Upgrading Secure Endpoint Linux 1.24.1 fails to upgrade on Enterprise Linux (RPM based)

Available Languages

Download Options

  • PDF     (88.0 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (160.6 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (115.7 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:May 31, 2024
Document ID:222021

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes a known issue when upgrading from a clean install of version 1.24.1 of the Secure Endpoint connector for Enterprise Linux (RPM-based). Bug ID: CSCwk27011

    Conditions

    This issue will occur under the following conditions:

    Cause

    Parsing issues identified as part of the bundled GPG Key with the 1.24.1release prevent the key from being imported into the RPM database, causing the connector upgrade to fail.

    Identify

    To identify if this is the issue you are observing, you would be able to identify it from the ampupdater.log  (Path of this Log File on the Endpoint would be: /var/log/cisco/ampupdater.log)

    [updater]:[error]-[updater.c@799]:[140577691532288]: failed to update amp from version 1.24.1.1027 to version 1.24.2.1053

    Usage

    Please use these steps on how you can utilize Shell Script to update the GPG Key on the Endpoints

    1. Create Shell Script. Open your favorite editor and copy/paste the script bellow and  save it as gpg-workaround.sh

    #!/bin/bash
# GPG key import script for Cisco Secure Endpoint Linux

# Print that the script is running

echo "Running GPG key import script for Cisco Secure Endpoint Linux"

curl https://console.amp.cisco.com/gpg_keys/cisco.gpg -o cisco.gpg
rpm --import cisco.gpg
rm -f cisco.gpg

# Print that the script has completed

echo "GPG key import script for Cisco Secure Endpoint Linux has completed"

    2. Change the Permission to make the script executable: 

    chmod +x gpg-workaround.sh

    3. Execute the script

    sudo ./gpg-workaround.sh

    4. Ensure that the script executes successfully

    2024-05-31_14-17-43


    Resolution

    To resolve this issue, implement these steps:

    1. Verify the Policy mapped to the connector and ensure that the Product Update window is still valid

    2. Re-install the GPG key using the script attached and instruction in the Usage Section

    3. Once the script runs, the correct GPG key will be imported to the RPM DB and will be able to update the connector. The next time the connector runs the update, it uses the new GPG key and upgrade must complete as expected

    4. You can also run the updater manually:

    sudo /opt/cisco/amp/bin/ampupdater​

    Revision History

    Revision Publish Date Comments
    1.0
    31-May-2024
    Initial Release

    Contributed by

    • Matt Jacobs

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products