search

ublue-os / ucore

An OCI base image of Fedora CoreOS with batteries included
https://projectucore.io
Apache License 2.0
141 stars 29 forks source link

ucore:stable images failed signature #173

Closed bianchidotdev closed 1 month ago

bianchidotdev commented 1 month ago

Since July 2nd, rpm-ostreed-automatic has failed staging the update. A manual rpm-ostree upgrade results in the same error (shown below).

core@localhost:/$ sudo rpm-ostree upgrade
note: automatic updates (stage) are enabled
Pulling manifest: ostree-image-signed:docker://ghcr.io/ublue-os/ucore:stable
error: Creating importer: Failed to invoke skopeo proxy method OpenImage: remote error: cryptographic signature verification failed: invalid signature when validating ASN.1 encoded signature

From what I can tell, the signature on the docker image matches the public key noted in the README. It looks like the key changed due to some rotation across all the universal blue repos.

What's a good way to update that signing key in an already provisioned ucore system? Just a rebase?

m2Giles commented 1 month ago

Please review the following.

https://universal-blue.discourse.group/t/important-announcement-regarding-system-updates-action-needed

bianchidotdev commented 1 month ago

Thank you very much. That'll work. Do you know if there's any way I can subscribe to just the announcements for universal blue? I primarily use RSS but I'd also be open to a newsletter. I can't find any easy way to subscribe to just that announcements tag and general receives way too many updates for my feed.

bsherman commented 1 month ago

Thank you very much. That'll work. Do you know if there's any way I can subscribe to just the announcements for universal blue? I primarily use RSS but I'd also be open to a newsletter. I can't find any easy way to subscribe to just that announcements tag and general receives way too many updates for my feed.

Yep, our announcements (and docs, etc) are all published in our Discourse instance: https://universal-blue.discourse.group

Discourse provides many RSS feed options...

For example, if you filter by tag "Announcements": https://universal-blue.discourse.group/tag/announcements

You can just append .rss and you get the feed: https://universal-blue.discourse.group/tag/announcements.rss

Edit: corrected URLs to be functional

bianchidotdev commented 1 month ago

Awesome. Thank you! I somehow wasn't able to figure out RSS feeds by tags, only categories. I'll be aware the next major update