On a RHEL 6 / CentOS 6 system, the main system log file contains the error "Package <packagename> isn't signed with proper key." The following example was caused by a manual segmentation fault on zsd.
Oct 20 14:33:34 centos6base abrt: Can't open 'core.821': Permission denied
Oct 20 14:33:35 centos6base abrtd: Directory 'ccpp-2014-10-20-14:33:34-821' creation detected Oct 20 14:33:35 centos6base abrt: Saved core dump of pid 821 (/usr/local/zend/bin/zsd) to /var/spool/abrt/ccpp-2014-10-20-14:33:34-821 (87408640 bytes) Oct 20 14:33:35 centos6base abrtd: Package 'zend-server-php-5.5-common' isn't signed with proper key Oct 20 14:33:35 centos6base abrtd: 'post-create' on '/var/spool/abrt/ccpp-2014-10-20-14:33:34-821' exited with 1 Oct 20 14:33:35 centos6base abrtd: Deleting problem directory '/var/spool/abrt/ccpp-2014-10-20-14:33:34-821'
RHEL 6 / CentOS 6
There are two ways to remedy this.
Method 1: Alter the default abrt behavior. This may be best if you have multiple third-party packages installed and want to ensure all associated application cores are caught.
- Edit the file /etc/abrt/abrt-action-save-package-data.conf
- Set OpenGPGCheck = no
- Reload abrtd with the command:
service abrtd reload.
Method 2: Add Zend's GPG key to the rpm and abrtd key caches.
# wget -O /etc/pki/rpm-gpg/zend.key http://repos.zend.com/zend.key # rpm --import /etc/pki/rpm-gpg/zend.key # echo '/etc/pki/rpm-gpg/zend.key' >> /etc/abrt/gpg_keys
# service abrtd reload
Testing: The effectiveness of the methods can be evaluated by manually triggering a segmentation fault with signal 11. The message log should no longer generate errors regarding the package key. This may interrupt service temporarily and is not advised on production systems.
# pgrep zsd 2310 # kill -11 2310
The ABRT daemon is responsible for handling the application cores created by segmentation faults. By default it will reject cores from applications that don't have a known GPG signature.