Skip to main content

Posts

Showing posts from July, 2017

KM02707977: ALM Octane Secure Configuration

Link: https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/KM02707977

Digital signature verification of RPM package

This procedure is necessary for the digital signature verification of RPM package to make sure the file has not been tampered with and the code was indeed signed by the trusted entity (Hewlett Packard Enterprise).

If this is not done, you may see NOKEY warning during the installation of the ALM Octane application:

warning: octane-onprem-12.53.xx.xx.rpm: Header V3 RSA/SHA1 Signature, key ID b564a643: NOKEY

Solution: 
If user sees NOKEY warning during the RPM package installation, they need to follow procedure on this page  for the missing key. In the example above, key ID is  b564a643.

Here is the summary of steps:

Download the keys (or use attached)
Extract the missing key  (or use attached)
Import the missing key
rpm --import /path_to_the_key/B564a643.pub

Validate signature is OK:
rpm --checksig filename_of_the_rpm

This means the package is fine…