perfsonar/toolkit

Install on Ubuntu 23.10 : apt-key deprecated & repository not signed

benkhesa1 opened this issue · 0 comments

Hi all,

First of all, sorry if I write in the wrong group, but I couldn't find any group that talks about installs on ubuntu.

I trying to follow the instructions on the web site https://docs.perfsonar.net/install_debian.html for the latest version (5.0.7) but When I run

curl http://downloads.perfsonar.net/debian/perfsonar-official.gpg.key | apt-key add -, I get this warning:

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

I also confirmed that they GPG key is present

~$ sudo apt-key list

/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2012-05-11 [SC]
      790B C727 7767 219C 42C8  6F93 3B4F E6AC C0B2 1F32
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>

pub   rsa4096 2015-05-27 [SC]
      5A50 7954 F531 B923 00DA  2068 351E D827 9AFA 4E0A
uid           [ unknown] perfSONAR Debian Archive Main Signing Key <debian@perfsonar.net>
sub   rsa4096 2015-05-27 [S]

/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>

/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub   rsa4096 2018-09-17 [SC]
      F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
uid         [ unknown] Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>

but when I run sudo apt update, I get this error message:

E: Failed to fetch http://downloads.perfsonar.net/debian/dists/perfsonar-release/InRelease  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
E: The repository 'http://downloads.perfsonar.net/debian perfsonar-release InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Even when using the workaround on this web site https://stackoverflow.com/questions/68992799/warning-apt-key-is-deprecated-manage-keyring-files-in-trusted-gpg-d-instead:

curl -fsSL http://downloads.perfsonar.net/debian/perfsonar-official.gpg.key | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/perfsonar-official.gpg

sudo sed -i 's/deb /deb \[signed-by=\/etc\/apt\/trusted.gpg.d\/perfsonar-official.gpg\] /g' /etc/apt/sources.list.d/perfsonar-release.list
sudo sed -i 's/deb-src/deb-src \[signed-by=\/etc\/apt\/trusted.gpg.d\/perfsonar-official.gpg\] /g' /etc/apt/sources.list.d/perfsonar-release.list
sudo chmod 644 /etc/apt/trusted.gpg.d/perfsonar-official.gpg

I get the same error message:

E: Failed to fetch http://downloads.perfsonar.net/debian/dists/perfsonar-release/InRelease  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
E: The repository 'http://downloads.perfsonar.net/debian perfsonar-release InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

when I run apt-key list, I do see the GPG key in /etc/apt/trusted.gpg.d/perfsonar-official.gpg

~$ apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2012-05-11 [SC]
      790B C727 7767 219C 42C8  6F93 3B4F E6AC C0B2 1F32
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>

/etc/apt/trusted.gpg.d/perfsonar-official.gpg
---------------------------------------------
pub   rsa4096 2015-05-27 [SC]
      5A50 7954 F531 B923 00DA  2068 351E D827 9AFA 4E0A
uid           [ unknown] perfSONAR Debian Archive Main Signing Key <debian@perfsonar.net>
sub   rsa4096 2015-05-27 [S]

/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>

/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub   rsa4096 2018-09-17 [SC]
      F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>

and my repos is using the right GPG key I just downloaded:

~$ cat /etc/apt/sources.list.d/perfsonar-release.list
# perfSONAR release repository
# Repository key is available at http://downloads.perfsonar.net/debian/perfsonar-release.gpg.key
# apt-key adv --fetch-keys http://downloads.perfsonar.net/debian/perfsonar-official.gpg.key
deb [signed-by=/etc/apt/trusted.gpg.d/perfsonar-official.gpg] http://downloads.perfsonar.net/debian/ perfsonar-release main
deb-src [signed-by=/etc/apt/trusted.gpg.d/perfsonar-official.gpg]  http://downloads.perfsonar.net/debian/ perfsonar-release main

Based on my search, either it's an issue on the network or an issue with the proxy, but I don't use any proxy and I'm able to browse the site http://downloads.perfsonar.net/debian/dists/perfsonar-release/InRelease

~$ curl http://downloads.perfsonar.net/debian/dists/perfsonar-release/InRelease
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Origin: perfSONAR
Label: perfsonar.net
Suite: perfsonar-release
Codename: perfsonar-5.0
Version: 5.0
Date: Tue, 12 Dec 2023 17:00:19 UTC
Architectures: amd64 armhf arm64 ppc64el
Components: main
Description: perfSONAR Debian/Ubuntu repository for the 5.0 release
MD5Sum:
 de4c4c903cf8642e140e3a6eed382a3b 134490 main/binary-amd64/Packages
 466b56003168c4e9b640d3216d82798e 32368 main/binary-amd64/Packages.gz
 db6d3132b318836d4c21b5cf6f8ee157 183 main/binary-amd64/Release
 b1e44a90bec8475e177b6ad1a7e31094 133278 main/binary-armhf/Packages
 e3028b83751090e9f7282e6a8a9ae6c7 31912 main/binary-armhf/Packages.gz
 040a8018ae6e17945c4297ffec75c509 183 main/binary-armhf/Release
 ea787a480ca1f5c707deb9484d0ce3b3 135184 main/binary-arm64/Packages
 987d335bf06ccc204e6a1e961878225c 32560 main/binary-arm64/Packages.gz
 5fe72a16ca6f48ace8f7cd2f6a76e8b1 183 main/binary-arm64/Release
 56fb0198bf930ab199f334d3f2e280b7 133396 main/binary-ppc64el/Packages
 74351e857e31228c17e98991a97c3942 31910 main/binary-ppc64el/Packages.gz
 b2b8994c9eadd8b6516a9bb7e0d0684d 185 main/binary-ppc64el/Release
 7cf4ed6b0c2a2234e68fb89bf9ca1731 181338 main/source/Sources
 6f5cd611e0ecd1ecc61a1edf7e0f5a65 44070 main/source/Sources.gz
 8691cf434379187bc0ae15c3bbf4d93d 184 main/source/Release
SHA1:
So do you have any idea why it doesn't work?

Regards,