search

postgrespro / pg_probackup

Backup and recovery manager for PostgreSQL
https://postgrespro.github.io/pg_probackup/
Other
712 stars 86 forks source link

Debian 11 - bullseye #566

Open sgrinko opened 1 year ago

sgrinko commented 1 year ago

With this OS there is a problem with installing the repository key.

RUN echo "deb [arch=amd64] https://repo.postgrespro.ru/pg_probackup/deb/ $DEBIAN_RELEASE main-$DEBIAN_RELEASE" > /etc/apt/sources.list.d/pg_probackup.list \
      && wget -O - https://repo.postgrespro.ru/pg_probackup/keys/GPG-KEY-PG_PROBACKUP | apt-key add - \
      && apt-get update \

out

--2022-11-15 07:13:46--  https://repo.postgrespro.ru/pg_probackup/keys/GPG-KEY-PG_PROBACKUP
Распознаётся repo.postgrespro.ru (repo.postgrespro.ru)… Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
213.171.56.11
Подключение к repo.postgrespro.ru (repo.postgrespro.ru)|213.171.56.11|:443... соединение установлено.
ОШИБКА: Нет доверия сертификату для «repo.postgrespro.ru».
ОШИБКА: Неизвестный издатель сертификата «repo.postgrespro.ru».
gpg: no valid OpenPGP data found.

apt-key is deprecated - Now you need to refuse to use this utility

I solved the problem with such commands:

wget --no-check-certificate -O - https://repo.postgrespro.ru/pg_probackup/keys/GPG-KEY-PG_PROBACKUP | gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/GPG-KEY-PG_PROBACKUP.gpg --import
chmod 644 /etc/apt/trusted.gpg.d/GPG-KEY-PG_PROBACKUP.gpg

out:

gpg: keyring '/etc/apt/trusted.gpg.d/GPG-KEY-PG_PROBACKUP.gpg' created
--2022-11-14 15:47:12--  https://repo.postgrespro.ru/pg_probackup/keys/GPG-KEY-PG_PROBACKUP
Распознаётся repo.postgrespro.ru (repo.postgrespro.ru)… 213.171.56.11
Подключение к repo.postgrespro.ru (repo.postgrespro.ru)|213.171.56.11|:443... соединение установлено.
ПРЕДУПРЕЖДЕНИЕ: Нет доверия сертификату для «repo.postgrespro.ru».
ПРЕДУПРЕЖДЕНИЕ: Неизвестный издатель сертификата «repo.postgrespro.ru».
HTTP-запрос отправлен. Ожидание ответа… 200 OK
Длина: 3120 (3,0K) [application/octet-stream]
...
Reading package lists...
W: https://repo.postgrespro.ru/pg_probackup/deb/dists/bullseye/InRelease: No system certificates available. Try installing ca-certificates.
W: Failed to fetch https://repo.postgrespro.ru/pg_probackup/deb/dists/bullseye/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 213.171.56.11 443]
W: Some index files failed to download. They have been ignored, or old ones used instead.
...
E: Unable to locate package pg-probackup-14

This command apt-get update was not completed.

I ask you to finalize before compatibility with Debian 11

Thank you!

xinferum commented 1 year ago

We look forward to fixing this issue. For this reason, it is not possible to build new docker containers with PostgreSQL.

sgrinko commented 1 year ago 
W: Failed to fetch https://repo.postgrespro.ru/pg_probackup/deb/dists/bullseye/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 213.171.56.11 443]

I managed to fix it by install ca-certificates

apt-get install ca-certificates

I would like to listen to your opinion about this problem in your repository. My solution is correct?

asavchkov commented 11 months ago

I can't reproduce the certificate error on a clean Debian 11.7 (latest at the moment) Docker image. Please follow the installation instructions and check if the problem still exists. Major CA certificates like the one repo.postgrespro.ru is using are built into OS distributions so normally you don't have to install them separately.

ADMDevMit commented 10 months ago

Change key filename GPG-KEY-PG_PROBACKUP to GPG-KEY-PG-PROBACKUP: https://repo.postgrespro.ru/pg_probackup/keys/GPG-KEY-PG-PROBACKUP

...but the right and secure way to add repo\store key is:

# Установка pg_probackup
RUN mkdir -p /etc/apt/keyrings && \
    # Установка ключа и репозитория
    curl -o /tmp/pg_probackup.asc https://repo.postgrespro.ru/pg_probackup/keys/GPG-KEY-PG-PROBACKUP && \
    gpg --no-default-keyring --keyring /tmp/keyring.gpg --import /tmp/pg_probackup.asc && \
    gpg --no-default-keyring --keyring /tmp/keyring.gpg --export --output /etc/apt/keyrings/pg_probackup.gpg && \
    sh -c 'echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/pg_probackup.gpg] https://repo.postgrespro.ru/pg_probackup/deb/ $(lsb_release -cs) main-$(lsb_release -cs)" > /etc/apt/sources.list.d/pg_probackup.list' && \
    rm /tmp/pg_probackup.asc && \
    rm /tmp/keyring.gpg && \
    # Установка пакетов
    apt-get update && \
    apt-get install pg-probackup-$NODE_PG_VERSION && \
    apt-get install pg-probackup-$NODE_PG_VERSION-dbg && \
    ln -sr /usr/bin/pg_probackup-$NODE_PG_VERSION /usr/bin/pg_probackup

from https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace-the-deprecated-apt-key