Rotating keys
For security reasons, the keys used to sign Centreon RPMs or the Debian repository must be rotated occasionally.
Fresh installationβ
- Alma/RHEL/Oracle Linux
- Debian
If you performed a fresh installation after the new RPM key was published, no additional actions are necessary, apart from accepting the new rpm key.
Retrieving key from https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
Importing GPG key 0x3FC49C1B:
Userid : "Centreon Enterprise Server Official Signing Key <admin@centreon.com>"
Fingerprint: 1035 e42c b766 7952 ee42 dee9 a97d aa5a 3fc4 9c1b
From : https://yum-gpg.centreon.com/RPM-GPG-KEY-CES
Is this ok [y/N]:
If you performed a fresh installation after the new key was published, no additional actions are necessary.
However, you can check that you have the correct key.
Existing installationβ
- Alma/RHEL/Oracle Linux
- Debian
If you performed a fresh installation of a Centreon platform before the new RPM key was published, the existing key must be replaced with the new one.
Download the following script:
curl -JO https://raw.githubusercontent.com/centreon/centreon/master/centreon/check-centreon-gpg-key.sh
Make the script executable:
chmod u+x check-centreon-gpg-key.sh
Run the script:
sh check-centreon-gpg-key.sh
The script will:
- check the RPM key in the RPM database and ask you to remove it
- check the key file in the /etc/pki/rpm-gpg directory
- ask you to fetch and import the new RPM key into the RPM database
- ask you to update the release RPM package (this will remove the revoked key from /etc/pki/rpm-gpg)
- ask you to check the signature of the RPM packages.
Remove the old key:
apt-key del 1441882BED29D70CF2E874D65E9C374559B6C02E
Import the new key:
wget -O- https://apt-key.centreon.com | gpg --dearmor | tee /etc/apt/trusted.gpg.d/centreon.gpg > /dev/null 2>&1
apt update
Checksβ
- Alma/RHEL/Oracle Linux
- Debian
You can then check that the new key has been correctly imported. For the new key published on October 14, 2021:
- Fresh installation
- Existing installation
After installation, check if the new key has been correctly imported into the RPM database:
rpm -qi gpg-pubkey-3fc49c1b-6166eb52
The results should be as follows:
Name : gpg-pubkey
Version : 3fc49c1b
Release : 6166eb52
Architecture: (none)
Install Date: jeu. 14 oct. 2021 09:25:42 UTC
Group : Public Keys
Size : 0.
License : pubkey
Signature : (none)
Source RPM : (none)
Build Date : mer. 13 oct. 2021 14:21:06 UTC
Build Host : localhost
Relocations : (not relocatable)
Packager : Centreon Enterprise Server Official Signing Key <admin@centreon.com>
