Missing gpg key: Debian repository is unsusable

[sblaisot]

Following instruction Installation using repository on https://www.erlang-solutions.com/downloads/ result in a unusable repo, the GPG signature used to sign repo is not the one downloadable at repo root.

Can you please publish the missing signing public key?

root@d3501376823b:/# echo "deb http://binaries2.erlang-solutions.com/debian/ bullseye-elixir-1.15 contrib" | tee /etc/apt/sources.list.d/elixir.list
deb http://binaries2.erlang-solutions.com/debian/ bullseye-elixir-1.15 contrib
root@d3501376823b:/# wget https://binaries2.erlang-solutions.com/GPG-KEY-pmanager.asc
--2023-09-11 12:17:23--  https://binaries2.erlang-solutions.com/GPG-KEY-pmanager.asc
Resolving binaries2.erlang-solutions.com (binaries2.erlang-solutions.com)... 99.86.91.115, 99.86.91.120, 99.86.91.105, ...
Connecting to binaries2.erlang-solutions.com (binaries2.erlang-solutions.com)|99.86.91.115|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1335 (1.3K) [application/pgp-keys]
Saving to: ‘GPG-KEY-pmanager.asc’

GPG-KEY-pmanager.asc                           100%[=================================================================================================>]   1.30K  --.-KB/s    in 0s      

2023-09-11 12:17:23 (65.9 MB/s) - ‘GPG-KEY-pmanager.asc’ saved [1335/1335]

root@d3501376823b:/# apt-key add GPG-KEY-pmanager.asc
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK
root@d3501376823b:/# apt update
Hit:1 http://security.debian.org/debian-security bullseye-security InRelease
Get:2 http://binaries2.erlang-solutions.com/debian bullseye-elixir-1.15 InRelease [7165 B]
Hit:3 http://deb.debian.org/debian bullseye InRelease
Hit:4 http://deb.debian.org/debian bullseye-updates InRelease
Err:2 http://binaries2.erlang-solutions.com/debian bullseye-elixir-1.15 InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2D6FA62A5CE3E39E
Reading package lists... Done
W: GPG error: http://binaries2.erlang-solutions.com/debian bullseye-elixir-1.15 InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2D6FA62A5CE3E39E
E: The repository 'http://binaries2.erlang-solutions.com/debian bullseye-elixir-1.15 InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

[sblaisot]

cc @gilacost

[dalbarado]

Working on it, there is an issue on the github runner and not reading the GPG Keys correctly.

[sblaisot]

Hi @dalbarado any news?

[dalbarado]

Continue troubleshooting, I already changed PGP, but aptly over github runner didn't work as expected, because it didn't take pgp anymore. Investigating the issue.

On Mon, 18 Sept 2023 at 03:20, Sebastien BLAISOT @.***> wrote:

Hi @dalbarado https://github.com/dalbarado any news?

— Reply to this email directly, view it on GitHub https://github.com/esl/packages/issues/71#issuecomment-1722812672, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGRO4LHEECJLWDSULSGTTZLX27R3NANCNFSM6AAAAAA4THQGM4 . You are receiving this because you were mentioned.Message ID: @.***>

-- Our upcoming conferences: Code BEAM Europe https://codebeameurope.com: 19-20 October 2023 RabbitMQ Summit https://rabbitmqsummit.com: 20 October 2023

Erlang Solutions cares about your data and privacy; please find all details about the basis for communicating with you and the way we process your data in our Privacy Policy https://www.erlang-solutions.com/privacy-policy.html. You can update your email preferences or opt-out from receiving Marketing emails here. https://forms.erlangsolutions.com/email-preference?epc_hash=JtO6C7Q2rJwCdZxBx3Ad8jI2D4TJum7XcUWcgfjZ8YY

[hjri]

any news? this is still a problem.

[dalbarado]

Problem is fixed now, I have to regenerate the entire repo using a new pgp which is published.