Chinaunix首页 | 论坛 | 博客
  • 博客访问: 7180093
  • 博文数量: 3857
  • 博客积分: 6409
  • 博客等级: 准将
  • 技术积分: 15948
  • 用 户 组: 普通用户
  • 注册时间: 2008-09-02 16:48
个人简介

迷彩 潜伏 隐蔽 伪装

文章分类

全部博文(3857)

文章存档

2017年(5)

2016年(63)

2015年(927)

2014年(677)

2013年(807)

2012年(1241)

2011年(67)

2010年(7)

2009年(36)

2008年(28)

分类: LINUX

2014-10-29 12:44:41


云资源池Redhat6.4系统rpm工具提示签名BAD问题解决过程

 

一、故障设备信息

1.设备信息

VMware虚拟机,Redhat Linux6.4

2.承载业务

各地市服务开通

3.故障现象

在安装gcc编译器时,提示如下错误

[root@fwkt01 Packages]# rpm -ivh gcc-4.4.7-3.el6.x86_64.rpm

error: gcc-4.4.7-3.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: BAD

error: gcc-4.4.7-3.el6.x86_64.rpm cannot be installed

4.损坏硬件类型及位置

二.故障原因分析

鉴于以上报错,我们进行了以下尝试

测试1、重新导入GPG keyfailed

[root@fwkt01 rpm]# rpm --import /home/install/RPM-GPG-KEY-redhat-*

[root@fwkt01 rpm]# rpm -qa gpg-pubkey*

[root@fwkt01 rpm]# rpm -qa gpg-pubkey*

gpg-pubkey-f21541eb-4a5233e7

[root@fwkt01 rpm]# rpm -e gpg-pubkey-f21541eb-4a5233e7 删除这个key

[root@fwkt01 rpm]# rpm --import /tmp/fzm/RPM-GPG-KEY-redhat-* 重新导入

[root@fwkt01 rpm]# rpm -qa gpg-pubkey*

gpg-pubkey-f21541eb-4a5233e7

仍提示只有这一个key,但我们最需要的是gpg-pubkey-fd431d51-4ae0493b

[root@fwkt01 rpm]# rpm -qi gpg-pubkey-f21541eb-4a5233e7Name        : gpg-pubkey                   Relocations: (not relocatable)

Version     : f21541eb                          Vendor: (none)

Release     : 4a5233e7                      Build Date: Tue 26 Aug 2014 04:22:55 PM CST

Install Date: Tue 26 Aug 2014 04:22:55 PM CST      Build Host: localhost

Group       : Public Keys                   Source RPM: (none)

Size        : 0                                License: pubkey

Signature   : (none)

Summary     : gpg(Red Hat, Inc. (beta key 2) )

Description :

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: rpm-4.8.0 (NSS-3)

 

