Unsigned Repository

Receiving the following error on installation in Ubuntu:

passbolt-repo-setup.ce.sh: OK

The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY DE8B853FC155581D
Reading package lists… Done
W: GPG error: download.passbolt.com/ce/ubuntu focal InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY DE8B853FC155581D
E: The repository ‘https://download.passbolt.com/ce/ubuntu focal InRelease’ is not signed.

When I traverse to that directory there is indeed nothing there. Installation aborts. I saw there were issues with sigs/keys in the past and wondering if perhaps it is rearing its ugly head again?
Thanks for any assistance.

Mark

Hey mate,

I was able to get around this by following the steps here: Passbolt Help | Wide Open

You can run this command :

wget -qO- https://download.passbolt.com/pub.key |\
    gpg --dearmor | sudo tee /usr/share/keyrings/passbolt-repository.gpg > /dev/null

Then run
sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh

And the dependencies script ran for me.

2 Likes

Hello @mrbyerle

What @brunt is saying is correct, we rotated the gpg key of the repo 2 years ago.

So you must follow the process that is described in the link that @brunt shared.