Summary : gpg(Centreon Enterprise Server Official Signing Key <admin@centreon.com>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.11.3 (NSS-3)
mQGNBGFm61IBDADen8ge1CEXjHG/9CWwu1sNkhQ1w5oaExK1FtkVO4ueI8k9jNPn
pZYeD8ZaqouSSFP8Rl0acz2MfNBZvhxLpTUIothea2HcWQ7fsuIJVPnADazDr045
YhxfjDy6qMsZ2yWfh3cRzpbJ2BqRFsMcMkGgq/et9LUbDy8WJ0O86YDPL5RX4wDE
ske7b8ffRu2uhK29hs76UeuuUIGLrVFqlnkuMC8u9YxVgxSONonja3tdkmhl+qR/
xCRN++l2GNjwRVwE0TyoGN5kNLHVoPWMGUZmQMG0CRZx4+H1wNualUvzRNn/y9V/
X9Z2+kjEv1c+Zi7oJ7bsYtHgulqEXVEKT5fTPLXapwhKw+uv23JjP7IAFBLlaNhn
MdRxiM+x2Ej+ZwKaxlXl578wBmpXOlQw6sji+2PM8aWmmO4A4ekYyO5ZRMG0X6OG
Y+doln8oe5djmvVp9iNvdmblHPOFTzDtpsAJRkRywipSnH21dqqMuZFrU1G46nW3
f150TbH2zSv1AccAEQEAAbREQ2VudHJlb24gRW50ZXJwcmlzZSBTZXJ2ZXIgT2Zm
aWNpYWwgU2lnbmluZyBLZXkgPGFkbWluQGNlbnRyZW9uLmNvbT6JAdQEEwEKAD4W
IQQQNeQst2Z5Uu5C3umpfapaP8ScGwUCYWbrUgIbAwUJA8JnAAULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgAAKCRCpfapaP8ScG+noDACgmdONLI9LP6/o6zZlfpcceFGV
oPWVEyd4ZOpe3SJAMtGk33xOAkEcHsCajGDSPLxzB2TEo/uqXe4YMSv4wcWKNB/e
ujs0IQA5KuAT40XuLXtPT8JWQK69GVkcgOogc746Ei81Ew5YykOpW+pNQEYl1PkK
xCxSjNgR0pVRsf9S831j2E00FvBa8z/1b5PYHKP8mdROYn5+oBSnl0EYE6AUxP7w
TM+BVvrda6J/punsLQpEf8fqDRoPrDutgHtzuZGxIZOM9F26wyaw0MBPvf2TzgWP
iQVXJmrBLzlcvNIpDc2vOETGFgjV+HwffFVb0z6iTXPfuj1bjEH7RQ3bGsndRWfB
06Zo+lOdbDLm6NfXn+ZBXb6GHZP+pyaXmuFeSELTcuNBTW4nj9M2DD8SkMLHRSw8
1uySeuvN8yD3M2iFxcxc1A3eUO6dz6ZZD0gc3KQwqxc6fMAyFqosX7XP31Al8+Jo
lUVdNXwHVD2iYdUD1gaK6JPRyRpa1BQZoLWSewu5AY0EYWbrUgEMAKTcgo0/qtDu
B44K4qVDK2MchhNENEfx3EbgybfEuRMd2q6MvYcd1LsKfTKT0vQJnWffPq+BhleH
Q0HYNvIIohKBu24T3LUZnl+bz4Pb4zJXKSm7yVhwg4W4rW+mH6nvyjVzP2KzK2/A
I004UKKcu693eOpvT5LLlCFz47gXGysJH9v2dDI7u3r7G/xZRd29V+aLk1T+O2RI
31HXVSSFZqxnwh1albTTSCOCiae7WeG4ON0jluBLUZCRsTvWG7osubQzxcEO9zT/
Ilwdv8igyiYc78j8WPFLb4ngukDOr65NpVWf0gyqf1CtpDxhNue9myTVXce6w3oX
W4npX3ZeKZwtaCYyvrfuKhXXG8fy0M0mGVvxRVsVJGgq1h1j7dJQI+d9yJmZrYxR
mDtO7jgir1YBk/j5noTzbjUSyuztkUGJwwrOXCI+CE/9jKZRFsn5dz8hmRGz/64v
13ctNV6bPz1zFDGGeav4ZJzyyXM0XI7LDY834WhCQHwXX6lkXqYp6wARAQABiQG8
BBgBCgAmFiEEEDXkLLdmeVLuQt7pqX2qWj/EnBsFAmFm61ICGwwFCQPCZwAACgkQ
qX2qWj/EnBv7DAwAx0GSrAmee0p9qzVhNcg480cgYa+cPNzKF7+6SZBudIFnzfAu
y5X1yuqi+Ai+UbfrnSd7OnU1+PviWL9PkBmgG0f2TnEAwyoFviy1vImHfQzkEiHJ
CKMJtLPzTY8PmLlTYoZrDliV48rmOo4oLCoXpuqDpZbYnh4/5EKvWs6X/7uazAm1
HB3Mq+2fSZsAlTkDNXG4acyG2G0XNq5EJgVHcVc36eArG8ss+om+uKC6c2Ikggzv
ltjq7Oa+EZ8U+PndVSv30hdJx3g806So8T4rbMLIOHWOTQCweFBT0iIwEJkeeP62
vqvjGnpPs5nCwP+jO5+eDTMBrktyjX19BJ9KN7oHh0qH09VVIsstquejJsrS2g4P
aTWi0i95zMtxxGuWF9Ye8Plff6QcULeXkeMo4b4+jSfec3V0tZfPgU0W4lTJtroD
