Bug: nginx apt-key expired

[jcdevnj]

What was The Command Used To Provision

vagrant plugin install --local
vagrant up --provision

What Kind of VVV Provision Was This

This was a fresh install

Logs/What Broke

The 'main' provisioner ran into problems as the nginx signing key is expired. GPG throws an error and the provisioner fails.

Possible Solution

Replace provision/core/nginx/apt-keys/nginx_signing.key with the most recent key, as described in this ticket. Doesn't fix the issue for environments that have already been provisioned though as simply replacing the key in this directory doesn't make the provisioner succeed.

Steps to Reproduce (for bugs)

Follow the "How to Use" instructions in README.md of this repo.

Log

__ __ __ __
\ V\ V\ V / v3.13 Ruby:3.1.3, Path:"C:/Users/justi/vvv-3/VVV"
 \_/\_/\_/  git::develop(c4250187)

Platform: mingw32 windows  missingWinAdminPriv  vagrant-goodhosts monochrome-terminal shared_db_folder_disabled
Vagrant: v2.4.0, virtualbox: v7.0.12

Docs:       https://varyingvagrantvagrants.org/
Contribute: https://github.com/varying-vagrant-vagrants/vvv
Dashboard:  http://vvv.test

Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'bento/ubuntu-20.04'...
==> default: Matching MAC address for NAT networking...
==> default: Setting the name of the VM: VVV_288954be1b5
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
    default: Adapter 2: hostonly
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: Warning: Connection reset. Retrying...
    default: Warning: Connection aborted. Retrying...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
==> default: [vagrant-goodhosts] - found entry for: 192.168.56.4 vvv.test
==> default: [vagrant-goodhosts] - found entry for: 192.168.56.4 one.wordpress.test
==> default: [vagrant-goodhosts] - found entry for: 192.168.56.4 two.wordpress.test
==> default: [vagrant-goodhosts] - found entry for: 192.168.56.4 vvv.test
==> default: [vagrant-goodhosts] - found entry for: 192.168.56.4 one.wordpress.test
==> default: [vagrant-goodhosts] - found entry for: 192.168.56.4 two.wordpress.test
==> default: [vagrant-goodhosts] - found entry for: 192.168.56.4 vvv.test
==> default: [vagrant-goodhosts] - found entry for: 192.168.56.4 one.wordpress.test
==> default: [vagrant-goodhosts] - found entry for: 192.168.56.4 two.wordpress.test
==> default: [vagrant-goodhosts] - found entry for: 192.168.56.4 vvv.test
==> default: [vagrant-goodhosts] - found entry for: 192.168.56.4 one.wordpress.test
==> default: [vagrant-goodhosts] - found entry for: 192.168.56.4 two.wordpress.test
==> default: [vagrant-goodhosts] Checking for host entries
==> default: [vagrant-goodhosts] Finished processing
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Mounting shared folders...
    default: /srv/www => C:/Users/justi/vvv-3/VVV/www
    default: /srv/config => C:/Users/justi/vvv-3/VVV/config
    default: /var/log/php => C:/Users/justi/vvv-3/VVV/log/php
    default: /srv/database => C:/Users/justi/vvv-3/VVV/database/sql
    default: /var/log/nginx => C:/Users/justi/vvv-3/VVV/log/nginx
    default: /srv/provision => C:/Users/justi/vvv-3/VVV/provision
    default: /srv/certificates => C:/Users/justi/vvv-3/VVV/certificates
    default: /var/log/memcached => C:/Users/justi/vvv-3/VVV/log/memcached
    default: /var/log/provisioners => C:/Users/justi/vvv-3/VVV/log/provisioners
==> default: Detected mount owner ID within mount options. (uid: 0 guestpath: /var/log/memcached)
==> default: Detected mount group ID within mount options. (gid: 0 guestpath: /var/log/memcached)
==> default: Detected mount owner ID within mount options. (uid: 0 guestpath: /var/log/nginx)
==> default: Detected mount group ID within mount options. (gid: 0 guestpath: /var/log/nginx)
==> default: Detected mount owner ID within mount options. (uid: 0 guestpath: /var/log/php)
==> default: Detected mount group ID within mount options. (gid: 0 guestpath: /var/log/php)
==> default: Detected mount owner ID within mount options. (uid: 0 guestpath: /var/log/provisioners)
==> default: Detected mount group ID within mount options. (gid: 0 guestpath: /var/log/provisioners)
==> default: Detected mount owner ID within mount options. (uid: 1000 guestpath: /srv/www)
==> default: Detected mount group ID within mount options. (gid: 33 guestpath: /srv/www)
==> default: Running provisioner: file...
