Linux Package Installation for RHEL

This section describes how to access the Linux RPM installation package so that the CTE Agent installation integrates with the distribution software. To access the Linux RPM file, you can:

• Extract the RPM file from the CTE Agent install bin file. This is the easiest method, but the files in the package are not signed and therefore cannot be verified. For details, see Installing the Unsigned RPM Package.

• Download the package from the Yum repository. If you use Yum, the files in the package are signed and the signatures are automatically verified when the package is installed. For details, see Installing the Signed RPM Package with Yum.

• Manually download the RPM package outside of Yum and manually verify the package signatures. For details, see Installing the Signed RPM Package Manually.

Prerequisites

Installing the Unsigned RPM Package

The CTE installation bin files contain the unsigned native packages. Extract them by running the bin file with the -e flag.

1. Log on to the host system as root and copy or mount the installation file to the host system.

2. Extract the RPM file using the following command:

   ./vee-fs-<release>-<build>-<distro>-<architecture>.bin -e
   

   Example

   ./vee-fs-7.5.0-68-rh8-x86_64.bin -e
   

   Response

   Contents extracted.
   

3. Verify that the package extracted correctly:

   ls *rpm
   

   Example Response

   vee-fs-7.5.0-68-rh8-x86_64.rpm
   

4. To start the installation using the RPM file, use the following command:

   rpm -ivh vee-fs-<release>-<build>-<distro>-<architecture>.rpm
   

5. Follow the prompts to install and register CTE.

   For details about the installation and registration process, see the appropriate installation procedure.

   • If you are going to register the system with a CipherTrust Manager, see Configuring CTE for Linux with CipherTrust Manager.

Installing the Signed RPM Package with Yum

1. Create the repository file, /etc/yum.repos.d/Vormetric-VTE.repo, with the following contents:

   [vormetric-vte]
   releasever=REL_VERSION
   name=Vormetric VTE Packages $releasever - $basearch – Source
   baseurl=https://USER:PASSWORD@packages.vormetric.com/vte/VERSION/rhel-$releasever/
   gpgkey=https://packages.vormetric.com/pub/PKG-GPG-KEY-vormetric
   enabled=1
   gpgcheck=1
   repo_gpgcheck=1
   sslverify=1
   

   where:

   • REL_VERSION: RHEL release version. Ex: rhel-8, rhel-9

   • USER:PASSWORD: Username/password obtained from Thales Support

   • VERSION: CTE release version. Ex: 7.5.0

2. Clean up the Yum cache directory:

   yum clean all
   

3. List all available versions of CTE:

   yum list --showduplicates vee-fs
   

4. Use Yum to install the CTE binary. For example:

   If the CTE binary name is vee-fs-7.5.0.68-rh8-x86_64, type:

   yum install vee-fs-7.5.0.68-rh8-x86_64
   

   To install the latest version, type:

   yum install vee-fs
   

   Note

   The first time you install CTE through Yum, you will be asked to import the GPG key. Make sure that you download this key or the install will fail. For example:

   vormetric-vte/7Server/signature | 198 B 00:00:00 Retrieving key from https://packages.vormetric.com/pub/PKG-GPG-KEY-vormetric Importing GPG key 0x628536B7: Userid : "Vormetric (PKG-GPG-KEY) support@vormetric.com" Fingerprint: 7cb5 4f55 40d4 1b63 bf91 c896 f00a 13b0 6285 36b7 From : https://packages.vormetric.com/pub/PKG-GPG-KEY-vormetric Is this ok [y/N]: y

5. Follow the prompts to install and register CTE.

   For details about the installation and registration process, see the appropriate installation procedure.

   • If you are going to register the system with a CipherTrust Manager, see Configuring CTE for Linux with CipherTrust Manager.

Installing the Signed RPM Package Manually

If you want to manually verify the signed version of the CTE RPM package, you can download the public key from the Thales package repository and manually verify the rpm signature.

1. Download the rpm file, type:

   $ wget -c --user USER --password PASSWORD https://packages.vormetric.com/vte/VERSION/REL_VERSION/TARGET_RPM_NAME
   

   Example

   $ wget -c --user ctetest --password abcdef12345678ab https://packages.vormetric.com/vte/7.4.0/rhel-8/vee-fs-7.5.0.68-rh8-x86_64.rpm
   

   where:

   • REL_VERSION: RHEL release version. Ex: rhel-8, rhel-9

   • USER/PASSWORD: Username/password obtained from Thales Support

   • VERSION: CTE release version. Ex: 7.5.0

   • TARGET_RPM_NAME: Target rpm filename to download. Ex: vee-fs-7.5.0-68-rh8-x86_64.rpm

2. Import the public key from the Thales package repository:

   sudo rpm --import https://packages.vormetric.com/pub/PKG-GPG-KEY-vormetric
   sudo rpm -qa gpg-pub*
   gpg-pubkey-628536b7-56f9887b    : Imported CTE GPG public key.
   gpg-pubkey-fd431d51-4ae0493b
   

3. Verify the signature of the package.

   sudo rpm -Kv vee-fs-<release>-<build>-<distro>-<architecture>.rpm
   

   Example

   sudo rpm -Kv vee-fs-7.5.0-68-rh8-x86_64.rpm
   

4. To start the installation using the RPM file, use the following command:

   sudo rpm -ivh vee-fs-<release>-<distro>-x86_64.rpm
   

5. Follow the prompts to register CTE.

   For details about the installation and registration process, see the appropriate installation procedure.

   • If you are going to register the system with a CipherTrust Manager, see Configuring CTE for Linux with CipherTrust Manager.