search

jotta / jotta-cli-issues

45 stars 1 forks source link

RPM-based installation fails: Error: GPG check FAILED #190

Closed krair closed 1 year ago

krair commented 1 year ago

Make sure you are running the latest version of jotta-cli before reporting an issue.

jotta-cli release (jotta-cli version): 0.15.80533

Description of problem: Fedora 38: Trying to update jotta-cli to the newest version (0.15.84961) results in a GPG key error:

error: Verifying a signature using certificate E2CBEED2DECB21BF686AB4B37DEFBCE9947F9F0F (Jottacloud Packaging Team <packaging@jottacloud.com>):
  1. Certificiate 7DEFBCE9947F9F0F invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2022-10-22T13:13:25Z
  2. Key 7DEFBCE9947F9F0F invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2022-10-22T13:13:25Z
error: Verifying a signature using certificate E2CBEED2DECB21BF686AB4B37DEFBCE9947F9F0F (Jottacloud Packaging Team <packaging@jottacloud.com>):
  1. Certificiate 7DEFBCE9947F9F0F invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2022-10-22T13:13:25Z
  2. Key 7DEFBCE9947F9F0F invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2022-10-22T13:13:25Z
Jottacloud CLI                                   12 kB/s | 3.5 kB     00:00    
GPG key at https://repo.jotta.us/public.gpg (0x947F9F0F) is already installed
The GPG keys listed for the "Jottacloud CLI" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: jotta-cli-0.15.84961-2.x86_64
 GPG Keys are configured as: https://repo.jotta.us/public.gpg

Expected: Update with non-expired GPG keys.

jotta-cli status (jotta-cli status):

Relevant logs for the issue (~/.jottad/jottabackup.log or /var/lib/jotta/jottabackup.log )

Traceback

Additional info:

existemi commented 1 year ago

Hi @krair.

You need to update the GPG key on your system. The key https://repo.jotta.us/public.gpg is already renewed, but because your system has it installed it will not automatically download it again.

I believe this can be done by executing

sudo rpm --import https://repo.jotta.us/public.gpg
krair commented 1 year ago

Thank you for the hint!

Running the import command did not actually do anything as the original was still installed. The only way was to first manually delete the correct key, and then import the new one. For anyone finding this issue later, the steps were:

  1. See if the key is still a problem 
    $ sudo rpm -qa gpg*
gpg-pubkey-38ab71f4-60242b08
gpg-pubkey-d651ff2e-5dadbbc1
gpg-pubkey-94843c65-5dadbc64
gpg-pubkey-222d23d0-5910b0f0
gpg-pubkey-947f9f0f-59edeaf5
gpg-pubkey-3e0265ac-5ce627a2
gpg-pubkey-80e8bfc3-5ef39d43
gpg-pubkey-5323552a-6112bcdc
error: Verifying a signature using certificate E2CBEED2DECB21BF686AB4B37DEFBCE9947F9F0F (Jottacloud Packaging Team <packaging@jottacloud.com>):
1. Certificiate 7DEFBCE9947F9F0F invalid: certificate is not alive
  because: The primary key is not live
  because: Expired on 2022-10-22T13:13:25Z
2. Key 7DEFBCE9947F9F0F invalid: key is not alive
  because: The primary key is not live
  because: Expired on 2022-10-22T13:13:25Z
  2. This shows the problem key, but it not easy to identify WHICH key I should delete. So a further query using: 
    sudo rpm -qi gpg-pubkey-*

    This spit out the info for every installed key. Scrolling through I found the Jottacloud key which looked like:

    Name        : gpg-pubkey
Version     : 947f9f0f
Release     : 59edeaf5
Architecture: (none)
Install Date: Thu 04 Aug 2022 05:14:32 PM CEST
Group       : Public Keys
Size        : 0
License     : pubkey
Signature   : (none)
Source RPM  : (none)
Build Date  : Mon 23 Oct 2017 03:13:25 PM CEST
Build Host  : localhost
Packager    : Jottacloud Packaging Team <packaging@jottacloud.com>
Summary     : Jottacloud Packaging Team <packaging@jottacloud.com> public key
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.17.1 (NSS-3)
...
  3. The "Version" and "Release" above are the key pieces we need. To delete the correct key, now I use: 
    $ sudo rpm -e gpg-pubkey-947f9f0f-59edeaf5
  4. NOW run the import command listed above: 
    $ sudo rpm --import https://repo.jotta.us/public.gpg
  5. Verify the issue is resolved: 
    $ sudo rpm -qa gpg*
gpg-pubkey-38ab71f4-60242b08
gpg-pubkey-d651ff2e-5dadbbc1
gpg-pubkey-94843c65-5dadbc64
gpg-pubkey-222d23d0-5910b0f0
gpg-pubkey-3e0265ac-5ce627a2
gpg-pubkey-80e8bfc3-5ef39d43
gpg-pubkey-5323552a-6112bcdc
gpg-pubkey-eb10b464-6202d9c6
gpgme-1.17.1-3.fc38.x86_64
gpgmepp-1.17.1-3.fc38.x86_64
gpg-pubkey-947f9f0f-59edeaf5

    No issues this time. The package was able to install afterwards.