search

jitsi / jitsi-videobridge

Jitsi Videobridge is a WebRTC compatible video router or SFU that lets build highly scalable video conferencing infrastructure (i.e., up to hundreds of conferences per server).
https://jitsi.org/jitsi-videobridge
Apache License 2.0
2.91k stars 989 forks source link

Unavailable Debian archive key B4D2D216F1FD7806 #1634

Open paulmenzel opened 3 years ago

paulmenzel commented 3 years ago

With

deb https://download.jitsi.org unstable/

running apt update, the messages below are shown.

Get:4 https://download.jitsi.org unstable/ InRelease [1,888 B]                               
Err:4 https://download.jitsi.org unstable/ InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B4D2D216F1FD7806
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://download.jitsi.org unstable/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B4D2D216F1FD7806
W: Failed to fetch https://download.jitsi.org/unstable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B4D2D216F1FD7806
W: Some index files failed to download. They have been ignored, or old ones used instead.

Installing jitsi-archive-keyring/unstable does not help either.

paulmenzel commented 3 years ago

Purging the package jitsi-archive-keyring again, and manually installing the keyring as described in the Self-Hosting Guide worked around the issue. (s/stable/unstable/ for my usecase.)

curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org unstable/' | sudo tee /etc/apt/sources.list.d/jitsi-unstable.list > /dev/null

The the packages could be installed. It looks like jitsi-meet also has some scripts to remove the old key.

Setting up jitsi-meet (2.0.5792-1) ...
We found the old key EF8B479E2DC1389C, which is no longer valid and we removed it.

Still a working upgrade path to rotate keys seems to be missing.

damencho commented 3 years ago

Still a working upgrade path to rotate keys seems to be missing.

Yes, this is known and we will work on fixing that. This concerns all debian packages we create.

bs27975 commented 2 years ago

Purging the package jitsi-archive-keyring again, and manually installing the keyring ...

Purging the package also solved the NO_PUBKEY B4D2D216F1FD7806 issue for me. Chased my tail for much time until google-fu got me to that comment - thanks for making it. Wish the solution had been more prominent in my googling. Maybe this comment will help with that. Manual install done but not helpful until.

Did purge, but remove might have worked too.

# apt-get purge jitsi-archive-keyring

is what fixed the problem for me, however, it auto-removed jitsi too.

# apt-get install jitsi

showed it did nothing - so the auto-removed jitsi apt-get message seems not credible.