    default: C:/Users/justi/vvv-3/VVV/version => /home/vagrant/version
==> default: Running provisioner: pre-provision-script (shell)...
    default: Running: inline script
    default:
    default:     ▄▀▀▀▄▄▄▄▄▄▄▀▀▀▄    ▄   ▄    A full provision will take a bit.
    default:     █▒▒░░░░░░░░░▒▒█   █   █     Sit back, relax, and have some tea.
    default:      █░░█░░░░░█░░█   ▀   ▀
    default:   ▄▄  █░░░▀█▀░░░█   █▀▀▀▀▀▀█    If you didn't want to provision you can
    default:  █░░█ ▀▄░░░░░░░▄▀▄▀▀█      █    turn VVV on with 'vagrant up'.
    default: ───────────────────────────────────────────────────────────────────────
    default:
==> default: Running provisioner: default (shell)...
    default: Running: C:/Users/justi/AppData/Local/Temp/vagrant-shell20240614-19616-zm8pmf.sh
    default:  - skipping ntpdate clock sync, not installed yet
    default:  ▷ Running the 'main' provisioner...
    default:  ▷ Running init hook
    default:  * Bash profile setup and directories.
    default:  * Reloading SSH Daemon
    default:  * checking Ubuntu version
    default:  * Copying /srv/provision/core/vvv/apt-conf-d/99hashmismatch to /etc/apt/apt.conf.d/99hashmismatch
    default:  ✔ Finished init hook in 0s
    default:  * Testing network connection to https://ppa.launchpadcontent.net with wget -q --spider --timeout=5 --tries=3 https://ppa.launchpadcontent.net
    default:  * Successful Network connection to https://ppa.launchpadcontent.net detected
    default:  * Testing network connection to https://wordpress.org with wget -q --spider --timeout=5 --tries=3 https://wordpress.org
    default:  * Successful Network connection to https://wordpress.org detected
    default:  * Testing network connection to https://github.com with wget -q --spider --timeout=5 --tries=3 https://github.com
    default:  * Successful Network connection to https://github.com detected
    default:  * Testing network connection to https://raw.githubusercontent.com with wget -q --spider --timeout=5 --tries=3 https://raw.githubusercontent.com
    default:  * Successful Network connection to https://raw.githubusercontent.com detected
    default:  * Testing network connection to https://getcomposer.org with wget -q --spider --timeout=5 --tries=3 https://getcomposer.org
    default:  * Successful Network connection to https://getcomposer.org detected
    default:  * Testing network connection to https://deb.nodesource.com with wget -q --spider --timeout=5 --tries=3 https://deb.nodesource.com
    default:  * Successful Network connection to https://deb.nodesource.com detected
    default:  * Testing network connection to https://mirror.rackspace.com with wget -q --spider --timeout=5 --tries=3 https://mirror.rackspace.com
    default:  * Successful Network connection to https://mirror.rackspace.com detected
    default:  * Network checks succeeded
    default:  * Apt package install pre-checks
    default:  ▷ Running before_packages hook
    default:  * Setting up MySQL configuration file links...
    default:  * creating mysql group
    default:  * adding the mysql user
    default:  * Copying /srv/provision/core/mariadb/config/vvv-core.cnf to /etc/mysql/conf.d/vvv-core.cnf
    default:  * Checking supplementary PHP configs
    default:  ✔ Finished before_packages hook in 0s
    default:  * Registering apt keys
    default:  ▷ Running register_apt_keys hook
    default:  * Applying the PackageCloud Git-LFS signing key...
    default: OK
    default:  * Applying the MariaDB signing key...
    default: OK
    default:  * Applying Nginx signing key...
    default: OK
    default:  ✔ Finished register_apt_keys hook in 1s
    default:  * Registering apt sources
    default:  ▷ Running register_apt_sources hook
    default:  * Applying the VVV mirror signing key...
    default: OK
    default:  * Adding ppa:git-core/ppa repository
    default: Hit:1 http://us.archive.ubuntu.com/ubuntu focal InRelease
    default: Get:2 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease [128 kB]
    default: Get:3 http://ppa.launchpad.net/git-core/ppa/ubuntu focal InRelease [24.6 kB]
    default: Get:4 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease [128 kB]
    default: Get:5 http://us.archive.ubuntu.com/ubuntu focal-security InRelease [128 kB]
    default: Get:6 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [3,359 kB]