mQINBEmkAzABEAC2/c7bP1lHQ3XScxbIk0LQWe1YOiibQBRLwf8Si5PktgtuPibT

kKpZjw8p4D+fM7jD1WUzUE0X7tXg2l/eUlMM4dw6XJAQ1AmEOtlwSg7rrMtTvM0A

BEtI7Km6fC6sU6RtBMdcqD1cH/6dbsfh8muznVA7UlX+PRBHVzdWzj6y8h84dBjo

gzcbYu9Hezqgj/lLzicqsSZPz9UdXiRTRAIhp8V30BD8uRaaa0KDDnD6IzJv3D9P

xQWbFM4Z12GN9LyeZqmD7bpKzZmXG/3drvfXVisXaXp3M07t3NlBa3Dt8NFIKZ0D

FRXBz5bvzxRVmdH6DtkDWXDPOt+Wdm1rZrCOrySFpBZQRpHw12eo1M1lirANIov7

Z+V1Qh/aBxj5EUu32u9ZpjAPPNtQF6F/KjaoHHHmEQAuj4DLex4LY646Hv1rcv2i

QFuCdvLKQGSiFBrfZH0j/IX3/0JXQlZzb3MuMFPxLXGAoAV9UP/Sw/WTmAuTzFVm

G13UYFeMwrToOiqcX2VcK0aC1FCcTP2z4JW3PsWvU8rUDRUYfoXovc7eg4Vn5wHt

0NBYsNhYiAAf320AUIHzQZYi38JgVwuJfFu43tJZE4Vig++RQq6tsEx9Ftz3EwRR

fJ9z9mEvEiieZm+vbOvMvIuimFVPSCmLH+bI649K8eZlVRWsx3EXCVb0nQARAQAB

tDBSZWQgSGF0LCBJbmMuIChiZXRhIGtleSAyKSA8c2VjdXJpdHlAcmVkaGF0LmNv

bT6JAjYEEwECACAFAkpSM+cCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCT

ioDK8hVB6/9tEAC0+KmzeKceXQ/GTUoU6jy9vtkFCFrmv+c7ol4XpdTt0QhqBOwy

6m2mKWwmm8KfYfy0cADQ4y/EcoXl7FtFBwYmkCuEQGXhTDn9DvVjhooIq59LEMBQ

OW879RwwzRIZ8ebbjMUjDPF5MfPQqP2LBu9N4KvXlZp4voykwuuaJ+cbsKZR6pZ6

0RQKPHKP+NgUFC0fff7XY9cuOZZWFAeKRhLN2K7bnRHKxp+kELWb6R9ZfrYwZjWc

MIPbTd1khE53L4NTfpWfAnJRtkPSDOKEGVlVLtLq4HEAxQt07kbslqISRWyXER3u

QOJj64D1ZiIMz6t6uZ424VE4ry9rBR0Jz55cMMx5O/ni9x3xzFUgH8Su2yM0r3jE

Rf24+tbOaPf7tebyx4OKe+JW95hNVstWUDyGbs6K9qGfI/pICuO1nMMFTo6GqzQ6

DwLZvJ9QdXo7ujEtySZnfu42aycaQ9ZLC2DOCQCUBY350Hx6FLW3O546TAvpTfk0

B6x+DV7mJQH7MGmRXQsE7TLBJKjq28Cn4tVp04PmybQyTxZdGA/8zY6pPl6xyVMH

V68hSBKEVT/rlouOHuxfdmZva1DhVvUC6Xj7+iTMTVJUAq/4Uyn31P1OJmA2a0PT

CAqWkbJSgKFccsjPoTbLyxhuMSNkEZFHvlZrSK9vnPzmfiRH0Orx3wYpMQ==

=21pb

-----END PGP PUBLIC KEY BLOCK-----

测试2、删除重建rpm数据文件(failed

[root@fwkt01 fzm]# cd /var/lib/rpm

[root@fwkt01 rpm]# ls

Basenames     __db.001  __db.003  Dirnames     Group       Name          Packages     Provideversion  Requirename     Sha1header  Triggername

Conflictname  __db.002  __db.004  Filedigests  Installtid  Obsoletename  Providename  Pubkeys         Requireversion  Sigmd5

[root@fwkt01 rpm]# rm __db*

rm: remove regular file `__db.001'? y

rm: remove regular file `__db.002'? y

rm: remove regular file `__db.003'? y

rm: remove regular file `__db.004'? y

[root@fwkt01 rpm]# rpm -vv –rebuilddb

测试3、从OK的设备上拷贝key文件,重新导入(failed

结果与测试1相同

测试4、使用ldd /bin/rpm查看rpm相关的库文件,从其它设备拷贝覆盖(failed

[root@fwkt01 Packages]# ldd /bin/rpm

        linux-vdso.so.1 =>  (0x00007fff999ff000)

        librpmbuild.so.1 => /usr/lib64/librpmbuild.so.1 (0x00000031be400000)

        librpm.so.1 => /usr/lib64/librpm.so.1 (0x00000031c1000000)

        libmagic.so.1 => /usr/lib64/libmagic.so.1 (0x00000031be800000)

