Repository Issues when hitting apt update

Hi All

I am using the following documentation to migrate from install scripts to ubuntu

I followed the steps from here Passbolt Help | Migrate passbolt CE from install scripts to Ubuntu package

I seem to be getting the following back when running the apt update command

The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY DE8B853FC155581D

Has anyone ran into this issue ?

Hi @moedawood inside the help page, there are mirror servers that you can try:

gpg --keyserver hkps://keys.mailvelope.com --recv-keys 0xDE8B853FC155581D 
gpg --keyserver hkps://pgp.mit.edu --recv-keys 0xDE8B853FC155581D 
gpg --keyserver hkps://keys.gnupg.net --recv-keys 0xDE8B853FC155581D 

Best,
Max

And by the way, ensure you have correctly followed steps 4, 5 and 6.

If you execute this command:

cat /usr/share/keyrings/passbolt-repository.gpg | gpg

It should return:

gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa2048 2020-05-18 [SC] [expires: 2022-05-18]
      3D1A0346C8E1802F774AEF21DE8B853FC155581D
uid           Passbolt SA package signing key <contact@passbolt.com>
sub   rsa2048 2020-05-18 [E] [expires: 2022-05-18]

Cheers,

Hi Max

Thank you for your prompt response

I have tried the following to no avail

I receive the following from the two mirror servers

First one gives me this
gpg: key DE8B853FC155581D: “Passbolt SA package signing key contact@passbolt.com” not changed
gpg: Total number processed: 1
gpg: unchanged: 1

gpg --keyserver hkps://pgp.mit.edu --recv-keys 0xDE8B853FC155581D


gpg --keyserver hkps://keys.gnupg.net --recv-keys 0xDE8B853FC155581D


When i run apt update again I still receive the same error

Hi

Thank you for the response

I receive the following when running the command above

gpg: WARNING: no command supplied. Trying to guess what you mean …
pub rsa2048 2020-05-18 [SC] [expires: 2022-05-18]
3D1A0346C8E1802F774AEF21DE8B853FC155581D
uid Passbolt SA package signing key contact@passbolt.com
sub rsa2048 2020-05-18 [E] [expires: 2022-05-18]

Can you post here your /etc/apt/sources.list.d/passbolt.sources content ? Do you have any other file in /etc/apt/sources.list.d folder ?
Can you share full output of your apt update ?

Are you using Ubuntu 20.04 or 18.04 (cat /etc/os-release) ?

Thanks !

Hi

passbolt.sources content

Types: deb
URIs: https://download.passbolt.com/ce/ubuntu
Suites: focal
Components: stable
Signed-By: /usr/share/keyrings/passbolt-repository.gpg

There are no other files in the folder

Full Output apt update

Ubuntu 18.04.4 LTS

Hi,

I guess Ubuntu 18.04 is not able to read well new apt list format.

You can try to delete passbolt.sources file:

sudo rm /etc/apt/sources.list.d/passbolt.sources

and create a /etc/apt/sources.list.d/passbolt.list with this content:

deb [signed-by=/usr/share/keyrings/passbolt-repository.gpg] https://download.passbolt.com/ce/ubuntu focal stable

We provide only Ubuntu 20.04 package repository and our package has not been tested on Ubuntu 18.04 so run it at your own risk.
Usually, it is a bad idea to mix Ubuntu 20.04 focal packages with Ubuntu 18.04 packages.

Hi

So I upgraded my server to the latest ubuntu version

See below image, still seem to get the same error

@moedawood If one keyserver hangs, try one of the other two provided.

Hi

Thank you for the response

The key does get added but when i run apt update I still get the NO PUBKEY ERROR

Hi again @moedawood :wave:

I was able to reproduce your issue, can you check rights of /usr/share/keyrings/passbolt-repository.gpg ?

It must be 644:

$ sudo stat -c %a /usr/share/keyrings/passbolt-repository.gpg
644
$ sudo stat -c %A /usr/share/keyrings/passbolt-repository.gpg
-rw-r--r--

And be owned by root:

$ sudo stat -c %U:%G /usr/share/keyrings/passbolt-repository.gpg
root:root

Some other checks:

$ file /usr/share/keyrings/passbolt-repository.gpg
/usr/share/keyrings/passbolt-repository.gpg: PGP/GPG key public ring (v4) created Mon May 18 14:11:39 2020 RSA (Encrypt or Sign) 2048 bits MPI=0xa827fe9657144e59...
$ gpg --show-keys /usr/share/keyrings/passbolt-repository.gpg
pub   rsa2048 2020-05-18 [SC] [expires: 2022-05-18]
      3D1A0346C8E1802F774AEF21DE8B853FC155581D
uid                      Passbolt SA package signing key <contact@passbolt.com>
sub   rsa2048 2020-05-18 [E] [expires: 2022-05-18]
$ grep ^UMASK /etc/login.defs
UMASK           022

Let me know :slight_smile:

2 Likes

Hi

This worked perfectly

Thank you for everyone’s assistance I appreciate it

Thanks for the feedback. You are not the first one who is reporting that, we will update documentation accordingly and add a warning about this.

Have a nice day :sun_with_face: