Re: [DRBD-user] Proxmox repo release.gpg expired
Am 8. Februar 2018 11:43:17 MEZ schrieb Lars Ellenberg : >On Thu, Feb 08, 2018 at 10:06:00AM +0100, Christoph Lechleitner wrote: >> Am 08.02.18 um 09:38 schrieb Yannis Milios: >> > Can you please renew proxmox repo Release.gpg file ? > >The signature is fine. >You need to refresh your keyring. >How? See below. > >> > W: An error occurred during the signature verification. The >repository >> > is not updated and the previous index files will be used. GPG >error: >> > http://packages.linbit.com/proxmox proxmox-5 Release: The following >> > signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT Package >and >> > Repository Signing Key (2017) >> > W: Failed to fetch >> > http://packages.linbit.com/proxmox/dists/proxmox-5/Release.gpg The >> > following signatures were invalid: EXPKEYSIG 53B3B037282B6E23 >LINBIT >> > Package and Repository Signing Key (2017) >> > W: Some index files failed to download. They have been ignored, or >old >> > ones used instead. >> >> Just in case this might help: >> >> Debian Stretch introduced 2 new requirements for signing keys and >> signatures: > >Why would you think it would? >Both requirements are fullfilled, and not being complained about. >(Also someone would have noticed that before, >stretch was not released yesterday). > >It complains about an *EXPKEYSIG* >And there is also the "2017" as a hint. >so: key expiry. Which the subject already says as well. > >We usually do not create a new key, >but simply extend the validity for an other year, >and also add the "current year" uid. > >Your system apparently did not notice the extended validity. >You can help: > >apt-key list --verbose LINBIT >| pub dsa1024 2008-11-13 [SC] [expired: 2018-02-01] >|32A7 46AD 3ACF B7EB 9A18 8D19 53B3 B037 282B 6E23 >| uid [ expired] LINBIT Package and Repository Signing Key >(2017) >| ... >| sub elg2048 2008-11-13 [E] [expired: 2018-02-01] >| gpg: Note: signature key 53B3B037282B6E23 expired Don 01 Feb 2018 >11:49:14 CET > > >apt-key adv --keyserver keyserver.ubuntu.com --recv-keys >0x53B3B037282B6E23 >(or your keyserver of choice) >| gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key >(2018)" 1 new user ID >| gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key >(2018)" 11 new signatures >... > >apt-key list --verbose LINBIT >| pub dsa1024 2008-11-13 [SC] [expires: 2019-02-01] >| 32A7 46AD 3ACF B7EB 9A18 8D19 53B3 B037 282B 6E23 >| uid [ unknown] LINBIT Package and Repository Signing Key >(2018) >| ... >| sub elg2048 2008-11-13 [E] [expires: 2019-02-01] > >Yay. I have seen those exact error messages due to those exact requirements. Considering Linbit's focus seemed to have been on RedHat for years it *could* have been relevant. I wrote "in case", btw. Sorry I tried to help. Regards Christoph mfg in aller Kürze vom Hand-Androiden ___ drbd-user mailing list drbd-user@lists.linbit.com http://lists.linbit.com/mailman/listinfo/drbd-user
Re: [DRBD-user] Proxmox repo release.gpg expired
Thanks for the hint, works now ... Y On Thu, Feb 8, 2018 at 10:43 AM, Lars Ellenberg wrote: > On Thu, Feb 08, 2018 at 10:06:00AM +0100, Christoph Lechleitner wrote: > > Am 08.02.18 um 09:38 schrieb Yannis Milios: > > > Can you please renew proxmox repo Release.gpg file ? > > The signature is fine. > You need to refresh your keyring. > How? See below. > > > > W: An error occurred during the signature verification. The repository > > > is not updated and the previous index files will be used. GPG error: > > > http://packages.linbit.com/proxmox proxmox-5 Release: The following > > > signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT Package and > > > Repository Signing Key (2017) > > > W: Failed to fetch > > > http://packages.linbit.com/proxmox/dists/proxmox-5/Release.gpg The > > > following signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT > > > Package and Repository Signing Key (2017) > > > W: Some index files failed to download. They have been ignored, or old > > > ones used instead. > > > > Just in case this might help: > > > > Debian Stretch introduced 2 new requirements for signing keys and > > signatures: > > Why would you think it would? > Both requirements are fullfilled, and not being complained about. > (Also someone would have noticed that before, > stretch was not released yesterday). > > It complains about an *EXPKEYSIG* > And there is also the "2017" as a hint. > so: key expiry. Which the subject already says as well. > > We usually do not create a new key, > but simply extend the validity for an other year, > and also add the "current year" uid. > > Your system apparently did not notice the extended validity. > You can help: > > apt-key list --verbose LINBIT > | pub dsa1024 2008-11-13 [SC] [expired: 2018-02-01] > |32A7 46AD 3ACF B7EB 9A18 8D19 53B3 B037 282B 6E23 > | uid [ expired] LINBIT Package and Repository Signing Key (2017) > | ... > | sub elg2048 2008-11-13 [E] [expired: 2018-02-01] > | gpg: Note: signature key 53B3B037282B6E23 expired Don 01 Feb 2018 > 11:49:14 CET > > > apt-key adv --keyserver