zv43xRFzmY1LO1kt9L3XNbpbbn5W0CkqQMooP36p7eR79FePnWmypphAD/NLwC2R
4nhvUWkBsZoUPIeT
=BqDF
-----END PGP PUBLIC KEY BLOCK-----Check that the only Centreon key in the RPM database is this one: gpg-pubkey-3fc49c1b-6166eb52:
rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
The results should be as follows:
gpg-pubkey-f4a80eb5-53a7ff4b gpg(CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>)
gpg-pubkey-f2ee9d55-560cfc0a gpg(CentOS SoftwareCollections SIG (https://wiki.centos.org/SpecialInterestGroup/SCLo) <security@centos.org>)
gpg-pubkey-3fc49c1b-6166eb52 gpg(Centreon Enterprise Server Official Signing Key <admin@centreon.com>)
Check if the new key has been correctly imported into the RPM database:
rpm -qi gpg-pubkey-3fc49c1b-6166eb52
The results should be as follows:
Name : gpg-pubkey
Version : 3fc49c1b
Release : 6166eb52
Architecture: (none)
Install Date: jeu. 14 oct. 2021 09:25:42 UTC
Group : Public Keys
Size : 0
License : pubkey
Signature : (none)
Source RPM : (none)
Build Date : mer. 13 oct. 2021 14:21:06 UTC
Build Host : localhost
Relocations : (not relocatable)
Packager : Centreon Enterprise Server Official Signing Key <admin@centreon.com>
Summary : gpg(Centreon Enterprise Server Official Signing Key <admin@centreon.com>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.11.3 (NSS-3)
mQGNBGFm61IBDADen8ge1CEXjHG/9CWwu1sNkhQ1w5oaExK1FtkVO4ueI8k9jNPn
pZYeD8ZaqouSSFP8Rl0acz2MfNBZvhxLpTUIothea2HcWQ7fsuIJVPnADazDr045
YhxfjDy6qMsZ2yWfh3cRzpbJ2BqRFsMcMkGgq/et9LUbDy8WJ0O86YDPL5RX4wDE
ske7b8ffRu2uhK29hs76UeuuUIGLrVFqlnkuMC8u9YxVgxSONonja3tdkmhl+qR/
xCRN++l2GNjwRVwE0TyoGN5kNLHVoPWMGUZmQMG0CRZx4+H1wNualUvzRNn/y9V/
X9Z2+kjEv1c+Zi7oJ7bsYtHgulqEXVEKT5fTPLXapwhKw+uv23JjP7IAFBLlaNhn
MdRxiM+x2Ej+ZwKaxlXl578wBmpXOlQw6sji+2PM8aWmmO4A4ekYyO5ZRMG0X6OG
Y+doln8oe5djmvVp9iNvdmblHPOFTzDtpsAJRkRywipSnH21dqqMuZFrU1G46nW3
f150TbH2zSv1AccAEQEAAbREQ2VudHJlb24gRW50ZXJwcmlzZSBTZXJ2ZXIgT2Zm
aWNpYWwgU2lnbmluZyBLZXkgPGFkbWluQGNlbnRyZW9uLmNvbT6JAdQEEwEKAD4W
IQQQNeQst2Z5Uu5C3umpfapaP8ScGwUCYWbrUgIbAwUJA8JnAAULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgAAKCRCpfapaP8ScG+noDACgmdONLI9LP6/o6zZlfpcceFGV
oPWVEyd4ZOpe3SJAMtGk33xOAkEcHsCajGDSPLxzB2TEo/uqXe4YMSv4wcWKNB/e
ujs0IQA5KuAT40XuLXtPT8JWQK69GVkcgOogc746Ei81Ew5YykOpW+pNQEYl1PkK
xCxSjNgR0pVRsf9S831j2E00FvBa8z/1b5PYHKP8mdROYn5+oBSnl0EYE6AUxP7w
TM+BVvrda6J/punsLQpEf8fqDRoPrDutgHtzuZGxIZOM9F26wyaw0MBPvf2TzgWP
iQVXJmrBLzlcvNIpDc2vOETGFgjV+HwffFVb0z6iTXPfuj1bjEH7RQ3bGsndRWfB
06Zo+lOdbDLm6NfXn+ZBXb6GHZP+pyaXmuFeSELTcuNBTW4nj9M2DD8SkMLHRSw8
1uySeuvN8yD3M2iFxcxc1A3eUO6dz6ZZD0gc3KQwqxc6fMAyFqosX7XP31Al8+Jo
