Repo key Fingerprint does not match install instructions

jhenders · April 7, 2023, 7:57pm

Hello,

I have been working on installing Passbolt CE following the instructions at :
[Passbolt Help | Migrate an existing Passbolt CE to a new Red Hat server]

But have noticed that the GPG key/ fingerprint doesn’t match the documentation. I sent an email to contact@passbolt.com but I’m really not sure when to expect a response.

Installing Passbolt CE on an AWS EC2 instance, AMI provided by AWS, RHEL 8.7

This is a fresh install and I am following the steps based on the instructions linked above. However, in step 3:

During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:
Importing GPG key 0xC155581D:
Userid     : "Passbolt SA package signing key contact@passbolt.com"
Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
From       : https://download.passbolt.com/pub.key

At this point I notice that the GPG Key/Fingerprint does not match:

Extra Packages for Enterprise Linux 8 - x86_64                                                                                                   1.6 MB/s | 1.6 kB     00:00
Importing GPG key 0x2F86D6A1:
Userid     : "Fedora EPEL (8) epel@fedoraproject.org"
Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1
From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
Is this ok [y/N]:

I’m thinking this is likely just a documentation issue, but I just don’t want to accept it without being sure.

Thanks for any help and replies!

garrett · April 8, 2023, 12:23pm

Hi @jhenders Welcome to the forum!

This is a good question. The step 3 is describing when the key for the passbolt repo is downloaded and imported. You are showing a different key for a different repo.

What I recommend is to accept the one you show because it’s probably also needed, and key downloads are common these days for new repos. The repo you show is for your OS. Then, when you get to the one for passbolt, make sure it’s matching from step 3.

Basically, there should be a passbolt repo key at some point, and it should match step 3. If one of these doesn’t happen, something is not correct.

clayton · April 11, 2023, 6:43am

That is the EPEL 8 repo which has some packages that Passbolt uses. You can check the key here.