[Bug 1920640] Re: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>

Brian Murray 1920640 at bugs.launchpad.net
Fri Mar 26 17:18:29 UTC 2021 

I tested this on Bionic (albeit using Ubuntu Error Tracker retracing
systems) and updating the ubuntu-dbgsym-kerying from -proposed allowed
them to retrace crashes again so setting to verification-done.

2021-03-26 17:15:33,167:19962:140010884187968:INFO:root:6d1acc70-8e56-11eb-8af4-fa163e9b80e2:swift:Processing.
2021-03-26 17:15:33,219:19962:140010884187968:INFO:root:6d1acc70-8e56-11eb-8af4-fa163e9b80e2:swift:Decompressing to /tmp/tmprCylMh-swift.6d1
acc70-8e56-11eb-8af4-fa163e9b80e2.oopsid.core
2021-03-26 17:15:33,314:19962:140010884187968:INFO:root:6d1acc70-8e56-11eb-8af4-fa163e9b80e2:swift:Retracing 6d1acc70-8e56-11eb-8af4-fa163e9
b80e2:swift with sandbox-dir /srv/daisy.staging.ubuntu.com/devel/cache/Ubuntu 21.04/cache-uUsGBd/sandbox with cache /srv/daisy.staging.ubunt
u.com/devel/cache/Ubuntu 21.04/cache-uUsGBd/cache
2021-03-26 17:15:36,471:19962:140010884187968:INFO:root:6d1acc70-8e56-11eb-8af4-fa163e9b80e2:swift:Apport's return code was 1.
2021-03-26 17:15:36,471:19962:140010884187968:INFO:root:6d1acc70-8e56-11eb-8af4-fa163e9b80e2:swift:ERROR: W:Download is performed unsandboxe
d as root as file '/srv/daisy.staging.ubuntu.com/devel/cache/Ubuntu 21.04/cache-uUsGBd/cache/Ubuntu 21.04/apt/var/lib/apt/lists/partial/arch
ive.ubuntu.com_ubuntu_dists_hirsute_InRelease' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied), W:GPG error: 
http://ddebs.ubuntu.com hirsute Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Autom
atic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>, E:The repository 'http://ddebs.ubuntu.com hirsute Release' is not signed., W:Upda
ting from such a repository can't be done securely, and is therefore disabled by default., W:See apt-secure(8) manpage for repository creati
on and user configuration details., W:GPG error: http://ddebs.ubuntu.com hirsute-updates Release: The following signatures were invalid: EXP
KEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>, E:The repository 'http:/
/ddebs.ubuntu.com hirsute-updates Release' is not signed.
2021-03-26 17:15:36,471:19962:140010884187968:INFO:root:6d1acc70-8e56-11eb-8af4-fa163e9b80e2:swift:Will retry (6d1acc70-8e56-11eb-8af4-fa163
e9b80e2) due to a transient error.
2021-03-26 17:15:36,473:19962:140010884187968:INFO:root:6d1acc70-8e56-11eb-8af4-fa163e9b80e2:swift:Processing.
2021-03-26 17:15:36,657:19962:140010884187968:INFO:root:6d1acc70-8e56-11eb-8af4-fa163e9b80e2:swift:Decompressing to /tmp/tmpaSBRUl-swift.6d1
acc70-8e56-11eb-8af4-fa163e9b80e2.oopsid.core
2021-03-26 17:15:36,751:19962:140010884187968:INFO:root:6d1acc70-8e56-11eb-8af4-fa163e9b80e2:swift:Retracing 6d1acc70-8e56-11eb-8af4-fa163e9
b80e2:swift with sandbox-dir /srv/daisy.staging.ubuntu.com/devel/cache/Ubuntu 21.04/cache-uUsGBd/sandbox with cache /srv/daisy.staging.ubunt
u.com/devel/cache/Ubuntu 21.04/cache-uUsGBd/cache
2021-03-26 17:16:35,063:19962:140010884187968:INFO:root:6d1acc70-8e56-11eb-8af4-fa163e9b80e2:swift:Writing back to Cassandra
2021-03-26 17:16:35,150:19962:140010884187968:INFO:root:6d1acc70-8e56-11eb-8af4-fa163e9b80e2:swift:Successfully retraced.

ubuntu at juju-1124ad-devel-error-tracker-9:/srv/daisy.staging.ubuntu.com/devel-logs$ apt-cache policy ubuntu-dbgsym-keyring
ubuntu-dbgsym-keyring:
  Installed: 2018.09.18.1~18.04.1
  Candidate: 2018.09.18.1~18.04.1
  Version table:
 *** 2018.09.18.1~18.04.1 500
        500 http://archive.ubuntu.com/ubuntu bionic-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     2018.09.18.1~18.04.0 500
        500 http://prodstack-zone-2.clouds.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages
     2018.02.28 500
        500 http://prodstack-zone-2.clouds.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages


** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1920640

Title:
  EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic
  Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>

Status in ubuntu-keyring package in Ubuntu:
  Fix Released
Status in ubuntu-keyring source package in Bionic:
  Fix Committed
Status in ubuntu-keyring source package in Focal:
  Fix Committed
Status in ubuntu-keyring source package in Groovy:
  Fix Committed
Status in ubuntu-keyring source package in Hirsute:
  Fix Released

Bug description:
  [Impact]

   * Cannot update apt metadata from ddebs.ubuntu.com whilst using
  ubuntu-dbgsym-keyring package

  [Test Plan]

   * Install ubuntu-dbgsym-keyring package
   * Add ddebs.ubuntu.com repository for your release
   * sudo apt update must be successful

  [Where problems could occur]

   * At the moment the signature was bumped by one year
   * Meaning this issue will occur again in 2022
   * Instead the key must be set to not expire & new round of SRUs issued

  [Other Info]
   
   * Original bug report

  The public key used by the debugging symbols repository
  /usr/share/keyrings/ubuntu-dbgsym-keyring.gpg from the package ubuntu-
  dbgsym-keyring expired.

  $ apt policy ubuntu-dbgsym-keyring
  ubuntu-dbgsym-keyring:
    Installed: 2020.02.11.2
    Candidate: 2020.02.11.2
    Version table:
   *** 2020.02.11.2 500
          500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
          500 http://archive.ubuntu.com/ubuntu focal/main i386 Packages
          100 /var/lib/dpkg/status
  $ gpg --no-default-keyring --keyring /usr/share/keyrings/ubuntu-dbgsym-keyring.gpg --list-keys
  /usr/share/keyrings/ubuntu-dbgsym-keyring.gpg
  ---------------------------------------------
  pub   rsa4096 2016-03-21 [SC] [expired: 2021-03-20]
        F2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622
  uid           [ expired] Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>

  Error message on "apt update":

  E: The repository 'http://ddebs.ubuntu.com bionic-updates Release' is not signed.
  N: Updating from such a repository can't be done securely, and is therefore disabled by default.
  N: See apt-secure(8) manpage for repository creation and user configuration details.
  W: GPG error: http://ddebs.ubuntu.com bionic Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>
  E: The repository 'http://ddebs.ubuntu.com bionic Release' is not signed.
  N: Updating from such a repository can't be done securely, and is therefore disabled by default.
  N: See apt-secure(8) manpage for repository creation and user configuration details.
  W: GPG error: http://ddebs.ubuntu.com bionic-proposed Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>
  E: The repository 'http://ddebs.ubuntu.com bionic-proposed Release' is not signed.
  N: Updating from such a repository can't be done securely, and is therefore disabled by default.
  N: See apt-secure(8) manpage for repository creation and user configuration details.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1920640/+subscriptions

More information about the foundations-bugs mailing list