Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-25422

Debian Wheezy mongodb 3.2 repository signed with a bad key

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 3.2.8
    • Component/s: Packaging
    • None
    • ALL
    • Hide

      This seems to be SERVER-22144 happening again

      $ curl http://repo.mongodb.org/apt/debian/dists/wheezy/mongodb-org/3.2/Release > Release
      $ curl http://repo.mongodb.org/apt/debian/dists/wheezy/mongodb-org/3.2/Release.gpg > Release.gpg
      shasum *
      a4f86ac7fe5581db025a60f8aadeeb288f8a142a  Release
      2cb1424a220dfccb3eec6ef4cea6590729131979  Release.gpg
      (reverse-i-search)`re': curl http://repo.mongodb.org/apt/debian/dists/wheezy/mongodb-org/3.2/Release.gpg > Release.gpg
      $ gpg --recv-key EA312927
      ..
      $ gpg --verify Release.gpg Release
      gpg: Signature made Tue Aug  2 04:21:56 2016 CEST using RSA key ID EA312927
      gpg: BAD signature from "MongoDB 3.2 Release Signing Key <packaging@mongodb.com>" [unknown]
      

      apt-get is printing:
      W: GPG error: http://repo.mongodb.org wheezy/mongodb-org/3.2 Release: The following signatures were invalid: BADSIG D68FA50FEA312927 MongoDB 3.2 Release Signing Key <packaging@mongodb.com>

      Show
      This seems to be SERVER-22144 happening again $ curl http: //repo.mongodb.org/apt/debian/dists/wheezy/mongodb-org/3.2/Release > Release $ curl http: //repo.mongodb.org/apt/debian/dists/wheezy/mongodb-org/3.2/Release.gpg > Release.gpg shasum * a4f86ac7fe5581db025a60f8aadeeb288f8a142a Release 2cb1424a220dfccb3eec6ef4cea6590729131979 Release.gpg (reverse-i-search)`re': curl http: //repo.mongodb.org/apt/debian/dists/wheezy/mongodb-org/3.2/Release.gpg > Release.gpg $ gpg --recv-key EA312927 .. $ gpg --verify Release.gpg Release gpg: Signature made Tue Aug 2 04:21:56 2016 CEST using RSA key ID EA312927 gpg: BAD signature from "MongoDB 3.2 Release Signing Key <packaging@mongodb.com>" [unknown] apt-get is printing: W: GPG error: http://repo.mongodb.org wheezy/mongodb-org/3.2 Release: The following signatures were invalid: BADSIG D68FA50FEA312927 MongoDB 3.2 Release Signing Key <packaging@mongodb.com>

      W: GPG error: http://repo.mongodb.org wheezy/mongodb-org/3.2 Release: The following signatures were invalid: BADSIG D68FA50FEA312927 MongoDB 3.2 Release Signing Key <packaging@mongodb.com>

      with todays update. A new (invalid?) signature has been made yesterday.

            Assignee:
            Unassigned Unassigned
            Reporter:
            hfreyther Holger Freyther
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: