search

processone / ejabberd

Robust, Ubiquitous and Massively Scalable Messaging Platform (XMPP, MQTT, SIP Server)
https://www.process-one.net/en/ejabberd/
Other
6k stars 1.5k forks source link

repo.process-one.net gpg key expired 17/03/2024 #4179

Closed bronkoo closed 3 months ago

bronkoo commented 3 months ago

Before creating a ticket, please consider if this should fit the discussion forum better.

Environment

Bug description

Trying to update from 23.10 to 24.02 and get these:

# apt update .... W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://repo.process-one.net/deb stable InRelease: The following signatures were invalid: EXPKEYSIG 6F97DBF7353A8563 ejabberd <contact@process-one.net> W: Failed to fetch https://repo.process-one.net/deb/dists/stable/InRelease The following signatures were invalid: EXPKEYSIG 6F97DBF7353A8563 ejabberd <contact@process-one.net> W: Some index files failed to download. They have been ignored, or old ones used instead.

# apt-key list /etc/apt/trusted.gpg.d/ejabberd.gpg pub rsa3072 2022-03-18 [SC] [expired: 2024-03-17] 651C 08E9 330D D31D 8D7D F23A 6F97 DBF7 353A 8563 uid [ expired] ejabberd <contact@process-one.net>

Since two days expired, so we need a new one, same here: https://repo.process-one.net/ejabberd.gpg

By the way, the upgrade tutorial https://docs.ejabberd.im/admin/upgrade/from_23.10_to_24.02/ is available but not linked here:

https://docs.ejabberd.im/admin/upgrade/#specific-version-upgrade-notes

bestperson-free commented 3 months ago

Not only when updating, but also when installing or updating the system. I wrote on the forum, there is also silence there over the past few days, the key has become invalid, on different servers, when updating and installing, how can this be fixed Screenshot_20240319_230406

ch0ccyra1n commented 3 months ago

I suppose all that can be done for now is to hope the keyholder updates to a new key

bronkoo commented 3 months ago

I suppose all that can be done for now is to hope the keyholder updates to a new key

That's what the issue is for... ;-)

mremond commented 3 months ago

Thanks, we will have a look.

Metalhearf commented 3 months ago

Thank you for notifying us of this issue.

What happened

The GPG key associated with the official repository expired a few days ago.

What we did

To address this, I have deactivated the expiry on the key (see how).

Additionally, I have added a message about this expiration to the repo landing page for future reference, linking back to this issue.

How to fix

If you have already added the (now expired) key before, you should get back on tracks with: 

curl -o /etc/apt/trusted.gpg.d/ejabberd.gpg https://repo.process-one.net/ejabberd.gpg
apt update
apt install ejabberd

For RPM users

See @volga629-1 answer below : https://github.com/processone/ejabberd/issues/4179#issuecomment-2198243373

If you encounter any other issues, feel free to notify us here.

volga629-1 commented 5 days ago

For RPM packages issue still persist 

Running transaction check
Transaction check succeeded.
Running transaction test
RPM: error: Verifying a signature using certificate 651C08E9330DD31D8D7DF23A6F97DBF7353A8563 (ejabberd <contact@process-one.net>):
RPM:   1. Certificiate 6F97DBF7353A8563 invalid: certificate is not alive
RPM:       because: The primary key is not live
RPM:       because: Expired on 2024-03-17T16:17:14Z
RPM:   2. Key 6F97DBF7353A8563 invalid: key is not alive
RPM:       because: The primary key is not live
RPM:       because: Expired on 2024-03-17T16:17:14Z
RPM: error: Verifying a signature using certificate 651C08E9330DD31D8D7DF23A6F97DBF7353A8563 (ejabberd <contact@process-one.net>):
RPM:   1. Certificiate 6F97DBF7353A8563 invalid: certificate is not alive
RPM:       because: The primary key is not live
RPM:       because: Expired on 2024-03-17T16:17:14Z
RPM:   2. Key 6F97DBF7353A8563 invalid: key is not alive
RPM:       because: The primary key is not live
RPM:       because: Expired on 2024-03-17T16:17:14Z
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Transaction test error:
  package ejabberd-24.06-1.x86_64 does not verify: Header V4 RSA/SHA512 Signature, key ID 353a8563: NOTTRUSTED

root@canlmsg01 ~> [/opt]# rpm --import https://repo.process-one.net/ejabberd.gpg
error: https://repo.process-one.net/ejabberd.gpg: key 1 not an armored public key.
Metalhearf commented 5 days ago

Hi @volga629-1, looks like you're still using the previous outdated key from 2024-03-17. Could you try something like this for RPM?

1. Download the updated GPG key:

 wget https://repo.process-one.net/ejabberd.gpg -O /tmp/ejabberd.gpg

2. Import the downloaded GPG key:

rpm --import /tmp/ejabberd.gpg

3. Clear the package cache:

Clean the DNF package cache to remove any cached packages:

dnf clean packages

4. Attempt the installation again:

Retry the installation of the ejabberd package:

dnf install ejabberd

These steps should import the updated GPG key and allow the package to be verified and installed successfully.

If this doesn't do the trick, just report back here with more info, we'll gladly help.

volga629-1 commented 5 days ago

Thank you for reply Just add to key instruction

List keys 

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

Remove older key

rpm -e gpg-pubkey-353a8563-6234b08a

That solves issue.