    default: Get:7 http://us.archive.ubuntu.com/ubuntu focal-updates/main Translation-en [528 kB]
    default: Get:8 http://us.archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [2,979 kB]
    default: Get:9 http://ppa.launchpad.net/git-core/ppa/ubuntu focal/main amd64 Packages [3,032 B]
    default: Get:10 http://ppa.launchpad.net/git-core/ppa/ubuntu focal/main Translation-en [2,252 B]
    default: Get:11 http://us.archive.ubuntu.com/ubuntu focal-updates/restricted Translation-en [417 kB]
    default: Get:12 http://us.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1,194 kB]
    default: Get:13 http://us.archive.ubuntu.com/ubuntu focal-updates/universe Translation-en [287 kB]
    default: Get:14 http://us.archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [26.2 kB]
    default: Get:15 http://us.archive.ubuntu.com/ubuntu focal-updates/multiverse Translation-en [7,880 B]
    default: Get:16 http://us.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages [2,984 kB]
    default: Get:17 http://us.archive.ubuntu.com/ubuntu focal-security/main Translation-en [447 kB]
    default: Get:18 http://us.archive.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [2,863 kB]
    default: Get:19 http://us.archive.ubuntu.com/ubuntu focal-security/restricted Translation-en [401 kB]
    default: Get:20 http://us.archive.ubuntu.com/ubuntu focal-security/universe amd64 Packages [966 kB]
    default: Get:21 http://us.archive.ubuntu.com/ubuntu focal-security/universe Translation-en [204 kB]
    default: Get:22 http://us.archive.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [24.0 kB]
    default: Get:23 http://us.archive.ubuntu.com/ubuntu focal-security/multiverse Translation-en [5,904 B]
    default: Fetched 17.1 MB in 3s (5,158 kB/s)
    default: Reading package lists...
    default:  * git-core/ppa added
    default:  * installing MariaDB apt sources
    default:  * Applying the Ondřej PHP signing key...
    default: OK
    default:  ✔ Finished register_apt_sources hook in 8s
    default:  * Upgrading apt packages
    default:  * Updating apt keys
    default: gpg: key 3B4FE6ACC0B21F32: 3 signatures not checked due to missing keys
    default: gpg: key 3B4FE6ACC0B21F32: "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>" not changed
    default: gpg: key D94AA3F0EFE21092: 3 signatures not checked due to missing keys
    default: gpg: key D94AA3F0EFE21092: "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" not changed
    default: gpg: key 871920D1991BC93C: 1 signature not checked due to a missing key
    default: gpg: key 871920D1991BC93C: "Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>" not changed
    default: gpg: Total number processed: 3
    default: gpg:              unchanged: 3
    default:  * Running apt-get update...
    default: Get:1 https://mirror.rackspace.com/mariadb/repo/10.5/ubuntu focal InRelease [7,767 B]
    default: Get:2 http://us.archive.ubuntu.com/ubuntu focal InRelease [265 kB]
    default: Get:3 https://mirror.rackspace.com/mariadb/repo/10.5/ubuntu focal/main Sources [1,845 B]
    default: Get:4 http://ppa.launchpad.net/git-core/ppa/ubuntu focal InRelease [24.6 kB]
    default: Get:5 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease [128 kB]
    default: Get:6 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease [128 kB]
    default: Get:7 https://mirror.rackspace.com/mariadb/repo/10.5/ubuntu focal/main arm64 Packages [16.7 kB]
    default: Get:8 http://us.archive.ubuntu.com/ubuntu focal-security InRelease [128 kB]
    default: Get:9 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages [970 kB]
    default: Get:10 https://mirror.rackspace.com/mariadb/repo/10.5/ubuntu focal/main ppc64el Packages [16.7 kB]
    default: Get:11 https://ppa.launchpadcontent.net/ondrej/php/ubuntu focal InRelease [24.6 kB]
    default: Get:13 http://us.archive.ubuntu.com/ubuntu focal/main Translation-en [506 kB]
    default: Get:14 https://nginx.org/packages/mainline/ubuntu focal InRelease [3,602 B]
    default: Get:15 https://mirror.rackspace.com/mariadb/repo/10.5/ubuntu focal/main s390x Packages [15.7 kB]
    default: Get:16 http://us.archive.ubuntu.com/ubuntu focal/restricted amd64 Packages [22.0 kB]
    default: Get:17 http://us.archive.ubuntu.com/ubuntu focal/restricted Translation-en [6,212 B]
    default: Get:18 http://us.archive.ubuntu.com/ubuntu focal/universe amd64 Packages [8,628 kB]
