Closed Oscar-21 closed 5 months ago
LBeernaertProton
commented
8 months ago We have recently updated our installer singing key. Is it possible you still have the old key in your system?
See this #460 for instructions on how to remove old keys.
zwets
commented
8 months ago Chiming in here. A similar (the same?) issue with the .deb file for 3.10.0. However the issue appears to be that the release was signed with an expired key:
$ gpg --verify protonmail-bridge_3.10.0-1_amd64.deb.sig
gpg: assuming signed data in 'protonmail-bridge_3.10.0-1_amd64.deb'
gpg: Signature made Wed 06 Mar 2024 13:59:07 EAT
gpg: using RSA key D51E64D3E63EDC3EEF7864CEE2C75D68E6234B07
gpg: Good signature from "Proton Technologies AG (ProtonMail Bridge developers) <bridge@protonmail.ch>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: D51E 64D3 E63E DC3E EF78 64CE E2C7 5D68 E623 4B07
Oscar-21
commented
8 months ago We have recently updated our installer singing key. Is it possible you still have the old key in your system?
See this #460 for instructions on how to remove old keys.
@LBeernaertProton thanks, that worked. ChatGPT and I were under the assumption that an rpm import would overwrite the previous key but it seems I put too much faith in AI!
After I ran the fix you shared I checked the docs for rpm import out of curiosity, they are in a manpage named rpmkeys (at least on fedora) and they don't provide any docs for the --import other than how to use the option, they do leave a hint though in the docs for the -qi option where they note that "you can remove keys after adding 'like files'".
Maybe they can update the article to show the removal instruction for people who had previously installed the keys and are ignorant of this process like I was? Article for installing rpm is here: https://proton.me/support/install-bridge-linux-rpm-file?
Oscar-21
commented
8 months ago Chiming in here. A similar (the same?) issue with the
.debfile for 3.10.0. However the issue appears to be that the release was signed with an expired key:$ gpg --verify protonmail-bridge_3.10.0-1_amd64.deb.sig gpg: assuming signed data in 'protonmail-bridge_3.10.0-1_amd64.deb' gpg: Signature made Wed 06 Mar 2024 13:59:07 EAT gpg: using RSA key D51E64D3E63EDC3EEF7864CEE2C75D68E6234B07 gpg: Good signature from "Proton Technologies AG (ProtonMail Bridge developers) <bridge@protonmail.ch>" [expired] gpg: Note: This key has expired! Primary key fingerprint: D51E 64D3 E63E DC3E EF78 64CE E2C7 5D68 E623 4B07
@zwets the link @LBeernaertProton shared worked for me.
zwets
commented
8 months ago Thanks @Oscar-21. That link has info specific to RPM, so the issue with the deb is different. I will lift it to a new issue, so this one can be closed.
LBeernaertProton
commented
8 months ago @Oscar-21 thanks for point this out to us. We will update the article as soon as possible.
We will close the ticket once this is completed.
ElectroNafta
commented
5 months ago Hey @Oscar-21, we've updated the article. I'll close the ticket.
Issue tracker is ONLY used for reporting bugs with technical details. "It doesn't work" or new features should be discussed with our customer support. Please use bug report function in Bridge or contact bridge@protonmail.ch.
Can not install the latest rpm file.
Expected Behavior
Current Behavior
gpg key is not valid for current rpm
Steps to Reproduce
When using the sig file to try and verify the pub key (both downloaded from github)
Version Information
3.9.1-1