Latest update - 2018.05.26 - missing key on CentOS

Discussion:

Nathan Christenson

2018-05-27 20:29:29 UTC

When trying to install the most recent update (packaged 2018.05.26) on CentOS7 I get the following message:
warning: /var/cache/yum/x86_64/7/Kolab_16/packages/roundcubemail-plugin-kolab_folders-assets-3.3.6-2.2.el7.kolab_16.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID 0038d0db: NOKEY

I'm not sure where to find the key so that I can import it. Can anyone point me in the right direction?
Thank you!
Nathan

L.Slanina

2018-05-30 11:07:01 UTC

Permalink

Hi kolab user list.
Is it someone who can shortly answer for this question, please? Am I
able to repair it by myself or we need to wait for reparation by
package maintainer? I know I can switch off the signature checking,
....
By my point of view will be enough to answer: wait a bit we repair
it, or install it without check. Need I too much? By this problem all
updates installation stop, therefore I nervously ask. Thanks' for
some answer.
Greetings for all,
ladas

Post by Nathan Christenson
When trying to install the most recent update (packaged 2018.05.26)
warning: /var/cache/yum/x86_64/7/Kolab_16/packages/roundcubemail-
Header V3 RSA/SHA1 Signature, key ID 0038d0db: NOKEY
I'm not sure where to find the key so that I can import it. Can
anyone point me in the right direction?
Thank you!
Nathan
_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users

Christoph Erhardt

2018-05-30 11:25:41 UTC

Permalink

L.Slanina

2018-05-30 21:30:06 UTC

Permalink

Hi Christoph.
OK, we will wait. Thank you very much for your answer.
Greetings,
ladas

Post by Christoph Erhardt
Hi,
the OBS server has undergone quite a bit of maintenance work in the
last fewÂ
days - hence the transient outage of the package repositories and the
currentÂ
signing-key issues. Kolab Systems are working on it.
Best regards,
Christoph

Hi kolab user list.
Is it someone who can shortly answer for this question, please? Am I
able to repair it by myself or we need to wait for reparation by
package maintainer? I know I can switch off the signature
checking,
....
By my point of view will be enough to answer: wait a bit we repair
it, or install it without check. Need I too much? By this problem all
updates installation stop, therefore I nervously ask. Thanks' for
some answer.
Greetings for all,
ladas

Post by Nathan Christenson
When trying to install the most recent update (packaged
2018.05.26)
/var/cache/yum/x86_64/7/Kolab_16/packages/roundcubemail-
Header V3 RSA/SHA1 Signature, key ID 0038d0db: NOKEY
I'm not sure where to find the key so that I can import it. Can
anyone point me in the right direction?
Thank you!
Nathan
_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users

_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users

Skale, Franz

2018-06-06 10:16:52 UTC

Permalink

Hi,
a month passed by and the problem still exists.
Are there any updated on the issue ?

Rgds.
Franz

Post by L.Slanina
Hi Christoph.
OK, we will wait. Thank you very much for your answer.
Greetings,
ladas

Hi, the OBS server has undergone quite a bit of maintenance work in
the last few days - hence the transient outage of the package
repositories and the current signing-key issues. Kolab Systems are
working on it. Best regards, Christoph On Wednesday, 30 May 2018
13:07:01 CEST L.Slanina wrote: Hi kolab user list. Is it someone who
can shortly answer for this question, please? Am I able to repair it
by myself or we need to wait for reparation by package maintainer? I
know I can switch off the signature checking, .... By my point of
view will be enough to answer: wait a bit we repair it, or install
it without check. Need I too much? By this problem all updates
installation stop, therefore I nervously ask. Thanks' for some
answer. Greetings for all, ladas Nathan Christenson píše v Ne 27.
05. 2018 v 20:29 +0000: When trying to install the most recent
warning: /var/cache/yum/x86_64/7/Kolab_16/packages/roundcubemail-
Header V3 RSA/SHA1 Signature, key ID 0038d0db: NOKEY I'm not sure
where to find the key so that I can import it. Can anyone point me
in the right direction? Thank you! Nathan
_______________________________________________ users mailing list

_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users
_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users

Scott Newton

2018-06-09 09:11:33 UTC

Permalink

I still have the same issue as well.

Thanks

Post by Skale, Franz
Hi,
a month passed by and the problem still exists.
Are there any updated on the issue ?
Rgds.
Franz

Post by L.Slanina
Hi Christoph.
OK, we will wait. Thank you very much for your answer.
Greetings,
ladas

_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users

--
Regards
Scott Newton

Skale, Franz

2018-06-09 12:13:43 UTC

Permalink

I really don't know what the problem is on supplying a valid gpg key.
Right now, i sync the package sources and rebuild them by my own.
Using reprepo for debian and a valid gpg key of course.
It's astoundingthat there's no response from the core developers/package
managers.

