didn't say that earlier today, I have just tested the manual method running /scripts/autorepair mysql_gpg_key then an rpmup on a dev system and it's worked without issue so assuming it does fire correctly it should resolve the issue.

Actually further to that I've ran a upcp on an affected system and that has correctly completed without any manual intervention required so it appears it should auto-resolve once nightly upcp runs so should be solved.
 
  • Like
Reactions: ffeingol

volex

Member
PartnerNOC
Feb 5, 2008
19
10
53
cPanel Access Level
DataCenter Provider
Further to previous update unfortunately this doesn't appear to have resolved the issue via automatic nightly upcp's, not sure if it's due to timeouts being hit but on servers notably with more packages to update the automatic upcp has continued to fail, however manually running an rpmup has resolved for failing servers.
 

mikeviv

Registered
Jan 19, 2022
1
0
1
USA
cPanel Access Level
Root Administrator
Hello I am having this same issue, can someone please point me in the right direction and tell me where to find /scripts/autorepair mysql_gpg_key to slove this problem
 

saffa

Registered
Feb 3, 2022
2
2
3
Netherlands
cPanel Access Level
Root Administrator
The GPG keys for the new release has been changed. See this for further info:


--------------

The updated MySQL GPG will need to be installed. For existing systems, the MySQL repository file in /etc/yum.repos.d/ will need to have its 'gpgkey' line adjusted to:

gpgkey=https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Once adjusted, run the update once more:

/usr/local/cpanel/scripts/upcp

For new installations you can import the key before running the installer:

rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Ubuntu:

wget -q -O https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 | apt-key add -

-------------
HUGE thank you for this!
 
  • Like
Reactions: cPRex and andrew.n