Project

General

Profile

Actions
Copy link

Bug #45009

closed

https://download.ceph.com/keys/release.asc: ignored as the file has an unsupported filetype.

Added by Sebastian Wagner about 4 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
David Galloway
Category:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

https://download.ceph.com/keys/release.asc is a file format that is not understood by apt:

root@buster:~# wget https://download.ceph.com/keys/release.asc
root@buster:~# file release.asc 
release.asc: PGP public key block Public-Key (old)
root@buster:~# cp release.asc /etc/apt/trusted.gpg
root@buster:~# apt update
Hit:1 http://httpredir.debian.org/debian buster InRelease
Hit:2 https://download.ceph.com/debian-octopus buster InRelease
Err:2 https://download.ceph.com/debian-octopus buster InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E84AC2C0460F3994
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.
W: http://httpredir.debian.org/debian/dists/buster/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file has an unsupported filetype.
W: https://download.ceph.com/debian-octopus/dists/buster/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file has an unsupported filetype.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://download.ceph.com/debian-octopus buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E84AC2C0460F3994
W: Failed to fetch https://download.ceph.com/debian-octopus/dists/buster/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E84AC2C0460F3994
W: Some index files failed to download. They have been ignored, or old ones used instead.

However, when converting this to GPG v4, it works:

root@buster:~# apt-key add release.asc
root@buster:~# file /etc/apt/trusted.gpg
/etc/apt/trusted.gpg: PGP/GPG key public ring (v4) created Tue Sep 15 20:56:41 2015 RSA (Encrypt or Sign) 4096 bits MPI=0xcbaa7e8ef94169f9...
root@buster:~# apt update
Hit:1 http://httpredir.debian.org/debian buster InRelease
Get:2 https://download.ceph.com/debian-octopus buster InRelease [8557 B]
Get:3 https://download.ceph.com/debian-octopus buster/main amd64 Packages [15.7 kB]
Fetched 24.2 kB in 4s (6765 B/s)
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.
root@buster:~# apt-key list
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2015-09-15 [SC]
      08B7 3419 AC32 B4E9 66C1  A330 E84A C2C0 460F 3994
uid           [ unknown] Ceph.com (release key) <security@ceph.com>

This has an impact on cephadm, which needs to install gnupg on all cluster machines in order to convert the key to GPG v4.

Can we provide a key in the correct format?

Related issues 2 (0 open2 closed)

Related to Orchestrator - Bug #49436: cephadm bootstrap fails to create /etc/ceph directoryCan't reproduce

Actions
Blocks Orchestrator - Bug #44972: cephadm: add-repo on ubuntu brokenClosedAdam King

Actions
Actions
Copy link

Also available in: Atom PDF