Rgds.
Franz

Post by Scott Newton
I still have the same issue as well.
Thanks

Post by Skale, Franz
Hi,
a month passed by and the problem still exists.
Are there any updated on the issue ?
Rgds.
Franz

Post by L.Slanina
Hi Christoph.
OK, we will wait. Thank you very much for your answer.
Greetings,
ladas

_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users

Christoph Erhardt

2018-06-09 15:44:23 UTC

Permalink

Hi,

see https://git.kolab.org/T4049#60227 for a workaround.

Unfortunately, there's nothing I can do myself because the signing-key stuff
requires SSH access to the OBS server, which I don't have. The one guy who's
keeping all of the infrastructure together knows about the problem, but I
think he's extremely busy at the moment.

Best regards,
Christoph

Post by Skale, Franz
I really don't know what the problem is on supplying a valid gpg key.
Right now, i sync the package sources and rebuild them by my own.
Using reprepo for debian and a valid gpg key of course.
It's astoundingthat there's no response from the core developers/package
managers.
Rgds.
Franz

Skale, Franz

2018-06-09 16:18:50 UTC

Permalink

Hi,
thanks for clearing things up.
Anyhow, the Task doesn't mention the lists file which are already in
place.
To get it working you have to remove the lists file before updating
again:
1.)
change the /etc/apt/sources.list.d/kolab to:
deb [ trusted=no ]
https://obs.kolabsys.com/repositories/Kolab:/16/Debian_8.0/ ./
deb-src [ trusted=no ]
https://obs.kolabsys.com/repositories/Kolab:/16/Debian_8.0/ ./

2.)
rm
/var/lib/apt/lists/obs.kolabsys.com_repositories_Kolab\:_16_Debian%5f8.0_._*

3.)
apt-get update

4.)
apt-get upgrade

Rgds.
Franz

Post by Christoph Erhardt
Hi,
see https://git.kolab.org/T4049#60227 for a workaround.
Unfortunately, there's nothing I can do myself because the signing-key stuff
requires SSH access to the OBS server, which I don't have. The one guy who's
keeping all of the infrastructure together knows about the problem, but I
think he's extremely busy at the moment.
Best regards,
Christoph

_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users

Enrico Tagliavini

2018-06-14 11:46:28 UTC

Permalink

Hello Christoph,

if I may throw in a suggestion, without sounding like a troll or
an hater, but rather trying to be constructive: maybe this is a good
time to review the internal priorities. I understand there is one
person only maintaining the infrastructure and I fully understand he
can be busy. Blocking updates of all users for multiple weeks should
be a very high priority task, I know there is a workaround but it
involved disabling the only check guaranteeing the source of the
package. Possibly this person needs some help if he cannot flush his
queue enough to reach the point where he can take care of this task.

Again: this is just not to flame or troll, I support Kolab, and I
appreciate the work from everybody working on it and I want it to be
as successful as possible, that's also why I want such issue not to
happen or to be addressed timely.

Thank you.
Kind regards.

Enrico

Post by Skale, Franz
Hi,
thanks for clearing things up.
Anyhow, the Task doesn't mention the lists file which are already in place.
1.)
deb [ trusted=no ]
https://obs.kolabsys.com/repositories/Kolab:/16/Debian_8.0/ ./
deb-src [ trusted=no ]
https://obs.kolabsys.com/repositories/Kolab:/16/Debian_8.0/ ./
2.)
rm
/var/lib/apt/lists/obs.kolabsys.com_repositories_Kolab\:_16_Debian%5f8.0_._*
3.)
apt-get update
4.)
apt-get upgrade
Rgds.
Franz

_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users

Christoph Erhardt

2018-06-15 06:30:34 UTC

Permalink

Hi Enrico,

I think you may be mistaking me for a staff member of Kolab Systems; I'm just
a regular member of the project's open-source community like you are. ;-)

I agree with what you wrote, but I cannot do anything about it (other than
help out in the areas where my progress is not dependent on somebody at Kolab
Systems flicking a switch).

Regarding the workaround for the signing-key issue: fortunately, it's not as
problematic as you think. If you change the repository link to https://, your
package manager validates the server's host certificate and downloads all
packages over an encrypted connection - which should provide roughly the same
level of integrity guarantees. Still, I agree that this issue should be fixed
rather today than tomorrow.