        librpmio.so.1 => /usr/lib64/librpmio.so.1 (0x00000031c1400000)

        libselinux.so.1 => /lib64/libselinux.so.1 (0x00000032eae00000)

        libcap.so.2 => /lib64/libcap.so.2 (0x00000032ed200000)

        libacl.so.1 => /lib64/libacl.so.1 (0x00000032f5c00000)

        libdb-4.7.so => /lib64/libdb-4.7.so (0x00000032ed600000)

        libbz2.so.1 => /lib64/libbz2.so.1 (0x00000032f3600000)

        liblzma.so.0 => /usr/lib64/liblzma.so.0 (0x00000031bf400000)

        liblua-5.1.so => /usr/lib64/liblua-5.1.so (0x00000031c0c00000)

        libm.so.6 => /lib64/libm.so.6 (0x00000032ea200000)

        libelf.so.1 => /usr/lib64/libelf.so.1 (0x00000031c0800000)

        libnss3.so => /usr/lib64/libnss3.so (0x00000031bdc00000)

        libpopt.so.0 => /lib64/libpopt.so.0 (0x00000032f7600000)

        libz.so.1 => /lib64/libz.so.1 (0x00000032ea600000)

        librt.so.1 => /lib64/librt.so.1 (0x00000032eaa00000)

        libpthread.so.0 => /lib64/libpthread.so.0 (0x00000032e9e00000)

        libc.so.6 => /lib64/libc.so.6 (0x00000032e9600000)

        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00000032ef200000)

        libdl.so.2 => /lib64/libdl.so.2 (0x00000032e9a00000)

        /lib64/ld-linux-x86-64.so.2 (0x00000032e9200000)

        libattr.so.1 => /lib64/libattr.so.1 (0x00000032f3e00000)

        libnssutil3.so => /usr/lib64/libnssutil3.so (0x00000031be000000)

        libplc4.so => /lib64/libplc4.so (0x00000032fb400000)

        libplds4.so => /lib64/libplds4.so (0x00000032fb000000)

        libnspr4.so => /lib64/libnspr4.so (0x00000032fc400000)

测试5、使用yum安装,我们尝试通过将gpgcheck设置为0来跳过gpg验证检查,但不行,也指定了其它位置的gpgkey,也不行(failed

[root@fwkt01 yum.repos.d]# more dvd.repo

[bash]

name=redhat-release

baseurl=file:///home/install

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

enable=1

[root@fwkt01 yum.repos.d]# yum install gcc

Loaded plugins: aliases, changelog, downloadonly, kabi, presto, product-id, refresh-packagekit, security, subscription-manager, tmprepo,

…………

Total download size: 44 M

Installed size: 176 M

Is this ok [y/N]: y

Downloading Packages:

Setting up and reading Presto delta metadata

Processing delta metadata

Package(s) data still to download: 44 M

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

Total                                                                                                                                   67 MB/s |  44 MB     00:00    

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

error: libgcc-4.4.7-3.el6.x86_64: Header V3 RSA/SHA256 Signature, key ID fd431d51: BAD

…………

error: gcc-4.4.7-3.el6.x86_64: Header V3 RSA/SHA256 Signature, key ID fd431d51: BAD

setup-2.8.14-20.el6.noarch was supposed to be installed but is not!

  Verifying  : setup-2.8.14-20.el6.noarch                                                                                                                         1/27

…………

我们执行了以下命令,仍然不行

yum clean all          清除yum缓存
yum makecache      
重新生成yum缓存

 

测试6、鉴于以上方法都失败了,我们推测可能某个库文件被损坏了,并进行了一系列的测试

rpm -ivvvvvvvvh  xxxxx.rpm

strace rpm -ivvvvvh xxxxx.rpm    跟踪rpm执行过程

 

[root@fwkt01 Packages]# rpm -ql rpm

package rpm is not installed

[root@fwkt01 Packages]# 

[root@fwkt01 Packages]# rpm -V rpm

package rpm is not installed

[root@fwkt01 Packages]#

 

