[PVE-User] GPG signature error running pveam update

Thomas Lamprecht t.lamprecht at proxmox.com
Wed Oct 16 08:02:11 CEST 2019


Hi,

On 10/15/19 4:43 PM, Adam Weremczuk wrote:
> Hi all,
> 
> It started failing following Debian 9->10 and PVE 5->6 upgrade:
> 
> pveam update
> update failed - see /var/log/pveam.log for details
> 
> "apt-key list" wasn't showing it so I've added it:
> 
> wget https://github.com/turnkeylinux/turnkey-keyring/raw/master/turnkey-release-keyring.gpg
> apt-key add turnkey-release-keyring.gpg
> OK
> 
> It's now listed and looks ok at the first glance:
> 
> /etc/apt/trusted.gpg
> --------------------
> pub   rsa2048 2008-08-15 [SC] [expires: 2023-08-12]
>       694C FF26 795A 29BA E07B  4EB5 85C2 5E95 A16E B94D
> uid           [ unknown] Turnkey Linux Release Key <release at turnkeylinux.com>
> 
> The errors in "pveam update" and pveam.log haven't gone away though:
> 
> 2019-10-15 15:34:31 starting update
> 2019-10-15 15:34:31 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.asc
> 2019-10-15 15:34:31 download finished: 200 OK
> 2019-10-15 15:34:31 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.gz
> 2019-10-15 15:34:31 download finished: 200 OK
> 2019-10-15 15:34:31 signature verification: gpgv: Signature made Fri Sep 27 14:53:26 2019 BST
> 2019-10-15 15:34:31 signature verification: gpgv: using RSA key 353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
> 2019-10-15 15:34:31 signature verification: gpgv: Can't check signature: No public key
> 2019-10-15 15:34:31 unable to verify signature - command '/usr/bin/gpgv -q --keyring /usr/share/doc/pve-manager/trustedkeys.gpg /var/lib/pve-manager/apl-info/pveam-download.proxmox.com.tmp.31480.asc /var/lib/pve-manager/apl-info/pveam-download.proxmox.com.tmp.31480' failed: exit code 2
> 2019-10-15 15:34:31 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.asc
> 2019-10-15 15:34:31 download finished: 200 OK
> 2019-10-15 15:34:31 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.gz
> 2019-10-15 15:34:32 download finished: 200 OK
> 2019-10-15 15:34:32 signature verification: gpgv: Signature made Sun Aug  4 08:49:59 2019 BST
> 2019-10-15 15:34:32 signature verification: gpgv: using RSA key 694CFF26795A29BAE07B4EB585C25E95A16EB94D
> 2019-10-15 15:34:32 signature verification: gpgv: Good signature from "Turnkey Linux Release Key <release at turnkeylinux.com>"
> 2019-10-15 15:34:32 update successful
> 
> Am I doing something wrong?
> 

No, we were doing something wrong :/

So the trusted keys is not updated all the time, it would normally be updated
when a new file was added, but in our case the build happens in a temporary
directory with all times having the same timestamp - so GNU make did not know
that it needs to regenerate the trusted key file.
As keys are added/removed in a frequency of ~ 2 years this was forgotten to do
here by manually running the update target in the source and committing to git.

I'll fix this up and release a follow up pve-manager soon, thanks for the report
and sorry for any inconvenience caused.

cheers,
Thomas





More information about the pve-user mailing list