the keys have been rotated. Please check https://docs.centreon.com/docs/security/key-rotation/

FYI; Getting this error on all my debian11-Machines now

That was quick - Thank you @rchauvel  - site bookmarked for not forgetting

Hi,

A little error in documentation, there is an extra dash between names :

rpm -qi gpg-pubkey-3fc49c1b-6166eb52

Moreover I have question because I installed a 22.10 just a few weeks ago (to test the 23.10 upgrade precisely), and it seems I don’t have the right key installed, which is strange because I have been able to install and upgrade, and still am, without a problem :

$ rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

gpg-pubkey-fd431d51-4ae0493b    gpg(Red Hat, Inc. (release key 2) <security@redhat.com>)

gpg-pubkey-d4082792-5b32db75    gpg(Red Hat, Inc. (auxiliary key) <security@redhat.com>)

/…]

gpg-pubkey-3fc49c1b-651d4c25    gpg(Centreon Enterprise Server Official Signing Key <admin@centreon.com>)

)…]

May you help understand what’s I’m doing wrong? I plan to upgrade this platform to 23.10 during this week and if I have to do such action regarding the GPG keys during the upgrade to 23.10 I’ll appreciate knowing it first.

Is the old (how old?) key I have still valid only for the 22.10 repository?

The repository which is used is

centreon-22.10-stable]

name=Centreon open source software repository.

baseurl=https://packages.centreon.com/rpm-standard/22.10/el8/stable/$basearch/

enabled=1

gpgcheck=1

gpgkey=https://yum-gpg.centreon.com/RPM-GPG-KEY-CES

module_hotfixes=1

The 22.10 doc about key rotation shows the same key that the doc for 23.10 is showing. The key at https://yum-gpg.centreon.com/RPM-GPG-KEY-CES is not the one which is present in the documentation (it is the one above). I followed https://docs.centreon.com/fr/docs/22.10/installation/installation-of-a-central-server/using-packages/ to install the 22.10, and https://docs.centreon.com/docs/upgrade/upgrade-from-22-10/ says nothing about GPG keys. So I really don’t get it.

Last thing: For security reasons, the keys used to sign Centreon RPMs or the Debian repository must be rotated occasionally.

Is it for security consideration that the period of rotation is so vaguely indicated?

Bonne journée.

Hello @Stéphane,

Can you clarify what the problem exacty is? What do you mean by “there is an extra dash between names”?
For your second question, you are on EL rather than Debian. The original post concerned only Debian, whose repo’s key has been rotated recently. As to the EL key, it was rotated in October 2021 and is still valid. Upgrading an EL8 from 22.10 to 23.10 will not result in a key error.

As to your 3rd question, maybe @rchauvel has information?

Regards

Well, the keys are regularly rotated because they come to expiry, or they could also occasionally rotate if a security event required so...

Hi,

No extra dash, I was doing something wrong and thought the command was “rpm -qi gpg-pubkey 3fc49c1b-6166eb52”. Sorry for the noise.

What I still do not understand is why do, according to the documentation, I don’t have the right key on a 22.10 I installed a couple of weeks ago. 
DNF does the GPG checks (gpgcheck=1 both at global and repository levels)   
 

After I looked again I think the problem is just in the documentation which refers to package gpg-pubkey-3fc49c1b-6166eb52

In fact I have the right key, but it is packaged as gpg-pubkey-3fc49c1b-651d4c25

Just a documentation issue I think (the 23.10 documentation is the same as the 22.10 for that matter).

Have a nice day.

@Stéphane This is now fixed. Thanks for pointing it out!