Open AMHesch opened 4 years ago
Is there any plans on fixing this, since this breaks the installer listed here: https://docs.aws.amazon.com/codedeploy/latest/userguide/codedeploy-agent-operations-install-linux.html if run on Amazon Linux.
I am also interested in seeing this addressed, as it is similar to this issue with SSM.
My current workaround was to edit the install script so that --nogpgcheck
is passed to the yum
invocation. This allows the agent to be installed and then run, as verified with sudo service codedeploy-agent status
.
This was reported back in 2016 and still not fixed?
If we provided similar to https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/verify-CloudWatch-Agent-Package-Signature.html does this meet the ask?
If we provided similar to https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/verify-CloudWatch-Agent-Package-Signature.html does this meet the ask?
Yes. Sign the RPM and make the public key available in s3 for verification.
Hello, any updates on this issue? It is still valid in Feb, 2024
In order to install CodeDeploy Agent on Amazon Linux 2 / CentOS / RHEL servers that are configured for the CIS Level 3 Benchmark (High), all packages must be digitally signed by a CA that is recognized by the Operating System. This maps to RHEL STIG Vulnerability V-71979 and Amazon Linux 2 STIG Benchmark 1.2.4.
Current Value
Expected Value (based on SSM Agent)