Unable to yum install

1,927 views
Skip to first unread message

Burak Yenier

unread,
Apr 2, 2021, 9:28:13 AM4/2/21
to gce-discussion
Since this April 1st, 2021 morning Pacific Time, we get the following error message when a newly created GCE Instance needs a new package installed. 

=====
yum install telnet

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

 * base: mirror.grid.uchicago.edu

 * epel: mirror.steadfastnet.com

 * extras: mirror.den01.meanservers.net

 * updates: mirror.compevo.com

google-cloud-logging/x86_64/signature                                                       |  844 B  00:00:00     

Retrieving key from https://packages.cloud.google.com/yum/doc/yum-key.gpg

Importing GPG key 0xA7317B0F:

 Userid     : "Google Cloud Packages Automatic Signing Key <gc-...@google.com>"

 Fingerprint: d0bc 747f d8ca f711 7500 d6fa 3746 c208 a731 7b0f

 From       : https://packages.cloud.google.com/yum/doc/yum-key.gpg

Is this ok [y/N]: y

Retrieving key from https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

google-cloud-logging/x86_64/signature                                                       | 1.4 kB  00:00:13 !!! 

https://packages.cloud.google.com/yum/repos/google-cloud-logging-el7-x86_64/repodata/repomd.xml: [Errno -1] repomd.

xml signature could not be verified for google-cloud-logging

Trying other mirror.

=====

Does anyone have a solution to this?

Note: There is a workaround (yum --nogpgcheck install telnet) which disables the gpg enabled security feature. In addition the GCP Logging and GCP Monitoring featuring features don't work correctly with this workaround.

Ahmad P - Cloud Platform Support

unread,
Apr 2, 2021, 11:26:04 AM4/2/21
to gce-discussion

This turns out to be a known issue for which we have a workaround.


What you need to do to get this working is to disable repository GPG key checking in the yum repo configuration by setting repo_gpgcheck=0. This is likely set in /etc/yum.repos.d/google-cloud.repo however it may be possible you have this set in other repository configuration files or automation tools.


Yum repositories don’t usually use GPG keys for their repository validation. Instead, the HTTPS endpoint is trusted. CentOS doesn’t use GPG key checks for their repositories.


So, change all lines that repo_gpgcheck=1 to repo_gpgcheck=0.

1. Open /etc/yum.conf
2. Set `gpgcheck=0`
3. Set `repo_gpgcheck=0`
4. Run `sudo yum clean all`
5. Attempt to use yum as before.

The team is working on changing this by default, but we’re not able to alter existing environments.

Ender Guler

unread,
Apr 6, 2021, 10:30:14 AM4/6/21
to gce-discussion
Hi Ahmad,

It seems like the issue is resolved. When I create a CentOS 7 instance on GCP everything seems to be working as intended.

I have a few comments/questions:

How was the fix delivered? Was it uploading a valid GPG key? I checked the newly created instance's /etc/yum.conf file. There was no repo_gpgcheck or gpgcheck directives. But in the /etc/yum.repos.d/google-cloud.repo file, only the repo_gpgcheck was set as 0. The gpgcheck was set as 1. I manually changed repo_gpgcheck to 1 and run yum clean all. I attempted to install a package and it asked me to accept the GPG keys and I accepted. Then the package installation was completed as normal.

Even if setting repo_gpgcheck helps getting rid of the issue for the repos defined in the /etc/yum.repos.d/google-cloud.repo file, we are also using Google Cloud monitoring and logging agents and in their repo files both settings were set as 1. The fix you mentioned in your post seems like was not implemented for monitoring and logging repos.

Will there be fixes for them as well?

Thank you in advance,

Ender

Kamelia Y

unread,
Apr 6, 2021, 4:59:18 PM4/6/21
to gce-discussion
Hello,

I'm glad that your issue is resolved. Regarding your questions, I would like to suggest you to check these public issue trackers [1][2] that are related to your issue as Google Groups are reserved for general product discussion and Issue Tracker for product issues (unexpected behaviors) and feature requests. To get a better support you should post to the relevant forum, thus please read the Community Support article [3] for better understanding.

Reply all
Reply to author
Forward
0 new messages