Updating to UCS 4.3-1 FaiIs, looks like the zimbra connector


#1

Hi All !
I’m trying to update to UCS 4.3-1, but failing.
The only E state error i can find is the zimbra repo not beeing signed. (full log paste at end)

E: The repository 'https://appcenter.software-univention.de/univention-repository/4.2/maintained/component zimbra_20170117144145/all/ Release' is not signed.

Anybody has a similar issue, or any ideas on how to overcome ?

Al the best

Rasmus

Reading package lists...
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:5 and /etc/apt/sources.list.d/20_ucs-online-component.list:13
W: GPG error: https://appcenter.software-univention.de/univention-repository/4.2/maintained/component zimbra_20170117144145/all/ Release: The following signatures were invalid: 3550FB4CC61FDB88D334E31A1DD67AFB2CBDA4B0
E: The repository 'https://appcenter.software-univention.de/univention-repository/4.2/maintained/component zimbra_20170117144145/all/ Release' is not signed.
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:3 and /etc/apt/sources.list.d/20_ucs-online-component.list:11
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:4 and /etc/apt/sources.list.d/20_ucs-online-component.list:12
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:3 and /etc/apt/sources.list.d/20_ucs-online-component.list:11
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:4 and /etc/apt/sources.list.d/20_ucs-online-component.list:12
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:5 and /etc/apt/sources.list.d/20_ucs-online-component.list:13
Error: Failed to execute "apt-get update"
exitcode of univention-updater: 1
ERROR: update failed. Please check /var/log/univention/updater.log

Zimbra connector + UCS nextcloud and zimbra drive for share access via email webapp?
#2

Hey,

I can reproduce that by adding the following line to my sources.list and running apt-get update:

deb https://appcenter.software-univention.de/univention-repository/4.2/maintained/component zimbra_20170117144145/all/

What’s curious is that other component repositories such as https://appcenter.software-univention.de/univention-repository/4.2/maintained/component z-push-kopano_20170630110344/all/ are signed by the same key and work fine.

What’s even curiouser is that custom verification of the Release file works fine for me:

[0 root@master ~] wget -q https://appcenter.software-univention.de/univention-repository/4.2/maintained/component/zimbra_20170117144145/all/Release
[0 root@master ~] wget -q https://appcenter.software-univention.de/univention-repository/4.2/maintained/component/zimbra_20170117144145/all/Release.gpg
[0 root@master ~] gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --verify Release.gpg Release
gpg: Signature made 2017-06-27T11:51:39 CEST
gpg:                using DSA key 1DD67AFB2CBDA4B0
gpg: Good signature from "Univention Corporate Server 3.x Archive Key <packages@univention.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3550 FB4C C61F DB88 D334  E31A 1DD6 7AFB 2CBD A4B0

Here’s how the aforementioned z-push looks by comparison:

[0 root@master ~] rm Release*
[0 root@master ~] wget -q https://appcenter.software-univention.de/univention-repository/4.2/maintained/component/z-push-kopano_20170630110344/all/Release
[0 root@master ~] wget -q https://appcenter.software-univention.de/univention-repository/4.2/maintained/component/z-push-kopano_20170630110344/all/Release.gpg
[0 root@master ~] gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --verify Release.gpg Release
gpg: Signature made 2017-12-19T10:51:53 CET
gpg:                using DSA key 1DD67AFB2CBDA4B0
gpg: Good signature from "Univention Corporate Server 3.x Archive Key <packages@univention.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3550 FB4C C61F DB88 D334  E31A 1DD6 7AFB 2CBD A4B0

Pretty much identical.

Maybe someone from Univention such as @damrose can recreate the repository signatures?

In the meantime: if you don’t need that repository anymore, you could simply remove all UCR variables pointing to it. That’ll cause it to be removed from 20_ucs-online-component.list, too, and the update should continue. If you do need it (or rather: if you’re still using software installed from that repo), I advice against removing it; otherwise you may run into other problems during your upgrade as the repository itself and its software won’t be upgraded.

m.


#3

Hey Moritz !

Thanks a bunch, we are heavy relying on the Zimbra connector, so i guess I will have to wait until Univention has a look at it.
Thanks again!

Ras


#4

Hi,

fixed the Release File signature.

-> more /etc/apt/sources.list
deb https://appcenter.software-univention.de/univention-repository/4.2/maintained/component zimbra_20170117144145/all/
deb https://appcenter.software-univention.de/univention-repository/4.3/maintained/component zimbra_20170117144145/all/
-> apt-get update
...
Hit:170 https://updates.software-univention.de/4.3/unmaintained 4.3-1/all/ Release
Hit:172 https://updates.software-univention.de/4.3/unmaintained 4.3-1/amd64/ Release
Hit:173 https://updates.software-univention.de/4.3/maintained/component 4.3-1-errata/all/ Release
Reading package lists... Done

best regards,
Felix


#5

Hey Felix, thanks a bunch
R