Updating to UCS 4.3-1 FaiIs, looks like the zimbra connector

Hi All !
I’m trying to update to UCS 4.3-1, but failing.
The only E state error i can find is the zimbra repo not beeing signed. (full log paste at end)

E: The repository 'https://appcenter.software-univention.de/univention-repository/4.2/maintained/component zimbra_20170117144145/all/ Release' is not signed.

Anybody has a similar issue, or any ideas on how to overcome ?

Al the best

Rasmus

Reading package lists...
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:5 and /etc/apt/sources.list.d/20_ucs-online-component.list:13
W: GPG error: https://appcenter.software-univention.de/univention-repository/4.2/maintained/component zimbra_20170117144145/all/ Release: The following signatures were invalid: 3550FB4CC61FDB88D334E31A1DD67AFB2CBDA4B0
E: The repository 'https://appcenter.software-univention.de/univention-repository/4.2/maintained/component zimbra_20170117144145/all/ Release' is not signed.
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:3 and /etc/apt/sources.list.d/20_ucs-online-component.list:11
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:4 and /etc/apt/sources.list.d/20_ucs-online-component.list:12
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:3 and /etc/apt/sources.list.d/20_ucs-online-component.list:11
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:4 and /etc/apt/sources.list.d/20_ucs-online-component.list:12
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:5 and /etc/apt/sources.list.d/20_ucs-online-component.list:13
Error: Failed to execute "apt-get update"
exitcode of univention-updater: 1
ERROR: update failed. Please check /var/log/univention/updater.log

Hey,

I can reproduce that by adding the following line to my sources.list and running apt-get update:

deb https://appcenter.software-univention.de/univention-repository/4.2/maintained/component zimbra_20170117144145/all/

What’s curious is that other component repositories such as https://appcenter.software-univention.de/univention-repository/4.2/maintained/component z-push-kopano_20170630110344/all/ are signed by the same key and work fine.

What’s even curiouser is that custom verification of the Release file works fine for me:

[0 root@master ~] wget -q https://appcenter.software-univention.de/univention-repository/4.2/maintained/component/zimbra_20170117144145/all/Release
[0 root@master ~] wget -q https://appcenter.software-univention.de/univention-repository/4.2/maintained/component/zimbra_20170117144145/all/Release.gpg
[0 root@master ~] gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --verify Release.gpg Release
gpg: Signature made 2017-06-27T11:51:39 CEST
gpg:                using DSA key 1DD67AFB2CBDA4B0
gpg: Good signature from "Univention Corporate Server 3.x Archive Key <packages@univention.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3550 FB4C C61F DB88 D334  E31A 1DD6 7AFB 2CBD A4B0

Here’s how the aforementioned z-push looks by comparison:

[0 root@master ~] rm Release*
[0 root@master ~] wget -q https://appcenter.software-univention.de/univention-repository/4.2/maintained/component/z-push-kopano_20170630110344/all/Release
[0 root@master ~] wget -q https://appcenter.software-univention.de/univention-repository/4.2/maintained/component/z-push-kopano_20170630110344/all/Release.gpg
[0 root@master ~] gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --verify Release.gpg Release
gpg: Signature made 2017-12-19T10:51:53 CET
gpg:                using DSA key 1DD67AFB2CBDA4B0
gpg: Good signature from "Univention Corporate Server 3.x Archive Key <packages@univention.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3550 FB4C C61F DB88 D334  E31A 1DD6 7AFB 2CBD A4B0

Pretty much identical.

Maybe someone from Univention such as @damrose can recreate the repository signatures?

In the meantime: if you don’t need that repository anymore, you could simply remove all UCR variables pointing to it. That’ll cause it to be removed from 20_ucs-online-component.list, too, and the update should continue. If you do need it (or rather: if you’re still using software installed from that repo), I advice against removing it; otherwise you may run into other problems during your upgrade as the repository itself and its software won’t be upgraded.

m.

Hey Moritz !

Thanks a bunch, we are heavy relying on the Zimbra connector, so i guess I will have to wait until Univention has a look at it.
Thanks again!

Ras

Hi,

fixed the Release File signature.

-> more /etc/apt/sources.list
deb https://appcenter.software-univention.de/univention-repository/4.2/maintained/component zimbra_20170117144145/all/
deb https://appcenter.software-univention.de/univention-repository/4.3/maintained/component zimbra_20170117144145/all/