keyserver.ubuntu.com --recv-keys > 0x53B3B037282B6E23 > (or your keyserver of choice) > | gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key > (2018)" 1 new user ID > | gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key > (2018)" 11 new signatures > ... > > apt-key list --verbose LINBIT > | pub dsa1024 2008-11-13 [SC] [expires: 2019-02-01] > | 32A7 46AD 3ACF B7EB 9A18 8D19 53B3 B037 282B 6E23 > | uid [ unknown] LINBIT Package and Repository Signing Key (2018) > | ... > | sub elg2048 2008-11-13 [E] [expires: 2019-02-01] > > Yay. > > -- > : Lars Ellenberg > : LINBIT | Keeping the Digital World Running > : DRBD -- Heartbeat -- Corosync -- Pacemaker > > DRBD® and LINBIT® are registered trademarks of LINBIT > __ > please don't Cc me, but send to list -- I'm subscribed > ___ > drbd-user mailing list > drbd-user@lists.linbit.com > http://lists.linbit.com/mailman/listinfo/drbd-user > ___ drbd-user mailing list drbd-user@lists.linbit.com http://lists.linbit.com/mailman/listinfo/drbd-user
Re: [DRBD-user] Proxmox repo release.gpg expired
On Thu, Feb 08, 2018 at 10:06:00AM +0100, Christoph Lechleitner wrote: > Am 08.02.18 um 09:38 schrieb Yannis Milios: > > Can you please renew proxmox repo Release.gpg file ? The signature is fine. You need to refresh your keyring. How? See below. > > W: An error occurred during the signature verification. The repository > > is not updated and the previous index files will be used. GPG error: > > http://packages.linbit.com/proxmox proxmox-5 Release: The following > > signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT Package and > > Repository Signing Key (2017) > > W: Failed to fetch > > http://packages.linbit.com/proxmox/dists/proxmox-5/Release.gpg The > > following signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT > > Package and Repository Signing Key (2017) > > W: Some index files failed to download. They have been ignored, or old > > ones used instead. > > Just in case this might help: > > Debian Stretch introduced 2 new requirements for signing keys and > signatures: Why would you think it would? Both requirements are fullfilled, and not being complained about. (Also someone would have noticed that before, stretch was not released yesterday). It complains about an *EXPKEYSIG* And there is also the "2017" as a hint. so: key expiry. Which the subject already says as well. We usually do not create a new key, but simply extend the validity for an other year, and also add the "current year" uid. Your system apparently did not notice the extended validity. You can help: apt-key list --verbose LINBIT | pub dsa1024 2008-11-13 [SC] [expired: 2018-02-01] |32A7 46AD 3ACF B7EB 9A18 8D19 53B3 B037 282B 6E23 | uid [ expired] LINBIT Package and Repository Signing Key (2017) | ... | sub elg2048 2008-11-13 [E] [expired: 2018-02-01] | gpg: Note: signature key 53B3B037282B6E23 expired Don 01 Feb 2018 11:49:14 CET apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x53B3B037282B6E23 (or your keyserver of choice) | gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key (2018)" 1 new user ID | gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key (2018)" 11 new signatures ... apt-key list --verbose LINBIT | pub dsa1024 2008-11-13 [SC] [expires: 2019-02-01] | 32A7 46AD 3ACF B7EB 9A18 8D19 53B3 B037 282B 6E23 | uid [ unknown] LINBIT Package and Repository Signing Key (2018) | ... | sub elg2048 2008-11-13 [E] [expires: 2019-02-01] Yay. -- : Lars Ellenberg : LINBIT | Keeping the Digital World Running : DRBD -- Heartbeat -- Corosync -- Pacemaker DRBD® and LINBIT® are registered trademarks of LINBIT __ please don't Cc me, but send to list -- I'm subscribed ___ drbd-user mailing list drbd-user@lists.linbit.com http://lists.linbit.com/mailman/listinfo/drbd-user
Re: [DRBD-user] Proxmox repo release.gpg expired
Am 08.02.18 um 09:38 schrieb Yannis Milios: > Can you please renew proxmox repo Release.gpg file ? > > Thanks > > W: An error occurred during the signature verification. The repository > is not updated and the previous index files will be used. GPG error: > http://packages.linbit.com/proxmox proxmox-5 Release: The following > signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT Package and > Repository Signing Key (2017) > W: Failed to fetch > http://packages.linbit.com/proxmox/dists/proxmox-5/Release.gpg The > following signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT > Package and Repository Signing Key (2017) > W: Some index files failed to download. They have been ignored, or old > ones used instead. Just in case this might help: Debian Stretch introduced 2 new requirements for signing keys and signatures: 1. The GPG keys need to bei 2048 bit long. Longer probably OK too. 2. SHA1 signatures are not accepted any more, the signatures need to be done using at least SHA256 now. For legacy GnuPG setups this can be enforced by adding a line digest-algo sha256 to gpg.conf (and re-signing everything). Regards, Christoph ___ drbd-user mailing list drbd-user@lists.linbit.com http://lists.linbit.com/mailman/listinfo/drbd-user