I’m running the Raw edition of checkmk and from p9 the agent packages are unsigned and fail to install, since there is no Bake option in the Raw Edition, how should a go about to get the agent packages signed?
/Marcus
CMK version: 2.1.0p10 OS version: openSUSE 15.3
Error message:
check-mk-agent-2.1.0p10-1.noarch.rpm:
Package header is not signed!
check-mk-agent-2.1.0p10-1.noarch (Plain RPM files cache): Signature verification failed [6-File is unsigned]
Abort, retry, ignore? [a/r/i] (a): a
Problem occurred during or after installation or removal of packages:
Installation has been aborted as directed.
Please see the above error message for a hint.
cleaning old clients from storage…
Moving file to storage…
I have imported the public key earlier but dit it again, but get the same error and yes it is the rpm package that it complains about.
Ran “rpm -K check-mk-agent-2.1.0p10-1.noarch.rpm” from the link you gave and it says it is ok.
check-mk-agent-2.1.0p10-1.noarch.rpm: digests OK
Did all the check from the link to verify package and pubkey, removed and imported the key again, same error.
I have the option to ignore, but rather not, kinda have it all automated and do not want to install manually or risk installing a compromized package, but maybe it just some files inside the package that is unsigned and the package is ok if it says “digest OK” on the RPM file?
I have only Enterprise available but if I do a rpm --checksig I get a OK for all agent packages.
I know form earlier days we had to sign checkmk packages with our own gpg key, but nowadays I have not anymore this issue. Also colleagues from Linux OP team didnt complained about the installation and we installed already ~400 hosts.
I will think about installing it unsigned to get it in phase with the server version, i just want to keep up some sense of security in my home network if possible.
Just hoping any devs reads this and get a fix out for this, it is an awsome monitoring software even for advanced home users like me.