netbird: Install fails due to expired PGP key
Describe the problem Attempt to install via cli:
curl -fsSL https://pkgs.netbird.io/install.sh | sh
I am getting error about PGP key:
➜ ~ curl -fsSL https://pkgs.netbird.io/install.sh | sh
NetBird UI installation will be omitted as Linux does not run desktop environment
The installation will be performed using apt package manager
Hit:1 http://nova.clouds.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://swupdate.openvpn.net/community/openvpn3/repos jammy InRelease
Get:5 https://pkgs.tailscale.com/stable/ubuntu jammy InRelease
Hit:6 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:7 https://pkgs.netbird.io/debian stable InRelease [5934 B]
Err:7 https://pkgs.netbird.io/debian stable InRelease
The following signatures were invalid: EXPKEYSIG 83F79AD029778355 Wiretrustee <dev@wiretrustee.com>
Reading package lists... Done
W: GPG error: https://pkgs.netbird.io/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 83F79AD029778355 Wiretrustee <dev@wiretrustee.com>
E: The repository 'https://pkgs.netbird.io/debian stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
About this issue
- Original URL
- State: open
- Created 9 months ago
- Reactions: 3
- Comments: 17 (3 by maintainers)
is it that complicated to replace a file???
@fluidum strange, maybe you have netbird added in some other repo source file? you can find that with
sudo grep -riE 'netbird|wiretrustee' /etc/apt@fluidum Try to delete old keys and repo source files manually an then re-add: https://github.com/netbirdio/public-keys/issues/1#issuecomment-1736322449
@lfarkas It might be a misunderstanding, the file has been replaced, and the output is correct.
Can you test in a clean environment by running a fedora docker container and running the install script as follows?
@gene1wood here’s a list of known possible (old) keys and repo source files locations on Debian / Ubuntu + proper manual fix: https://github.com/netbirdio/public-keys/issues/1#issuecomment-1736322449
install.shhas been updated, so at least on Debian it should now fix all problems with expired keys or wrong repo source file location. Looks like it will also fix problems on RPM distros, although I didn’t test that.Remaining things to fix / check, imo:
install.shfixes problems with keys on RPM distrosinstall.shin the main Installation guide, now it seems to be only mentioned on the Add peer page@gene1wood @risasoft hello folks, our GPG public keys for deb and rpm based packages have expired. We updated them, and for you to be able to use the repository, you need to reimport the keys with the following commands:
deb based (Ubuntu, Debian, etc):
rpm based (Centos, Fedora, Rocky, etc):