Introduction
This document describes a known issue when upgrading from a clean install of version 1.24.1 of the Secure Endpoint connector for Enterprise Linux (RPM-based). Bug ID: CSCwk27011
Conditions
This issue will occur under the following conditions:
Cause
Parsing issues identified as part of the bundled GPG Key with the 1.24.1release prevent the key from being imported into the RPM database, causing the connector upgrade to fail.
Identify
To identify if this is the issue you are observing, you would be able to identify it from the ampupdater.log (Path of this Log File on the Endpoint would be: /var/log/cisco/ampupdater.log
)
[updater]:[error]-[updater.c@799]:[140577691532288]: failed to update amp from version 1.24.1.1027 to version 1.24.2.1053
Usage
Please use these steps on how you can utilize Shell Script to update the GPG Key on the Endpoints
1. Create Shell Script. Open your favorite editor and copy/paste the script bellow and save it as gpg-workaround.sh
#!/bin/bash
# GPG key import script for Cisco Secure Endpoint Linux
# Print that the script is running
echo "Running GPG key import script for Cisco Secure Endpoint Linux"
curl https://console.amp.cisco.com/gpg_keys/cisco.gpg -o cisco.gpg
rpm --import cisco.gpg
rm -f cisco.gpg
# Print that the script has completed
echo "GPG key import script for Cisco Secure Endpoint Linux has completed"
2. Change the Permission to make the script executable:
chmod +x gpg-workaround.sh
3. Execute the script
sudo ./gpg-workaround.sh
4. Ensure that the script executes successfully
Resolution
To resolve this issue, implement these steps:
1. Verify the Policy mapped to the connector and ensure that the Product Update window is still valid
2. Re-install the GPG key using the script attached and instruction in the Usage Section
3. Once the script runs, the correct GPG key will be imported to the RPM DB and will be able to update the connector. The next time the connector runs the update, it uses the new GPG key and upgrade must complete as expected
4. You can also run the updater manually:
sudo /opt/cisco/amp/bin/ampupdater