APT Repo Public Key Expiration & Update

Pascal_Dornfeld · August 10, 2019, 2:06pm

okay, but how do we fix that? can we still stay on release (stable) version or do we have to testing version?

jclugeon · August 10, 2019, 2:14pm

I was able to install by disabling signature check in the file /etc/apt/source.list.d/openhab2.list with deb [trusted=yes] https://dl.bintray.com/openhab/apt-repo2 stable main.

The option [trusted=yes] disable the check of the signature and has to be removed as soon as the signing problem is fixed.

molinero · August 10, 2019, 7:43pm

Thanks for this advice!

The note of jclugeon helping me for the moment! THX

gego · August 10, 2019, 9:15pm

I’m working on Raspberry 4, both getting new key and disabling signature check didn’t work. I’m on stable release.
Any ideas?

Oliver_Meier · August 10, 2019, 9:26pm

That worked for me with:

`deb [trusted=yes] https://dl.bintray.com/openhab/apt-repo2 stable main’

Thank you!

Burkart_Poneleit · August 10, 2019, 9:37pm

you can get the stable version from jfrogio also

echo ‘deb JFrog stable main’ | sudo tee /etc/apt/sources.list.d/openhab2.list
sudo apt update

should be the correct way, as swamiller said (APT Repo Public Key Expiration & Update - #23 by swamiller), the repo has moved

you really shouldn’t use [trusted=yes]

gego · August 10, 2019, 10:09pm

That worked for me!

Pascal_Dornfeld · August 11, 2019, 11:55am

indeed the first-boot.bash worked after applying that command.

just for info: today i wanted to make a fresh install, because yesterday i changed many things to make the installation work. i wanted to apply the command before any setup starts. i found out, that in the meantime the problem got fixed on github: https://github.com/openhab/openhabian/commit/1741bb777d7656af848c64dad3987910438bea46
thank you for providing a solution so fast!

mweiler · August 14, 2019, 9:54am

I did the key update as suggested (see output from apt-key list)

/etc/apt/trusted.gpg

pub rsa4096 2015-07-25 [SC] [expires: 2023-07-24]
EDB7 D030 4E2F CAF6 29DF 1163 0757 21F6 A224 060A
uid [ unknown] openHAB Bintray Repositories owner@openhab.org
sub rsa4096 2015-07-25 [E] [expires: 2023-07-25]

… and it seems to contain the updated key. But it didn’t work. Neither did
the trusted=yes option for me.

So what’s the supposed solution?

Should I change the repository as suggested?
https://www.openhab.org/docs/ still points to bintray?

Or should I just wait until the problem is fixed?
Are you still working on the fix?

Thanks!

GebDat · August 14, 2019, 10:34am

Now I installed the actual openHABian v1.5 based on Debian Buster supports RPi4 on my Raspberry pi 2 and it’s okay. No more Errors.

kip · August 15, 2019, 5:16am

Adding [trusted=yes] did not work for me immediately. There seems to be a bug in apt on Ubuntu that does not disable the signature check if the lists had already been downloaded before. Removing the local package lists fixed it:

sudo rm /var/lib/apt/lists/*openhab*

mweiler · August 15, 2019, 12:34pm

Thanks, that helped on my Debian stretch.

But still this can only be a workaround.

guyc · August 15, 2019, 8:35pm

I have tried, but still not working for me.
(Armbian / orangepi-pc)

DiMa · August 19, 2019, 7:42am

My system also does not accept the signature of this repo:

W: GPG-Fehler: https://openhab.jfrog.io/openhab/openhab-linuxpkg stable Release: Die folgenden Signaturen waren ungültig: EXPKEYSIG 075721F6A224060A openHAB Bintray Repositories <owner@openhab.org>
W: The repository 'https://openhab.jfrog.io/openhab/openhab-linuxpkg stable Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.

How do I get OpenHAB updates working again?

ericsnis · August 23, 2019, 8:17pm

Same issue with the repository not being signed.

sudo apt-get update
[...]
Reading package lists... Done
W: The repository 'https://dl.bintray.com/openhab/apt-repo2 stable Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.

deb https://openhab.jfrog.io/openhab/openhab-linuxpkg stable main was added to sources and I updated the key.

sudo apt-key list gave me this for the repository key.

[...]
pub   rsa4096 2015-07-25 [SC] [expires: 2023-07-24]
      EDB7 D030 4E2F CAF6 29DF  1163 0757 21F6 A224 060A
uid           [ unknown] openHAB Bintray Repositories <owner@openhab.org>
sub   rsa4096 2015-07-25 [E] [expires: 2023-07-25]

The documentation for Linux listed the new and old repositories. The old directions didn’t have the jfrog.io repository leading me to believe the directions were updated and both repositories should be in the sources. So I’m not sure if there is still a problem in the repository, it seems like the problem started when the key was renewed.

A post above said the snapshot repository changed, but did the stable release repository change hosts as well?

CDriver · August 30, 2019, 7:37pm

folks,

I’m also getting an error with this.
RPi-4 running Buster
added the key and now I get this

pub   rsa4096 2015-07-25 [SC] [expires: 2023-07-24]
      EDB7 D030 4E2F CAF6 29DF  1163 0757 21F6 A224 060A
uid           [ unknown] openHAB Bintray Repositories <owner@openhab.org>
sub   rsa4096 2015-07-25 [E] [expires: 2023-07-25]

…which looks right?

and an apt update gives me this;

root@homeauto:~# apt update
Hit:1 http://raspbian.raspberrypi.org/raspbian buster InRelease
Hit:2 http://archive.raspberrypi.org/debian buster InRelease
Ign:3 http://repos.azulsystems.com/debian stable InRelease
Ign:4 https://dl.bintray.com/openhab/apt-repo2 stable InRelease
Hit:5 http://repos.azulsystems.com/debian stable Release
Get:6 https://dl.bintray.com/openhab/apt-repo2 stable Release [6,051 B]
Ign:7 https://dl.bintray.com/openhab/apt-repo2 stable Release.gpg
Reading package lists... Done
E: The repository 'https://dl.bintray.com/openhab/apt-repo2 stable Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I’ve tried the various tips above like deleting the cache etc but it’s still the same; fails.

Is there any difference between Debian Jessie and Buster for this?

mbuchberger1967 · September 7, 2019, 9:00pm

Hi,
I tried this but leads me to:

Hit:1 Index of /webupd8team/java/ubuntu xenial InRelease
Hit:2 Index of /raspbian stretch InRelease
Hit:3 Index of /debian stretch InRelease
Hit:4 Index of linux/debian/ jessie InRelease
Hit:5 InfluxData - Package Repository jessie InRelease
Ign:6 JFrog 54 InRelease
Err:7 JFrog 54 Release
404 Not Found
Reading package lists… Done
E: The repository ‘JFrog 54 Release’ does not have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Any ideas how to go on?
I think I’ll try [trusted=yes] for the moment

BR
Markus

cgatnet · September 8, 2019, 7:49am

Hi,
my update also stops with signature invalid as reported by the last posts.
Updated the repo-list as mentioned by Burkart before that.
Using RPi with rasbian stretch
Do not want to switch off security by [trusted=yes]
Hope someone can help here!
Thanks.
Christian

sihui · September 8, 2019, 11:35am

Benjy · September 11, 2019, 10:19pm

The issue with the stable repo has been resolved now. I’d reccomend using the bintray server for the stable releases.