重新初始化rpmdb文件

rpm –initdb

 

检查key文件是否有效

gpg --quiet --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat

-release

 

验证该rpm包是否安装
rpm -V redhat-release-server-6Server 

 

验证两个文件的md5值是否相同,以确认文件是否完全一致

root@fwkt01 diff]# md5sum  RPM-GPG-KEY-redhat-release
747cb276e293fa80fbbca0b76639b8c1  RPM-GPG-KEY-redhat-release
[root@fwkt01 diff]# md5sum  RPM-GPG-KEY-redhat-release.dvd
747cb276e293fa80fbbca0b76639b8c1  RPM-GPG-KEY-redhat-release.dvd

 

执行sosreport收集信息,发给Redhat进行分析

 

检查rpm的安装记录发现系统中分别安装过不同版本的glibcnss-softokn-freebl

grep glibc- installed-rpms | sort

glibc-2.12-1.107.el6.x86_64                                 Mon 24 Mar 2014 11:13:53 AM CST

glibc-2.12-1.7.el6.i686                                     Fri 28 Mar 2014 11:56:59 AM CST

glibc-2.12-1.7.el6.x86_64                                   Fri 28 Mar 2014 11:56:44 AM CST

glibc-common-2.12-1.107.el6.x86_64                          Mon 24 Mar 2014 11:13:48 AM CST

glibc-common-2.12-1.7.el6.x86_64                            Fri 28 Mar 2014 11:56:38 AM CST

glibc-devel-2.12-1.107.el6.x86_64                           Mon 24 Mar 2014 11:18:03 AM CST

glibc-devel-2.12-1.7.el6.i686                               Fri 28 Mar 2014 11:57:00 AM CST

glibc-devel-2.12-1.7.el6.x86_64                             Fri 28 Mar 2014 11:56:57 AM CST

glibc-headers-2.12-1.107.el6.x86_64                         Mon 24 Mar 2014 11:18:03 AM CST

glibc-headers-2.12-1.7.el6.x86_64                           Fri 28 Mar 2014 11:56:56 AM CST

glibc-utils-2.12-1.107.el6.x86_64                           Mon 24 Mar 2014 11:27:35 AM CST

glibc-utils-2.12-1.7.el6.x86_64                             Fri 28 Mar 2014 11:56:58 AM CST

 

grep nss-softokn-freebl installed-rpms

nss-softokn-freebl-3.12.7-1.1.el6.i686                      Fri 28 Mar 2014 11:56:58 AM CST

nss-softokn-freebl-3.12.7-1.1.el6.x86_64                    Fri 28 Mar 2014 11:56:42 AM CST

nss-softokn-freebl-3.12.9-11.el6.x86_64                     Mon 24 Mar 2014 11:13:52 AM CST

 

而正常情况下,系统当中,glibc nss-softoknfreebl的安装情况如下:

rpm -qa |grep glibc-

glibc-2.12-1.132.el6.i686

glibc-headers-2.12-1.132.el6.x86_64

glibc-2.12-1.132.el6.x86_64

glibc-debuginfo-2.12-1.132.el6.x86_64

glibc-debuginfo-common-2.12-1.132.el6.x86_64

glibc-common-2.12-1.132.el6.x86_64

glibc-devel-2.12-1.132.el6.x86_64

 

 rpm -qa |grep nss-softokn-freebl

nss-softokn-freebl-3.14.3-9.el6.i686

nss-softokn-freebl-3.14.3-9.el6.x86_64

初步判断是这两个包的混乱安装导致的,所以我们进行了一些测试

测试7、模拟当初的glibcnss-softokn-freebl安装过程进行试验

Testing Step as below:

1, Prepare one virtual  testing linux server 准备一台虚拟机

 

My OS version: CentOS 6.5 X86_64

 

