[DRBD-user] Proxmox repo release.gpg expired

Christoph Lechleitner christoph.lechleitner at iteg.at
Thu Feb 8 13:23:35 CET 2018


Am 8. Februar 2018 11:43:17 MEZ schrieb Lars Ellenberg <lars.ellenberg at linbit.com>:
>On Thu, Feb 08, 2018 at 10:06:00AM +0100, Christoph Lechleitner wrote:
>> Am 08.02.18 um 09:38 schrieb Yannis Milios:
>> > Can you please renew proxmox repo Release.gpg file ?
>
>The signature is fine.
>You need to refresh your keyring.
>How? See below.
>
>> > W: An error occurred during the signature verification. The
>repository
>> > is not updated and the previous index files will be used. GPG
>error:
>> > http://packages.linbit.com/proxmox proxmox-5 Release: The following
>> > signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT Package
>and
>> > Repository Signing Key (2017)
>> > W: Failed to fetch
>> > http://packages.linbit.com/proxmox/dists/proxmox-5/Release.gpg  The
>> > following signatures were invalid: EXPKEYSIG 53B3B037282B6E23
>LINBIT
>> > Package and Repository Signing Key (2017)
>> > W: Some index files failed to download. They have been ignored, or
>old
>> > ones used instead.
>> 
>> Just in case this might help:
>>
>> Debian Stretch introduced 2 new requirements for signing keys and
>> signatures:
>
>Why would you think it would?
>Both requirements are fullfilled, and not being complained about.
>(Also someone would have noticed that before,
>stretch was not released yesterday).
>
>It complains about an *EXPKEYSIG*
>And there is also the "2017" as a hint.
>so: key expiry. Which the subject already says as well.
>
>We usually do not create a new key,
>but simply extend the validity for an other year,
>and also add the "current year" uid.
>
>Your system apparently did not notice the extended validity.
>You can help:
>
>apt-key list --verbose LINBIT
>| pub   dsa1024 2008-11-13 [SC] [expired: 2018-02-01]
>|        32A7 46AD 3ACF B7EB 9A18  8D19 53B3 B037 282B 6E23
>| uid           [ expired] LINBIT Package and Repository Signing Key
>(2017)
>| ...
>| sub   elg2048 2008-11-13 [E] [expired: 2018-02-01]
>| gpg: Note: signature key 53B3B037282B6E23 expired Don 01 Feb 2018
>11:49:14 CET
>
>
>apt-key adv --keyserver keyserver.ubuntu.com --recv-keys
>0x53B3B037282B6E23
>(or your keyserver of choice)
>| gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key
>(2018)" 1 new user ID
>| gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key
>(2018)" 11 new signatures
>...
>
>apt-key list --verbose LINBIT
>| pub   dsa1024 2008-11-13 [SC] [expires: 2019-02-01]
>|       32A7 46AD 3ACF B7EB 9A18  8D19 53B3 B037 282B 6E23
>| uid           [ unknown] LINBIT Package and Repository Signing Key
>(2018)
>| ...
>| sub   elg2048 2008-11-13 [E] [expires: 2019-02-01]
>
>Yay.

I have seen those exact error messages due to those exact requirements.

Considering Linbit's focus seemed to have been on RedHat for years it *could* have been relevant. I wrote "in case", btw.

Sorry I tried to help.

Regards Christoph





mfg in aller Kürze vom Hand-Androiden


More information about the drbd-user mailing list