Closed einwickler closed 1 year ago
Tbanks (and sorry for the confusing docs), I've pushed a new commit to update the install instructions: https://github.com/kpcyrd/sn0int/commit/ed55944e6ed6bf10ee99f085839e5a6f13d70c97
Distributing the signing key through debian was a fun flex but ultimately not worth it. I don't think distributing keys like this was intended by debian.
If I recall correctly WSL1 has compatibility issues with seccomp so sn0int might not run correctly on your system.
Nice, thanks for the quick reply/fix!
Can be closed I guess 👍
and
Yes, it's crashing in WSL1 with:
...Error: Failed to init sandbox
Because: seccomp_load returned error
TL;DR: The information regarding the signing key for the apt package is inconsistent/incorrect/outdated (and there is a key mismatch too?).
DISCLAIMER: Please excuse me if any of what I'm stating is incorrect and due to user error. This is definitely not an area I have too much knowledge of. In fact the last hour was the first time actually trying to get some understanding how the signing mechanism in debian packages is working (thanks for the lesson lol), so please excuse me if I state obvious things like a know-it-all. And lastly I hope collecting these things in one issue is okay.
Problems:
The installation instructions for Debian/Ubuntu in the README differ from the instructions in the main documentation
The instructions in README.md tell you to use
apt-key
but apt screams at you that it's deprecated if you still use it. I guess the instructions from the main documentation is more up-to-date here?The installation instructions in the documentation uses the wrong format
The documentation tells you to import the key from the debian keyring with
gpg -a --export --keyring /usr/share/keyrings/debian-maintainers.gpg kpcyrd@archlinux.org | sudo tee /etc/apt/trusted.gpg.d/apt-vulns-sexy.gpg
The-a
tellsgpg
to create ASCII armored output but it's getting redirected to a file with.gpg
extension. TheDEPRECATION
section of theapt-key
manpage finally gave the hint here:If you use the correct format, you still get an invalid signature
If you import the key from the debian keyring as stated above an
apt update
gets you:further investigation shows that a
gpg -k --keyring /usr/share/keyrings/debian-maintainers.gpg git@rxv.cc
gives you:so I assume this is just an old key and the
debian-keyring
package needs to be updated?I was able to update from the repository after I got the new key with
gpg --keyserver keyring.debian.org --recv-keys 0x45A650E2638C536D
and exported it withgpg -a --export 0x45A650E2638C536D | sudo tee /etc/apt/trusted.gpg.d/apt-vulns-sexy.asc
. Of coursegpg --export 0x45A650E2638C536D | sudo tee /etc/apt/trusted.gpg.d/apt-vulns-sexy.gpg
works too, but the binary output from tee messes with your terminal yada yada...I hope this mess helps you in any way. Cheers!
Versions
Environment