Troubleshooting

How to resolve GPG keys issue for Azure CLI ?

Today blog is a part of troubleshooting series.

We use Azure-CLI to transfer files from our Linux VM to Azure File Share storage account. This is a very typical use case, where we want to transfer files from our VM’s to Azure Storage and typically to Azure file Share account.

More about AZURE-CLI can be found here

Recently we found our apps failing with the below Error.

While initializing the apps, we had the Azure-CLI installation steps mentioned here in docker files.

Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
[91mwarning: /var/cache/yum/x86_64/7/azure-cli/packages/azure-cli-2.0.66-1.el7.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID xxxxxxxx: NOKEY
[0mPublic key for azure-cli-2.0.66-1.el7.x86_64.rpm is not installed
--------------------------------------------------------------------------------
Total                                               33 MB/s |  38 MB  00:01     
Retrieving key from https://packages.microsoft.com/keys/microsoft.asc

The GPG keys listed for the "Azure CLI" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.


 Failing package is: azure-cli-2.0.66-1.el7.x86_64
 GPG Keys are configured as: https://packages.microsoft.com/keys/microsoft.asc

Reason:

It seems the while following the installation steps for Azure CLI we followed the steps as below

Step 1 : We download the GPG key from Microsoft, as this rpm needs to be downloaded from Microsoft repository.

It seems the while following the installation steps for Azure CLI we followed the steps as below

sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc

Step 2 : Create local azure-cli repository information.

sudo sh -c 'echo -e "[azure-cli]\nname=Azure CLI\nbaseurl=https://packages.microsoft.com/yumrepos/azure-cli\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azure-cli.repo'

Step 3 : Install with the yum install command.

sudo yum install azure-cli

These steps were followed daily in an automated way, but, suddenly we found the Step 3 command started failing yesterday.
When digged further, we found the GPG keys that was downloaded from Microsoft changed and was not matching with the current version of GPG for azure-cli rpm downloaded as a part of Step 3.

Resolution
Our Architect helped us to find a resolution to this issue, by disabling the GPG check in Step 2.
As a part of this resolution, every thing remains same as a part of this installation of Azure-cli, except for Step 2

Step 2: Create local azure-cli repository information.

sudo sh -c 'echo -e "[azure-cli]\nname=Azure CLI\nbaseurl=https://packages.microsoft.com/yumrepos/azure-cli\nenabled=1\ngpgcheck=0\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azure-cli.repo' 

After this when you run Step3, the installation goes fine.

Maybe this is not the most perfect solution, but this helped us to get away with the problem.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s