Page MenuHomePhabricator

sury.org packages do not validate gpg
Closed, ResolvedPublic

Description

On apt update I get:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.sury.org jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B188E2B695BD4743

W: Failed to fetch https://packages.sury.org/php/dists/jessie/InRelease  

W: Some index files failed to download. They have been ignored, or old ones used instead.

Event Timeline

hashar created this task.Mar 19 2019, 8:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 19 2019, 8:08 PM

In Puppet we have a key added via T144872

$ gpg --list-options show-keyring ./modules/contint/files/sury-php.gpg
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa4096 2014-09-09 [SC]
      DF3D585DB8F0EB658690A554AC0E47584A7A714D
uid           CZ.NIC Labs Archive Automatic Signing Key <ftpmaster@labs.nic.cz>
sub   rsa4096 2014-09-09 [E]

The new one would be:

$ gpg --search-keys B188E2B695BD4743
gpg: data source: https://192.146.137.99:443
(1)	DEB.SURY.ORG Automatic Signing Key <deb@sury.org>
	  3072 bit RSA key B188E2B695BD4743, created: 2019-03-18, expires: 2021-03-17

https://packages.sury.org/php/ has an apt.gpg file:

$ gpg --list-options show-keyring apt.gpg 
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa3072 2019-03-18 [SC] [expires: 2021-03-17]
      15058500A0235D97F5D10063B188E2B695BD4743
uid           DEB.SURY.ORG Automatic Signing Key <deb@sury.org>
sub   rsa3072 2019-03-18 [E] [expires: 2021-03-17]

Change 497605 had a related patch set uploaded (by Hashar; owner: Hashar):
[operations/puppet@production] contint: update sury.org gpg key for apt

https://gerrit.wikimedia.org/r/497605

Ok sury.org apt fetch seems fixed for now.

Change 500416 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/config@master] docker: update sury.org GPG key and rebuild containers

https://gerrit.wikimedia.org/r/500416

Change 500416 merged by jenkins-bot:
[integration/config@master] docker: update sury.org GPG key and rebuild containers

https://gerrit.wikimedia.org/r/500416

hashar closed this task as Resolved.Mon, Apr 1, 1:37 PM
hashar claimed this task.

Change 497605 merged by Dzahn:
[operations/puppet@production] contint: update sury.org gpg key for apt

https://gerrit.wikimedia.org/r/497605