lUVdNXwHVD2iYdUD1gaK6JPRyRpa1BQZoLWSewu5AY0EYWbrUgEMAKTcgo0/qtDu
B44K4qVDK2MchhNENEfx3EbgybfEuRMd2q6MvYcd1LsKfTKT0vQJnWffPq+BhleH
Q0HYNvIIohKBu24T3LUZnl+bz4Pb4zJXKSm7yVhwg4W4rW+mH6nvyjVzP2KzK2/A
I004UKKcu693eOpvT5LLlCFz47gXGysJH9v2dDI7u3r7G/xZRd29V+aLk1T+O2RI
31HXVSSFZqxnwh1albTTSCOCiae7WeG4ON0jluBLUZCRsTvWG7osubQzxcEO9zT/
Ilwdv8igyiYc78j8WPFLb4ngukDOr65NpVWf0gyqf1CtpDxhNue9myTVXce6w3oX
W4npX3ZeKZwtaCYyvrfuKhXXG8fy0M0mGVvxRVsVJGgq1h1j7dJQI+d9yJmZrYxR
mDtO7jgir1YBk/j5noTzbjUSyuztkUGJwwrOXCI+CE/9jKZRFsn5dz8hmRGz/64v
13ctNV6bPz1zFDGGeav4ZJzyyXM0XI7LDY834WhCQHwXX6lkXqYp6wARAQABiQG8
BBgBCgAmFiEEEDXkLLdmeVLuQt7pqX2qWj/EnBsFAmFm61ICGwwFCQPCZwAACgkQ
qX2qWj/EnBv7DAwAx0GSrAmee0p9qzVhNcg480cgYa+cPNzKF7+6SZBudIFnzfAu
y5X1yuqi+Ai+UbfrnSd7OnU1+PviWL9PkBmgG0f2TnEAwyoFviy1vImHfQzkEiHJ
CKMJtLPzTY8PmLlTYoZrDliV48rmOo4oLCoXpuqDpZbYnh4/5EKvWs6X/7uazAm1
HB3Mq+2fSZsAlTkDNXG4acyG2G0XNq5EJgVHcVc36eArG8ss+om+uKC6c2Ikggzv
ltjq7Oa+EZ8U+PndVSv30hdJx3g806So8T4rbMLIOHWOTQCweFBT0iIwEJkeeP62
vqvjGnpPs5nCwP+jO5+eDTMBrktyjX19BJ9KN7oHh0qH09VVIsstquejJsrS2g4P
aTWi0i95zMtxxGuWF9Ye8Plff6QcULeXkeMo4b4+jSfec3V0tZfPgU0W4lTJtroD
zv43xRFzmY1LO1kt9L3XNbpbbn5W0CkqQMooP36p7eR79FePnWmypphAD/NLwC2R
4nhvUWkBsZoUPIeT
=BqDF
-----END PGP PUBLIC KEY BLOCK-----Check that the old key is no longer in the RPM database (there should only be gpg-pubkey-3fc49c1b-6166eb52):
rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
The results should be as follows:
gpg-pubkey-f4a80eb5-53a7ff4b gpg(CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>)
gpg-pubkey-f2ee9d55-560cfc0a gpg(CentOS SoftwareCollections SIG (https://wiki.centos.org/SpecialInterestGroup/SCLo) <security@centos.org>)
gpg-pubkey-3fc49c1b-6166eb52 gpg(Centreon Enterprise Server Official Signing Key <admin@centreon.com>)
To get detailed info about the new key and check that it is correctly installed, run the following command:
apt-key list "C903 FA90 C5EC 3C69 C922 9203 0395 7625 73E5 0BC4"
The results should look like this:
pub ed25519 2024-04-11 [SC]
C903 FA90 C5EC 3C69 C922 9203 0395 7625 73E5 0BC4
uid [unknown] Centreon APT <admin@centreon.com>
sub cv25519 2024-04-11 [E]
List of keysβ
OS | Fingerprint | Validity |
---|---|---|
Alma/RHEL/Oracle Linux | 0E52 401B 40F6 044F 928C 0B7B F6FC 4AE3 8A76 52BC | revoked October 14, 2021 |
Alma/RHEL/Oracle Linux | 1035 E42C B766 7952 EE42 DEE9 A97D AA5A 3FC4 9C1B | valid from October 14, 2021 |
Debian | 1441 882B ED29 D70C F2E8 74D6 5E9C 3745 59B6 C02E | revoked April 11, 2024 |
Debian | C903 FA90 C5EC 3C69 C922 9203 0395 7625 73E5 0BC4 | valid from April 12, 2024 |