search

ungoogled-software / ungoogled-chromium-debian

Debian, Ubuntu, and others packaging for ungoogled-chromium
368 stars 49 forks source link

Unable to update due key expired (EXPKEYSIG 02456C79B2FD48BF) #303

Closed sahsanu closed 1 year ago

sahsanu commented 2 years ago

Hello,

Trying to update, I've received the following errors in my Ubuntu based OS:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/ungoogled_chromium/Ubuntu_Focal  InRelease: The following signatures were invalid: EXPKEYSIG 02456C79B2FD48BF home:ungoogled_chromium OBS Project <home:ungoogled_chromium@build.opensuse.org>
W: Failed to fetch http://download.opensuse.org/repositories/home:/ungoogled_chromium/Ubuntu_Focal/InRelease  The following signatures were invalid: EXPKEYSIG 02456C79B2FD48BF home:ungoogled_chromium OBS Project <home:ungoogled_chromium@build.opensuse.org>

Seems the key used to sign packages (at least for Ubuntu Focal) expired yesterday (2022-07-03).

/etc/apt/trusted.gpg.d/home-ungoogled_chromium.gpg
--------------------------------------------------
pub   rsa2048 2020-04-24 [SC] [expired: 2022-07-03]
      157C 212D 66D9 B951 18C5  EDD3 0245 6C79 B2FD 48BF
uid           [ expired] home:ungoogled_chromium OBS Project <home:ungoogled_chromium@build.opensuse.org>

Thank you in advance for taking a look to this issue.

JamesClarke7283 commented 2 years ago

+1 Also @sahsanu there is probably no new update for you as the newer version is not even packaged.

You can see here its version 95.0.4638.54-1: https://download.opensuse.org/repositories/home:/ungoogled_chromium/Ubuntu_Focal/amd64/

There seems to be major maintainability issues with the Debian based packaging of this, i think you should build the debpack yourself for now. see issue #291 for why.

azzydoesgit commented 2 years ago

There seems to be major maintainability issues with the Debian based packaging of this, i think you should build the debpack yourself for now. see issue #291 for why.

I am "new" to Linux, and enjoy using apt (or just .debs) so that my update process involves a couple commands. Is there a way to automate the building of a new .deb every time new source code for the "stable branch" is released? @JamesClarke7283

networkException commented 2 years ago

There is nobody maintaining this repository at the moment unfortionately (see #301).

Generally our goal is to get stable updates out as fast as possible, I hope that we will be able to live up to those standarts soon

JamesClarke7283 commented 2 years ago

There seems to be major maintainability issues with the Debian based packaging of this, i think you should build the debpack yourself for now. see issue #291 for why.

I am "new" to Linux, and enjoy using apt (or just .debs) so that my update process involves a couple commands. Is there a way to automate the building of a new .deb every time new source code for the "stable branch" is released? @JamesClarke7283

Hi sorry for late reply, welcome to the GNU/Linux Community @azzydoesgit. Regarding your question, Yes you can, you can setup a build server or just a cronjob on your local system(set commands/programs which runs at a set schedule) which runs a bash script to check, build and install it.

I could help you with this if you wanted to get in touch, my contact details are on my website, i have quite a few different platforms which are libre friendly. https://www.james-clarke.ynh.fr/

You can make it check if the version changed by doing a git pull on that branch every time, and just seeing if the version string changed in the file its defined. using bash script to do the checking.

To do the build step, the instructions to build this package are here: https://github.com/ungoogled-software/ungoogled-chromium-debian#building-a-binary-package

It says ,fr but i am actually from the UK. its a free DDNS name, i got with YunoHost.

Resources to do with this which might also help: Cron Arch Wiki Building packages for debian GNU Bash Scripting Manual

If you find the Archwiki Cron file format confusing, Its worth noting i think you can generate a cron file through some GUI front ends like these as well which might be useful for newcomers: Selfhosted Web UI Standalone GUI client Website to make a crontab file

As for bash scripting, there are good videos on that, but i am also happy to help out if you get stuck.

VA1DER commented 2 years ago

Hi sorry for late reply, welcome to the GNU/Linux Community @azzydoesgit. Regarding your question, Yes you can, you can setup a build server or just a cronjob on your local system(set commands/programs which runs at a set schedule) which runs a bash script to check, build and install it.

The days of where the end user needs to use cron jobs to fetch and build updates are (or should be) long past. I'm all about self reliance, but this is not something we should be expecting from end users.

Is there any movement on getting the signing key updated? If deb packages can be built with cron jobs, then perhaps we can get this on the OpenSuse build system to create packages.

ghost commented 1 year ago

No longer relevant.

fir3-1ce commented 10 months ago

I'm confused about something. If I build the binary from source how do I update it in the future? I'm still kind of new to Linux myself, and it appears that this GPG issue still persists on the repository

iskunk commented 10 months ago

I'm confused about something. If I build the binary from source how do I update it in the future? I'm still kind of new to Linux myself, and it appears that this GPG issue still persists on the repository

To update to a new version, you have to build the new version. There isn't any good way I'm aware of to perform an incremental build, if that's what you're getting at...