Glibc version

[root@learning1 ~]# rpm -qa | grep glibc

glibc-common-2.12-1.132.el6.x86_64

glibc-devel-2.12-1.132.el6.x86_64

glibc-2.12-1.132.el6.x86_64

glibc-headers-2.12-1.132.el6.x86_64

 

nss-softoken-freebl version

[root@learning1 ~]# rpm -qa | grep nss-softokn-freebl

nss-softokn-freebl-devel-3.14.3-9.el6.x86_64

nss-softokn-freebl-3.14.3-9.el6.x86_64

 

2, Backup OS via snaphot 使用快照备份操作系统

3, Install lower version of glibc in CentOS 6.4 DVD ISO 安装低版本的glibc

 

[root@learning4 Packages]# rpm -ivh --force glibc-common-2.12-1.107.el6.x86_64.rpm glibc-2.12-1.107.el6.x86_64.rpm

Preparing...                ########################################### [100%]

   1:glibc                  ########################################### [ 50%]

   2:glibc-common           ########################################### [100%]

 

[root@learning4 Packages]# rpm -ivh --force glibc-headers-2.12-1.107.el6.x86_64.rpm

Preparing...                ########################################### [100%]

   1:glibc-headers          ########################################### [100%]

 

[root@learning4 Packages]# rpm -ivh --force glibc-devel-2.12-1.107.el6.x86_64.rpm

Preparing...                ########################################### [100%]

   1:glibc-devel            ########################################### [100%]

 

[root@learning4 Packages]# rpm -qa | grep glibc

glibc-headers-2.12-1.132.el6.x86_64

glibc-2.12-1.107.el6.x86_64

glibc-common-2.12-1.132.el6.x86_64

glibc-2.12-1.132.el6.x86_64

glibc-devel-2.12-1.132.el6.x86_64

glibc-common-2.12-1.107.el6.x86_64

glibc-devel-2.12-1.107.el6.x86_64

glibc-headers-2.12-1.107.el6.x86_64

 

Here you can see there are two version of glibc on my testing server. One is 2.12-1.132, and the other one is 2.12-1.107.

 

Note: Here rpm command can run well after lower version of glibc installed

 在安装了低版本的glibc后,rpm仍然可以正常运行

4, Install lower version of nss-softoken-freebl in CentOS 6.4 DVD ISO

 安装低版本的nss-softoken-freebl

[root@learning4 Packages]# rpm -ivh --force nss-softokn-freebl-3.12.9-11.el6.x86_64.rpm

Preparing...                ########################################### [100%]

   1:nss-softokn-freebl     ########################################### [100%]

 

5, Verify rpm key issue验证rpm功能,发现rpm功能报错

 

[root@learning4 Packages]# rpm -ivh --force glibc-utils-2.12-1.107.el6.x86_64.rpm

error: glibc-utils-2.12-1.107.el6.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: BAD

error: glibc-utils-2.12-1.107.el6.x86_64.rpm cannot be installed

 

[root@learning4 Packages]# rpm -ql bash

error: rpmdbNextIterator: skipping h#      23 Header V3 RSA/SHA1 Signature, key ID c105b9de: BAD

package bash is not installed

 

[root@learning4 Packages]# rpm -qa

error: rpmdbNextIterator: skipping h#     514 Header V3 RSA/SHA256 Signature, key ID c105b9de: BAD

error: rpmdbNextIterator: skipping h#     259 Header V3 RSA/SHA1 Signature, key ID c105b9de: BAD

error: rpmdbNextIterator: skipping h#       4 Header V3 RSA/SHA1 Signature, key ID c105b9de: BAD

error: rpmdbNextIterator: skipping h#     518 Header V3 RSA/SHA1 Signature, key ID c105b9de: BAD

error: rpmdbNextIterator: skipping h#     263 Header V3 RSA/SHA1 Signature, key ID c105b9de: BAD

error: rpmdbNextIterator: skipping h#       8 Header V3 RSA/SHA1 Signature, key ID c105b9de: BAD

 

Note: Here rpm command can’t run well after lower version of nss-softokn-freebl installed

