On Thursday, March 30, 2023 at 11:13:20 AM UTC-6 Alan Sparks wrote: Tried to build a Jenkins image here this morning and getting signing errors on the repo:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://pkg.jenkins.io/debian-stable binary/ Release: The following signatures were invalid: EXPKEYSIG FCEF32E745F2C3D5 Jenkins Project W: Failed to fetch http://pkg.jenkins.io/debian-stable/binary/Release.gpg The following signatures were invalid: EXPKEYSIG FCEF32E745F2C3D5 Jenkins Project W: Some index files failed to download. They have been ignored, or old ones used instead. I see a post on the Jenkins blog about the key changing, but it says April 5, and we're not then yet. What has changed for Ubuntu users? the old key doesn't seem to work, nor does the new one. I'm using the same repo configuration: deb https://pkg.jenkins.io/debian-stable binary/ What has changed? The GPG private key that signs the Jenkins 2.387.1 deb file expired March 30, 2023. A comment <https://community.jenkins.io/t/new-linux-repository-signing-keys-for-jenkins-2-397-and-2-387-2/6509> to the blog post <https://www.jenkins.io/blog/2023/03/27/repository-signing-keys-changing/> says: > Users installing Jenkins LTS 2.387.1 after March 31, 2023 may see a warning or an error noting that the PGP key has expired. > Jenkins LTS 2.387.2 (April 5, 2023) will resolve that warning, so long as the new PGP public key has been installed by following the instructions in the Linux installation page <https://www.jenkins.io/doc/book/installing/linux/#long-term-support-release> You're correct that the old key does not work (because it has expired) and that the new key does not work with the old releases (because they were not signed with the new key). The new key works with new releases (like Jenkins 2.397 released March 28, 2023 and Jenkins 2.387.2 that will be released April 5, 2023). If you need to install Jenkins LTS with the Linux installer between now and April 5, your choices include: - Override the package manager to ignore the expired PGP key - Use a container image like jenkins/jenkins:2.387.1-jdk11 <https://hub.docker.com/layers/jenkins/jenkins/2.387.1-jdk11/images/sha256-005fcb5c3017ef120d0d9d8d8925e9248ff6e2cf2b5e18b527b01459c7b2b3f4> - Install the war file without the Linux installer Mark Waite -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/a46275a2-3ee3-405d-9142-5bc2d325119cn%40googlegroups.com.
