Actions
Bug #45009
closedhttps://download.ceph.com/keys/release.asc: ignored as the file has an unsupported filetype.
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):
Description
https://download.ceph.com/keys/release.asc is a file format that is not understood by apt:
root@buster:~# wget https://download.ceph.com/keys/release.asc root@buster:~# file release.asc release.asc: PGP public key block Public-Key (old) root@buster:~# cp release.asc /etc/apt/trusted.gpg root@buster:~# apt update Hit:1 http://httpredir.debian.org/debian buster InRelease Hit:2 https://download.ceph.com/debian-octopus buster InRelease Err:2 https://download.ceph.com/debian-octopus buster InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E84AC2C0460F3994 Reading package lists... Done Building dependency tree Reading state information... Done All packages are up to date. W: http://httpredir.debian.org/debian/dists/buster/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file has an unsupported filetype. W: https://download.ceph.com/debian-octopus/dists/buster/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file has an unsupported filetype. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://download.ceph.com/debian-octopus buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E84AC2C0460F3994 W: Failed to fetch https://download.ceph.com/debian-octopus/dists/buster/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E84AC2C0460F3994 W: Some index files failed to download. They have been ignored, or old ones used instead.
However, when converting this to GPG v4, it works:
root@buster:~# apt-key add release.asc root@buster:~# file /etc/apt/trusted.gpg /etc/apt/trusted.gpg: PGP/GPG key public ring (v4) created Tue Sep 15 20:56:41 2015 RSA (Encrypt or Sign) 4096 bits MPI=0xcbaa7e8ef94169f9... root@buster:~# apt update Hit:1 http://httpredir.debian.org/debian buster InRelease Get:2 https://download.ceph.com/debian-octopus buster InRelease [8557 B] Get:3 https://download.ceph.com/debian-octopus buster/main amd64 Packages [15.7 kB] Fetched 24.2 kB in 4s (6765 B/s) Reading package lists... Done Building dependency tree Reading state information... Done All packages are up to date. root@buster:~# apt-key list /etc/apt/trusted.gpg -------------------- pub rsa4096 2015-09-15 [SC] 08B7 3419 AC32 B4E9 66C1 A330 E84A C2C0 460F 3994 uid [ unknown] Ceph.com (release key) <security@ceph.com>
This has an impact on cephadm, which needs to install gnupg on all cluster machines in order to convert the key to GPG v4.
Can we provide a key in the correct format?
Actions