    default: Get:19 https://mirror.rackspace.com/mariadb/repo/10.5/ubuntu focal/main amd64 Packages [17.4 kB]
    default: Get:20 http://us.archive.ubuntu.com/ubuntu focal/universe Translation-en [5,124 kB]
    default: Get:21 http://us.archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [144 kB]
    default: Get:22 http://us.archive.ubuntu.com/ubuntu focal/multiverse Translation-en [104 kB]
    default: Get:23 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [3,359 kB]
    default: Get:12 https://packagecloud.io/github/git-lfs/ubuntu focal InRelease [28.0 kB]
    default: Get:24 http://us.archive.ubuntu.com/ubuntu focal-updates/main Translation-en [528 kB]
    default: Get:25 http://us.archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [2,979 kB]
    default: Get:26 http://ppa.launchpad.net/git-core/ppa/ubuntu focal/main amd64 Packages [3,032 B]
    default: Get:27 http://ppa.launchpad.net/git-core/ppa/ubuntu focal/main Translation-en [2,252 B]
    default: Get:28 http://us.archive.ubuntu.com/ubuntu focal-updates/restricted Translation-en [417 kB]
    default: Get:29 http://us.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1,194 kB]
    default: Get:30 http://us.archive.ubuntu.com/ubuntu focal-updates/universe Translation-en [287 kB]
    default: Err:14 https://nginx.org/packages/mainline/ubuntu focal InRelease
    default:   The following signatures were invalid: EXPKEYSIG ABF5BD827BD9BF62 nginx signing key <signing-key@nginx.com>
    default: Get:31 http://us.archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [26.2 kB]
    default: Get:32 https://ppa.launchpadcontent.net/ondrej/php/ubuntu focal/main Sources [47.3 kB]
    default: Get:33 http://us.archive.ubuntu.com/ubuntu focal-updates/multiverse Translation-en [7,880 B]
    default: Get:34 http://us.archive.ubuntu.com/ubuntu focal-backports/main amd64 Packages [45.7 kB]
    default: Get:35 http://us.archive.ubuntu.com/ubuntu focal-backports/main Translation-en [16.3 kB]
    default: Get:36 http://us.archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [25.0 kB]
    default: Get:37 http://us.archive.ubuntu.com/ubuntu focal-backports/universe Translation-en [16.3 kB]
    default: Get:38 http://us.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages [2,984 kB]
    default: Get:39 https://ppa.launchpadcontent.net/ondrej/php/ubuntu focal/main amd64 Packages [127 kB]
    default: Get:40 http://us.archive.ubuntu.com/ubuntu focal-security/main Translation-en [447 kB]
    default: Get:41 https://ppa.launchpadcontent.net/ondrej/php/ubuntu focal/main Translation-en [40.4 kB]
    default: Get:43 http://us.archive.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [2,863 kB]
    default: Get:44 http://us.archive.ubuntu.com/ubuntu focal-security/restricted Translation-en [401 kB]
    default: Get:45 http://us.archive.ubuntu.com/ubuntu focal-security/universe amd64 Packages [966 kB]
    default: Get:46 http://us.archive.ubuntu.com/ubuntu focal-security/universe Translation-en [204 kB]
    default: Get:47 http://us.archive.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [24.0 kB]
    default: Get:48 http://us.archive.ubuntu.com/ubuntu focal-security/multiverse Translation-en [5,904 B]
    default: Get:42 https://packagecloud.io/github/git-lfs/ubuntu focal/main amd64 Packages [3,588 B]
    default: Reading package lists...
    default: W: GPG error: https://nginx.org/packages/mainline/ubuntu focal InRelease: The following signatures were invalid: EXPKEYSIG ABF5BD827BD9BF62 nginx signing key <signing-key@nginx.com>
    default: E: The repository 'https://nginx.org/packages/mainline/ubuntu focal InRelease' is not signed.
    default:  ! The 'main' provisioner ran into problems, the full log is available at '/var/log/provisioners/2024.06.14_18-31-46/provisioner-main.log'. It completed in 17 seconds.
    default:  * Restoring the default PHP CLI version ( 8.2 )
    default: update-alternatives: error: no alternatives for php
    default: update-alternatives: error: no alternatives for phar
    default: update-alternatives: error: no alternatives for phar.phar
    default: update-alternatives: error: no alternatives for phpize
    default: update-alternatives: error: no alternatives for php-config
    default:  * Restoration complete
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

