crowdsec: crowdsec 1.5.2-1.fc37 package is signed by expired keys
I was trying to upgrade crowdsec on my fedora core 38 install and first noticed that the 1.5.2 version hasn’t yet been pushed to version 38 but then I tried installing the fedora 37 versions as they have worked often fine also on the newer release.
However, I got this:
Dependencies resolved.
================================================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================================================
Upgrading:
crowdsec x86_64 1.5.2-1.fc37 crowdsec_crowdsec_f37 38 M
crowdsec-firewall-bouncer-nftables x86_64 0.0.27-1.fc37 crowdsec_crowdsec_f37 3.8 M
Transaction Summary
================================================================================================================================================================================================================
Upgrade 2 Packages
Total download size: 42 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): crowdsec-firewall-bouncer-nftables-0.0.27-1.fc37.x86_64.rpm 3.7 MB/s | 3.8 MB 00:01
(2/2): crowdsec-1.5.2-1.fc37.x86_64.rpm 18 MB/s | 38 MB 00:02
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 20 MB/s | 42 MB 00:02
error: Verifying a signature using certificate 9082D8CACBBEB0DAB218BAB04C3D386C3CDF0DB4 (Crowdsec Rpm Archive <support@crowdsec.net>):
1. Certificiate 4C3D386C3CDF0DB4 invalid: certificate is not alive
because: The primary key is not live
because: Expired on 2023-03-16T11:12:49Z
2. Key 4C3D386C3CDF0DB4 invalid: key is not alive
because: The primary key is not live
because: Expired on 2023-03-16T11:12:49Z
error: Verifying a signature using certificate 9082D8CACBBEB0DAB218BAB04C3D386C3CDF0DB4 (Crowdsec Rpm Archive <support@crowdsec.net>):
1. Certificiate 4C3D386C3CDF0DB4 invalid: certificate is not alive
because: The primary key is not live
because: Expired on 2023-03-16T11:12:49Z
2. Key 4C3D386C3CDF0DB4 invalid: key is not alive
because: The primary key is not live
because: Expired on 2023-03-16T11:12:49Z
crowdsec_crowdsec_f37 4.9 kB/s | 3.9 kB 00:00
GPG key at https://packagecloud.io/crowdsec/crowdsec/gpgkey (0x6E93CD0C) is already installed
crowdsec_crowdsec_f37 3.1 kB/s | 2.4 kB 00:00
GPG key at https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg (0xD059946B) is already installed
crowdsec_crowdsec_f37 3.0 kB/s | 2.4 kB 00:00
GPG key at https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg (0x3CDF0DB4) is already installed
crowdsec_crowdsec_f37 3.0 kB/s | 2.4 kB 00:00
GPG key at https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-EDE2C695EC9A5A5C.pub.gpg (0xEA83274E) is already installed
crowdsec_crowdsec_f37 3.0 kB/s | 2.4 kB 00:00
GPG key at https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-C822EDD6B39954A1.pub.gpg (0x145CE2F2) is already installed
error: Verifying a signature using certificate 9082D8CACBBEB0DAB218BAB04C3D386C3CDF0DB4 (Crowdsec Rpm Archive <support@crowdsec.net>):
1. Certificiate 4C3D386C3CDF0DB4 invalid: certificate is not alive
because: The primary key is not live
because: Expired on 2023-03-16T11:12:49Z
2. Key 4C3D386C3CDF0DB4 invalid: key is not alive
because: The primary key is not live
because: Expired on 2023-03-16T11:12:49Z
error: Verifying a signature using certificate 9082D8CACBBEB0DAB218BAB04C3D386C3CDF0DB4 (Crowdsec Rpm Archive <support@crowdsec.net>):
1. Certificiate 4C3D386C3CDF0DB4 invalid: certificate is not alive
because: The primary key is not live
because: Expired on 2023-03-16T11:12:49Z
2. Key 4C3D386C3CDF0DB4 invalid: key is not alive
because: The primary key is not live
because: Expired on 2023-03-16T11:12:49Z
error: Verifying a signature using certificate 9082D8CACBBEB0DAB218BAB04C3D386C3CDF0DB4 (Crowdsec Rpm Archive <support@crowdsec.net>):
1. Certificiate 4C3D386C3CDF0DB4 invalid: certificate is not alive
because: The primary key is not live
because: Expired on 2023-03-16T11:12:49Z
2. Key 4C3D386C3CDF0DB4 invalid: key is not alive
because: The primary key is not live
because: Expired on 2023-03-16T11:12:49Z
error: Verifying a signature using certificate 9082D8CACBBEB0DAB218BAB04C3D386C3CDF0DB4 (Crowdsec Rpm Archive <support@crowdsec.net>):
1. Certificiate 4C3D386C3CDF0DB4 invalid: certificate is not alive
because: The primary key is not live
because: Expired on 2023-03-16T11:12:49Z
2. Key 4C3D386C3CDF0DB4 invalid: key is not alive
because: The primary key is not live
because: Expired on 2023-03-16T11:12:49Z
The GPG keys listed for the "crowdsec_crowdsec_f37" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: crowdsec-1.5.2-1.fc37.x86_64
GPG Keys are configured as: https://packagecloud.io/crowdsec/crowdsec/gpgkey, https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg, https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg, https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-EDE2C695EC9A5A5C.pub.gpg, https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-C822EDD6B39954A1.pub.gpg
Public key for crowdsec-firewall-bouncer-nftables-0.0.27-1.fc37.x86_64.rpm is not trusted. Failing package is: crowdsec-firewall-bouncer-nftables-0.0.27-1.fc37.x86_64
GPG Keys are configured as: https://packagecloud.io/crowdsec/crowdsec/gpgkey, https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg, https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg, https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-EDE2C695EC9A5A5C.pub.gpg, https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-C822EDD6B39954A1.pub.gpg
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
About this issue
- Original URL
- State: closed
- Created a year ago
- Comments: 23 (9 by maintainers)
It seems that the key on packagecloud.io side wasn’t updated. For now, the expired version is still in cache, I am asking packagecloud to invalidate the cache.
And by the way I’ll add the fc38 packages as soon as possible.
The expiration date should have been extended as hinted by packagecloud. I’ll dig into this, and keep you posted.