Best regards,
Christoph

Post by Enrico Tagliavini
Hello Christoph,
if I may throw in a suggestion, without sounding like a troll or
an hater, but rather trying to be constructive: maybe this is a good
time to review the internal priorities. I understand there is one
person only maintaining the infrastructure and I fully understand he
can be busy. Blocking updates of all users for multiple weeks should
be a very high priority task, I know there is a workaround but it
involved disabling the only check guaranteeing the source of the
package. Possibly this person needs some help if he cannot flush his
queue enough to reach the point where he can take care of this task.
Again: this is just not to flame or troll, I support Kolab, and I
appreciate the work from everybody working on it and I want it to be
as successful as possible, that's also why I want such issue not to
happen or to be addressed timely.
Thank you.
Kind regards.
Enrico

Benedikt Schäfer

2018-06-15 08:34:41 UTC

Permalink

Hey,

I think what Enrico wanted to say is more like,
what could we do as community to avoid those kind of problmes in the
future and improve the Kolab community.
Maybe we could run a community infrastructure by our own, just an idea
to be more independent from Kolab Systems?

Best regards,
Benedikt

Post by Christoph Erhardt
Hi Enrico,
I think you may be mistaking me for a staff member of Kolab Systems; I'm just
a regular member of the project's open-source community like you are. ;-)
I agree with what you wrote, but I cannot do anything about it (other than
help out in the areas where my progress is not dependent on somebody at Kolab
Systems flicking a switch).
Regarding the workaround for the signing-key issue: fortunately, it's not as
problematic as you think. If you change the repository link to
https://, your
package manager validates the server's host certificate and downloads all
packages over an encrypted connection - which should provide roughly the same
level of integrity guarantees. Still, I agree that this issue should be fixed
rather today than tomorrow.
Best regards,
Christoph

_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users

Skale, Franz

2018-06-15 10:56:11 UTC

Permalink

Hi,
concur, but before we should have an official statement what the actual
status is.
A month without an official statement makes me think.
Sure, we can setup a server and configuring reprepro and providing a
signed package.
I do that every day but if we start a mirror and work together, we
should have an official statement though.

Rgds.
Franz

Post by Benedikt SchÃ¤fer
Hey,
I think what Enrico wanted to say is more like,
what could we do as community to avoid those kind of problmes in the
future and improve the Kolab community.
Maybe we could run a community infrastructure by our own, just an idea
to be more independent from Kolab Systems?
Best regards,
Benedikt

Post by Christoph Erhardt
Hi Enrico,
I think you may be mistaking me for a staff member of Kolab Systems; I'm just
a regular member of the project's open-source community like you are. ;-)
I agree with what you wrote, but I cannot do anything about it (other than
help out in the areas where my progress is not dependent on somebody at Kolab
Systems flicking a switch).
Regarding the workaround for the signing-key issue: fortunately, it's not as
problematic as you think. If you change the repository link to https://, your
package manager validates the server's host certificate and downloads all
packages over an encrypted connection - which should provide roughly the same
level of integrity guarantees. Still, I agree that this issue should be fixed
rather today than tomorrow.
Best regards,
Christoph

_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users

Jan Kowalsky

2018-06-15 11:10:25 UTC

Permalink

Hi all,

for debian Repos I got the same (or similar?) problem. The apt-key
https://ssl.kolabsys.com/community.asc mentioned in the kolab install
howto on https://docs.kolab.org/installation-guide/debian-8.html isn't
the key the repository is signed anymore.

This key works:
https://obs.kolabsys.com/repositories/Kolab:/16/Debian_8.0/Release.key

I haven't a clue about centos repos, but maybe there is one:
https://obs.kolabsys.com/repositories/Kolab:/16/CentOS_7/repodata/

But of course this is like pulling myself up by my own bootstraps ...

Regards
Jan

Post by Skale, Franz
Hi,
concur, but before we should have an official statement what the actual
status is.
A month without an official statement makes me think.
Sure, we can setup a server and configuring reprepro and providing a
signed package.
I do that every day but if we start a mirror and work together, we
should have an official statement though.
Rgds.
Franz

Post by Christoph Erhardt
Hi Enrico,
I think you may be mistaking me for a staff member of Kolab Systems; I'm just
a regular member of the project's open-source community like you are. ;-)
I agree with what you wrote, but I cannot do anything about it (other than
help out in the areas where my progress is not dependent on somebody at Kolab
Systems flicking a switch).
Regarding the workaround for the signing-key issue: fortunately, it's not as
problematic as you think. If you change the repository link to https://, your
package manager validates the server's host certificate and downloads all
packages over an encrypted connection - which should provide roughly the same
level of integrity guarantees. Still, I agree that this issue should be fixed
rather today than tomorrow.
Best regards,
Christoph

_______________________________________________
users mailing list
https://lists.kolab.org/mailman/listinfo/users