bazel: Apt Signing Key Expired
Description of the bug:
The instructions on https://bazel.build/install/ubuntu fail for apt install due to expired signing key.
What’s the simplest, easiest way to reproduce this bug? Please provide a minimal example if possible.
docker run -it ubuntu:latest /bin/bash
apt update
apt install apt-transport-https curl gnupg
curl -fsSL https://bazel.build/bazel-release.pub.gpg | gpg --dearmor >bazel-archive-keyring.gpg
mv bazel-archive-keyring.gpg /usr/share/keyrings
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/bazel-archive-keyring.gpg] https://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list
apt update
Which operating system are you running Bazel on?
No response
What is the output of bazel info release?
No response
If bazel info release returns development version or (@non-git), tell us how you built Bazel.
No response
What’s the output of git remote get-url origin; git rev-parse master; git rev-parse HEAD ?
No response
Have you found anything relevant by searching the web?
No response
Any other information, logs, or outputs that you want to share?
root@cc3499896e98:/# curl -fsSL https://bazel.build/bazel-release.pub.gpg | gpg --dearmor >bazel-archive-keyring.gpg
root@cc3499896e98:/# sudo mv bazel-archive-keyring.gpg /usr/share/keyrings
bash: sudo: command not found
root@cc3499896e98:/# sudo mv bazel-archive-keyring.gpg /usr/share/keyrings/[D^C
root@cc3499896e98:/# sudo mv bazel-archive-keyring.gpg /usr/shar^Ckeyrings
root@cc3499896e98:/# mv bazel-archive-keyring.gpg /usr/share/keyrings
root@cc3499896e98:/# echo "deb [arch=amd64 signed-by=/usr/share/keyrings/bazel-archive-keyring.gpg] https://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel.list
bash: sudo: command not found
root@cc3499896e98:/# echo "deb [arch=amd64 signed-by=/usr/share/keyrings/bazel-archive-keyring.gpg] https://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.lis
t.d/bazel.list
deb [arch=amd64 signed-by=/usr/share/keyrings/bazel-archive-keyring.gpg] https://storage.googleapis.com/bazel-apt stable jdk1.8
root@cc3499896e98:/# apt update
Get:1 https://storage.googleapis.com/bazel-apt stable InRelease [2256 B]
Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease
Err:1 https://storage.googleapis.com/bazel-apt stable InRelease
The following signatures were invalid: EXPKEYSIG 3D5919B448457EE0 Bazel Developer (Bazel APT repository key) <bazel-dev@googlegroups.com>
Hit:3 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:4 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:5 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Reading package lists... Done
W: GPG error: https://storage.googleapis.com/bazel-apt stable InRelease: The following signatures were invalid: EXPKEYSIG 3D5919B448457EE0 Bazel Developer (Bazel APT repository key) <bazel-dev@googlegroups.com>
E: The repository 'https://storage.googleapis.com/bazel-apt stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 18
- Comments: 15 (4 by maintainers)
Commits related to this issue
- Fix Dazel build See more: https://github.com/bazelbuild/bazel/issues/15558#issuecomment-1136150886 — committed to onelxj/eventuals by onelxj 2 years ago
- Fix Dazel build See more: https://github.com/bazelbuild/bazel/issues/15558#issuecomment-1136150886 — committed to 3rdparty/eventuals by onelxj 2 years ago
- Fix Github Actions CI. Also fix the bazel signing key (https://github.com/bazelbuild/bazel/issues/15558). — committed to google/clusterfuzz by oliverchang 2 years ago
- Fix Github Actions CI. (#2676) Also fix the bazel signing key (https://github.com/bazelbuild/bazel/issues/15558). — committed to google/clusterfuzz by oliverchang 2 years ago
- bazel_gpg: update SHA256 For more information see https://github.com/bazelbuild/bazel/issues/15558 — committed to sluongng/rules_docker by sluongng 2 years ago
- bazel_gpg: update SHA256 (#2096) For more information see https://github.com/bazelbuild/bazel/issues/15558 — committed to bazelbuild/rules_docker by sluongng 2 years ago
- Fix Github Actions CI. (#2676) Also fix the bazel signing key (https://github.com/bazelbuild/bazel/issues/15558). — committed to almuthanna-athamina/clusterfuzz by oliverchang 2 years ago
- bazel_gpg: update SHA256 (#2096) For more information see https://github.com/bazelbuild/bazel/issues/15558 — committed to St0rmingBr4in/rules_docker by sluongng 2 years ago
Sorry again for the trouble, we have updated our gpg public key, but due to network caching
https://bazel.build/bazel-release.pub.gpgmay still return the old key, please use the following command to update the public key on your local machine:Sorry for the breakage! We’re looking at this.
IIRC Bazelisk has correctness or performance issues with auto-completion.
Didn’t work for you ?