search

phusion / passenger_apt_automation

Tools for automatically building a Debian APT repository for Phusion Passenger
MIT License
20 stars 20 forks source link

Bad Release Signature for Bionic Packages #27

Closed tierra closed 5 years ago

tierra commented 5 years ago

There seems to have been a regression with the latest GPG signatures for Ubuntu Bionic pacakges in the APT repository:

$ wget https://oss-binaries.phusionpassenger.com/apt/passenger/dists/bionic/Release
$ wget https://oss-binaries.phusionpassenger.com/apt/passenger/dists/bionic/Release.gpg
$ gpg --verify Release.gpg Release
gpg: Signature made Mon 12 Nov 2018 06:35:37 AM MST
gpg:                using RSA key 561F9B9CAC40B2F7
gpg: BAD signature from "Phusion Automated Software Signing (Used by automated tools to sign software packages) <auto-software-signing@phusion.nl>" [unknown]

This is with the official public GPG key installed:

pub   rsa4096 2013-06-30 [SC]
      16378A33A6EF16762922526E561F9B9CAC40B2F7
uid           [ unknown] Phusion Automated Software Signing (Used by automated tools to sign software packages) <auto-software-signing@phusion.nl>
sub   rsa4096 2013-06-30 [E]
FooBarWidget commented 5 years ago

We were performing an update on the GPG key, looks like something went wrong. This has been fixed now.

tierra commented 5 years ago

Thanks for quick solve!