[welcome[bot]]

Thanks for opening your first issue here! Be sure to follow the issue template and include your OS/Vagrant/VVV versions! Don't forget you can get support in the VVV slack at https://varyingvagrantvagrants.org/docs/en-US/slack/

VVV

VVV Slack Workspace

Join the VVV Slack Workspace

[jcdevnj]

Workaround for fixing a VVV environment that has been provisioned at least once before. Not sure if this is best practice, but it did work for me:

vagrant up
vagrant ssh
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
apt-key add /usr/share/keyrings/nginx-archive-keyring.gpg
exit
vagrant reload --provision

[tomjn]

https://github.com/Varying-Vagrant-Vagrants/VVV/blob/develop/provision/core/nginx/apt-keys/nginx_signing.key is indeed the file that needs updating

GitHub

VVV/provision/core/nginx/apt-keys/nginx_signing.key at develop · Varying-Vagrant-Vagrants/VVV

An open source Vagrant configuration for developing with WordPress - Varying-Vagrant-Vagrants/VVV

[tomjn]

@jcdevnj can you help test the PR? if we swap the key out as is it won't fix it for existing users as it'll only add the key if it there is no nginx key, I've tried explicitly checking for the old key in the PR, currently testing

[tomjn]

hmm CI failed with an invalid keyring error, I'm wondering if I've messed up the GPG commit

[tomjn]

Fixed the CRLF issue and configured git to treat GPG keyrings as binary

[tomjn]

I'm happy with things from my testing but before I merge the fix in I want to see someone else test that PR and check things. Once it's merged there'll be a VVV release to make sure it's on the stable branch

[jcdevnj]

@tomjn Just tested your branch and provisioning & re-provisioning works for me now!