Page MenuHomePhabricator

sury.org packages do not validate gpg
Closed, ResolvedPublic

Description

On apt update I get:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.sury.org jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B188E2B695BD4743

W: Failed to fetch https://packages.sury.org/php/dists/jessie/InRelease  

W: Some index files failed to download. They have been ignored, or old ones used instead.

Related Objects

StatusAssignedTask
Resolved Dzahn
Resolved Dzahn
OpenNone
OpenNone
OpenNone
ResolvedPaladox
OpenNone
OpenNone
OpenNone
StalledNone
OpenNone
OpenPaladox
ResolvedPaladox
OpenNone
OpenNone
OpenNone
OpenNone
OpenNone
OpenNone
OpenNone
Resolvedhashar
Resolvedhashar
ResolvedTarrow
Resolvedhashar
Resolvedhashar

Event Timeline

hashar created this task.Mar 19 2019, 8:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 19 2019, 8:08 PM

In Puppet we have a key added via T144872

$ gpg --list-options show-keyring ./modules/contint/files/sury-php.gpg
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa4096 2014-09-09 [SC]
      DF3D585DB8F0EB658690A554AC0E47584A7A714D
uid           CZ.NIC Labs Archive Automatic Signing Key <ftpmaster@labs.nic.cz>
sub   rsa4096 2014-09-09 [E]

The new one would be:

$ gpg --search-keys B188E2B695BD4743
gpg: data source: https://192.146.137.99:443
(1)	DEB.SURY.ORG Automatic Signing Key <deb@sury.org>
	  3072 bit RSA key B188E2B695BD4743, created: 2019-03-18, expires: 2021-03-17

https://packages.sury.org/php/ has an apt.gpg file:

$ gpg --list-options show-keyring apt.gpg 
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa3072 2019-03-18 [SC] [expires: 2021-03-17]
      15058500A0235D97F5D10063B188E2B695BD4743
uid           DEB.SURY.ORG Automatic Signing Key <deb@sury.org>
sub   rsa3072 2019-03-18 [E] [expires: 2021-03-17]

Change 497605 had a related patch set uploaded (by Hashar; owner: Hashar):
[operations/puppet@production] contint: update sury.org gpg key for apt

https://gerrit.wikimedia.org/r/497605

Ok sury.org apt fetch seems fixed for now.

Change 500416 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/config@master] docker: update sury.org GPG key and rebuild containers

https://gerrit.wikimedia.org/r/500416

Change 500416 merged by jenkins-bot:
[integration/config@master] docker: update sury.org GPG key and rebuild containers

https://gerrit.wikimedia.org/r/500416

hashar closed this task as Resolved.Apr 1 2019, 1:37 PM
hashar claimed this task.

Change 497605 merged by Dzahn:
[operations/puppet@production] contint: update sury.org gpg key for apt

https://gerrit.wikimedia.org/r/497605