-> apt-get update
...
Hit:170 https://updates.software-univention.de/4.3/unmaintained 4.3-1/all/ Release
Hit:172 https://updates.software-univention.de/4.3/unmaintained 4.3-1/amd64/ Release
Hit:173 https://updates.software-univention.de/4.3/maintained/component 4.3-1-errata/all/ Release
Reading package lists... Done

best regards,
Felix

Hey Felix, thanks a bunch
R

Hi Felix !
We are still getting errors while trying to update

Reading package lists...
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:5 and /etc/apt/sources.list.d/20_ucs-online-component.list:13
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:6 and /etc/apt/sources.list.d/20_ucs-online-component.list:15
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:7 and /etc/apt/sources.list.d/20_ucs-online-component.list:19
W: GPG error: https://appcenter.software-univention.de/univention-repository/4.2/maintained/component mobydick_20150527/all/ Release: The following signatures were invalid: 6B6E7E3259A9F44F1452D1BE36602BA86B8BFD3C
E: The repository 'https://appcenter.software-univention.de/univention-repository/4.2/maintained/component mobydick_20150527/all/ Release' is not signed.
W: GPG error: https://appcenter.software-univention.de/univention-repository/4.1/maintained/component mobydick_20150527/all/ Release: The following signatures were invalid: 6B6E7E3259A9F44F1452D1BE36602BA86B8BFD3C
E: The repository 'https://appcenter.software-univention.de/univention-repository/4.1/maintained/component mobydick_20150527/all/ Release' is not signed.
W: GPG error: https://appcenter.software-univention.de/univention-repository/4.0/maintained/component mobydick_20150527/all/ Release: The following signatures were invalid: 6B6E7E3259A9F44F1452D1BE36602BA86B8BFD3C
E: The repository 'https://appcenter.software-univention.de/univention-repository/4.0/maintained/component mobydick_20150527/all/ Release' is not signed.

Any ideas ?

All the best
Ras

Hi All !
Anybody else fighting with this ??

W: GPG error: https://appcenter.software-univention.de/univention-repository/4.2/maintained/component mobydick_20150527/all/ Release: The following signatures were invalid: 6B6E7E3259A9F44F1452D1BE36602BA86B8BFD3C
E: The repository 'https://appcenter.software-univention.de/univention-repository/4.2/maintained/component mobydick_20150527/all/ Release' is not signed.
W: GPG error: https://appcenter.software-univention.de/univention-repository/4.1/maintained/component mobydick_20150527/all/ Release: The following signatures were invalid: 6B6E7E3259A9F44F1452D1BE36602BA86B8BFD3C
E: The repository 'https://appcenter.software-univention.de/univention-repository/4.1/maintained/component mobydick_20150527/all/ Release' is not signed.
W: GPG error: https://appcenter.software-univention.de/univention-repository/4.0/maintained/component mobydick_20150527/all/ Release: The following signatures were invalid: 6B6E7E3259A9F44F1452D1BE36602BA86B8BFD3C
E: The repository 'https://appcenter.software-univention.de/univention-repository/4.0/maintained/component mobydick_20150527/all/ Release' is not signed.

Hi,

i fixed the signature file in the mobydick component, please try to update again.

Eric, you are a star ! thanks !
The update ran through without any issues.
All the best
Rasmus

@damrose This seems to be happening quite often, with different component repositories each time. I can remember at least for or five different questions here about this. Any chance you could whip up a script that goes through all existing component repositories and updates those signatures that need updating? Automatically?

I am getting this:

W: GPG error: https://appcenter.software-univention.de/univention-repository/4.1/maintained/component xrdp_20150902/all/ Release: The following signatures were invalid: 6B6E7E3259A9F44F1452D1BE36602BA86B8BFD3C
E: The repository 'https://appcenter.software-univention.de/univention-repository/4.1/maintained/component xrdp_20150902/all/ Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://appcenter.software-univention.de/univention-repository/4.1/maintained/component xrdp_20150902/amd64/ Release: The following signatures were invalid: 6B6E7E3259A9F44F1452D1BE36602BA86B8BFD3C
E: The repository 'https://appcenter.software-univention.de/univention-repository/4.1/maintained/component xrdp_20150902/amd64/ Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://appcenter.software-univention.de/univention-repository/4.0/maintained/component xrdp_20150902/all/ Release: The following signatures were invalid: 6B6E7E3259A9F44F1452D1BE36602BA86B8BFD3C
E: The repository 'https://appcenter.software-univention.de/univention-repository/4.0/maintained/component xrdp_20150902/all/ Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://appcenter.software-univention.de/univention-repository/4.0/maintained/component xrdp_20150902/amd64/ Release: The following signatures were invalid: 6B6E7E3259A9F44F1452D1BE36602BA86B8BFD3C
E: The repository 'https://appcenter.software-univention.de/univention-repository/4.0/maintained/component xrdp_20150902/amd64/ Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

How can I fix this?

@Carlitos Do you still need the XRDP component? Then wait for Univention to fix the signature. If not, remove the XRDP component repository by unsetting the corresponding UCR variables.

I just got word from the App Center team that all App repositories have been updated and should now contain valid signatures. If the problem still exists, please tell us.

Hi @Moritz_Bunkus,
Yes I am using it sometimes when I need to access the console. I have not allow SSH access remotely. I find the XRDP feature less common than SSH.

Hi @damrose,
I can confirm I don’t see the signature errors anymore.

Thanks you both for your replies.

Carlos