在安装了低版本的nss-softokn-freebl 后,rpm命令已经无法正常执行了

6, Solution  解决办法

 

1. Check nss-softoken-freebl rpm package file on a good OS which version is same  with the bad one.

[root@learning1 ~]# rpm -ql nss-softokn-freebl 可以看到nss-softokn-freebl涉及到这两个库文件

/lib64/libfreebl3.chk

/lib64/libfreebl3.so

/usr/lib64/libfreebl3.chk

/usr/lib64/libfreebl3.so

 

        [root@learning1 ~]# ls -l /usr/lib64/libfreebl3.*

lrwxrwxrwx. 1 root root 26 Aug 19 16:57 /usr/lib64/libfreebl3.chk -> ../../lib64/libfreebl3.chk

lrwxrwxrwx. 1 root root 25 Aug 19 16:57 /usr/lib64/libfreebl3.so -> ../../lib64/libfreebl3.so

[root@learning1 ~]# ls -l /lib64/libfreebl3.*

-rw-r--r--. 1 root root    899 Nov 23  2013 /lib64/libfreebl3.chk

-rwxr-xr-x. 1 root root 472064 Nov 23  2013 /lib64/libfreebl3.so

 

2. Just copy below two file from the good OS to the bad one. Before copy, you’d better to backup the current file.

所以我们尝试用ok的系统中copy这两个文件至故障系统

[root@learning4 lib64]# scp learning1:/lib64/libfreebl3.chk .

libfreebl3.chk                                                                                                  100%  899     0.9KB/s   00:00   

[root@learning4 lib64]# scp learning1:/lib64/libfreebl3.so .

libfreebl3.so                                                                                                   100%  461KB 461.0KB/s   00:00   

[root@learning4 lib64]#

[root@learning4 lib64]# ls -l libfreebl3.*                  

-rw-r--r-- 1 root root    899 Sep 28 15:17 libfreebl3.chk

-rwxr-xr-x 1 root root 472064 Sep 28 15:17 libfreebl3.so

 

3. Verify rpm command 验证rpm命令

[root@learning4 lib64]# rpm -ql bash

/bin/bash

/bin/sh

/etc/skel/.bash_logout

/etc/skel/.bash_profile

/etc/skel/.bashrc

/usr/bin/bashbug-64

/usr/share/doc/bash-4.1.2/COPYING

/usr/share/info/bash.info.gz

 

Rpm command is OK now.

rpm命令运行正常

Note:

1, Please don’t remove lower version of glibc and nss-softokn-freebl. If remove it, will lead to OS many core commands(such as ssh scp bash ls cp ….) unavailable.

请不要卸载低版本的glibc and nss-softokn-freebl,一旦移除,会导致系统的诸多核心命令无法使用,相当于系统瘫痪。

如果不小心卸载了,可以通过以下办法恢复:

If glibc or bash software was removed or destroyed, you can use below way to repair.

1.      Choose the ISO image same with your current linux version

2.      Boot from CD and Choose “Rescue installed system” and Enter

3.      Mount ISO image

mkdir /media

mount /dev/cdrom /media

cd /media/Packages

 

4.      Install glibc or bash to destroyed linux which in local disk

rpm -ivh bash-*.rpm --replacepkgs --root=/mnt/sysimages

or

rpm -ivh glibc-2.12-1.132.el6.x86_64.rpm --replacepkgs --root=/mnt/sysimages

 

5.      Reboot

故障原因

由于系统中先安装了nss-softokn-freebl-3.12.9-11.el6.x86_64,而后有安装了更低版本的nss-softokn-freebl-3.12.7-1.1.el6.i686,导致系统中的/lib64/libfreebl3.chk/lib64/libfreebl3.so两个库文件被降级,与系统中其它的库文件版本不一致,从而导致rpm命令无法正常执行。

三.故障处理办法

在一台状态OK的系统中执行:

cp /lib64/libfreebl3.chk /tmp

cp /lib64/libfreebl3.so /tmp

在故障系统中执行:

scp 135.149.32.5:/tmp/libfreebl3.chk /lib64

scp 135.149.32.5:/tmp/libfreebl3.so /lib64

 

具体执行过程如下:

[root@fwkt01 lib64]# scp 135.149.32.5:/tmp/libfreebl3.chk /lib64

root@135.149.32.5's password:

libfreebl3.chk                                                                          100%  478     0.5KB/s   00:00   

[root@fwkt01 lib64]#  scp 135.149.32.5:/tmp/libfreebl3.so /lib64

root@135.149.32.5's password:

libfreebl3.so                                                                           100%  377KB 377.0KB/s   00:00   

Segmentation fault (core dumped)

[root@fwkt01 lib64]# scp 135.149.32.5:/tmp/libfreebl3.so /lib64

root@135.149.32.5's password:

libfreebl3.so    

[root@fwkt01 Packages]# rpm -ivh zlib-devel-1.2.3-29.el6.x86_64.rpm

warning: zlib-devel-1.2.3-29.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY

error: Failed dependencies:

        /usr/bin/pkg-config is needed by zlib-devel-1.2.3-29.el6.x86_64

        libz.so.1()(64bit) is needed by zlib-devel-1.2.3-29.el6.x86_64

        zlib = 1.2.3-29.el6 is needed by zlib-devel-1.2.3-29.el6.x86_64

[root@fwkt01 Packages]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-*

[root@fwkt01 Packages]# rpm -ivh zlib-devel-1.2.3-29.el6.x86_64.rpm

error: Failed dependencies:

        /usr/bin/pkg-config is needed by zlib-devel-1.2.3-29.el6.x86_64

        libz.so.1()(64bit) is needed by zlib-devel-1.2.3-29.el6.x86_64

        zlib = 1.2.3-29.el6 is needed by zlib-devel-1.2.3-29.el6.x86_64

[root@fwkt01 Packages]# rpm -qa gpg-pubkey*

gpg-pubkey-fd431d51-4ae0493b

gpg-pubkey-f21541eb-4a5233e7

gpg-pubkey-db42a60e-37ea5438

gpg-pubkey-42193e6b-4624eff2

gpg-pubkey-fd431d51-4ae0493b

gpg-pubkey-897da07a-3c979a7f

gpg-pubkey-37017186-45761324

gpg-pubkey-2fa658e0-45700c69

可以看到使用rpm命令安装已经不再提示前面BAD,所有的key也都能看见了。

[root@fwkt01 Packages]# rpm --checksig -v gcc*.rpm

gcc-4.4.7-3.el6.x86_64.rpm:

    Header V3 RSA/SHA256 Signature, key ID fd431d51: OK

    Header SHA1 digest: OK (9668c2a4249007118f0b8902a50a64f3e4c1e1de)

    V3 RSA/SHA256 Signature, key ID fd431d51: OK

    MD5 digest: OK (d262aa070abab19349d3b5a5a668b039)

gcc-c++-4.4.7-3.el6.x86_64.rpm:

    Header V3 RSA/SHA256 Signature, key ID fd431d51: OK

    Header SHA1 digest: OK (8deb393d99a33e4f601ee99f9301c1aa237db1b4)

    V3 RSA/SHA256 Signature, key ID fd431d51: OK

    MD5 digest: OK (1b9c6b05f5b71b3543115383fc0e0319)

gcc-gfortran-4.4.7-3.el6.x86_64.rpm:

    Header V3 RSA/SHA256 Signature, key ID fd431d51: OK

    Header SHA1 digest: OK (4783c01a6a02cf7c53d43b46e3e23bb2bcf2e208)

    V3 RSA/SHA256 Signature, key ID fd431d51: OK

    MD5 digest: OK (dcdb82a2bf787d128cb08f1ddb2ccba0)

四.风险评估及回退方法

1.风险评估

2.     回退方法


阅读(3809) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~