[SERVER-22143] GPG error - BADSIG D68FA50FEA312927 Created: 12/Jan/16  Updated: 07/Apr/23  Resolved: 12/Jan/16

Status: Closed
Project: Core Server
Component/s: Packaging
Affects Version/s: 3.3.0
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Feng Yu Assignee: Ernie Hershey
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-22144 It seems somebody is tampering with t... Closed
Related
related to DOCS-6956 Comment on: "manual/tutorial/install-... Closed
related to DOCS-6957 Comment on: "manual/tutorial/install-... Closed
related to DOCS-6958 Comment on: "manual/tutorial/install-... Closed
related to DOCS-6959 Comment on: "manual/tutorial/install-... Closed
is related to SERVER-25421 Ubuntu Install - GPG error BADSIG D68... Closed
is related to SERVER-22168 Can't install mongoDB 3.2.1 on ubuntu... Closed
is related to SERVER-25422 Debian Wheezy mongodb 3.2 repository ... Closed
Operating System: ALL
Participants:

 Description   

I followed the mongodb official doc to install mongodb 3.2 on Ubuntu 14.04.

But when I exec "apt-get update", it will raise an error:

W: GPG error: http://repo.mongodb.org trusty/mongodb-org/3.2 Release: The following signatures were invalid: BADSIG D68FA50FEA312927 MongoDB 3.2 Release Signing Key <packaging@mongodb.com>



 Comments   
Comment by Johan Widén [ 14/Feb/17 ]

Hey,
I have the same problem described above when i try to install v3.2.12 on ubuntu v16.04.1.

I have followed the steps on https://docs.mongodb.com/v3.2/tutorial/install-mongodb-on-ubuntu/

I get the warning when i try to install:
"WARNING: The following packages cannot be authenticated!
mongodb-org-shell mongodb-org-server mongodb-org-mongos mongodb-org-tools mongodb-org
Install these packages without verification? [y/N]"

Can you verify that it is correct from you side?

Comment by Francis DB [ 18/Aug/16 ]

Still seeing this

sudo apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
libcgi-fast-perl libcgi-pm-perl libencode-locale-perl libfcgi-perl libhtml-parser-perl libhtml-tagset-perl libhttp-date-perl libhttp-message-perl
libio-html-perl liblwp-mediatypes-perl liburi-perl
The following packages will be upgraded:
libparse-debianchangelog-perl mongodb-org mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools
6 upgraded, 11 newly installed, 0 to remove and 0 not upgraded.
Need to get 53.5 MB of archives.
After this operation, 60.8 MB of additional disk space will be used.
Do you want to continue? [Y/n]
WARNING: The following packages cannot be authenticated!
mongodb-org-shell mongodb-org-server mongodb-org-mongos mongodb-org-tools mongodb-org
Install these packages without verification? [y/N]

Comment by Ernie Hershey [ 03/Aug/16 ]

mcaruanagalizia - thanks for letting me know. I'm glad it's working for you. We're working on clearing up the warning - see SERVER-23397 for more detail.

Comment by Matthew Caruana Galizia [ 03/Aug/16 ]

Hi Ernie, it works now but I get a weak digest warning:

# apt-get update
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial InRelease
Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB]
Ign:3 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 InRelease                                                               
Hit:4 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release                               
Get:5 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB]      
Ign:7 https://packages.graylog2.org/repo/debian stable InRelease
Hit:8 https://packages.graylog2.org/repo/debian stable Release
Fetched 190 kB in 1s (120 kB/s)
Reading package lists... Done
W: http://repo.mongodb.org/apt/ubuntu/dists/xenial/mongodb-org/3.2/Release.gpg: Signature by key 42F3E95A2C4F08279C4960ADD68FA50FEA312927 uses weak digest algorithm (SHA1)

Comment by Ernie Hershey [ 03/Aug/16 ]

Hi mcaruanagalizia - thanks for the report. Are you still seeing any errors? They should be gone now. We're migrating to a new system for package publishing that will give us improved long term stability, as well as better ability to detect, diagnose and prevent problems. In the short term, there were some bumps over the past day or so that we believe we've addressed. Let me know if you're still having any problems or if you can hit the repo now without errors.

Comment by Matthew Caruana Galizia [ 03/Aug/16 ]

This bug is back. Following the official guide for installing 3.2 on Ubuntu 16.04 produces the following error:

root@graylog-1:/etc# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv D68FA50FEA312927
Executing: /tmp/tmp.mxDbE8VMZD/gpg.1.sh --keyserver
hkp://keyserver.ubuntu.com:80
--recv
D68FA50FEA312927
gpg: requesting key EA312927 from hkp server keyserver.ubuntu.com
gpg: key EA312927: "MongoDB 3.2 Release Signing Key <packaging@mongodb.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
root@graylog-1:/etc# echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse
root@graylog-1:/etc# apt-get update
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease
Ign:3 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 InRelease   
Get:4 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release [3,090 B]                     
Get:5 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release.gpg [801 B]                   
Ign:5 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release.gpg      
Get:6 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB]
Hit:7 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2/multiverse amd64 Packages
Ign:8 https://packages.graylog2.org/repo/debian stable InRelease
Hit:9 https://packages.graylog2.org/repo/debian stable Release
Fetched 98.3 kB in 1s (83.2 kB/s)
Reading package lists... Done
W: GPG error: http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release: The following signatures were invalid: BADSIG D68FA50FEA312927 MongoDB 3.2 Release Signing Key <packaging@mongodb.com>
W: The repository 'http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@graylog-1:/etc# 

Comment by Ernie Hershey [ 29/Apr/16 ]

Okay. Thanks for letting us know!

Comment by Ben Richardson [ 29/Apr/16 ]

Yep, that seems to have been the problem, as it is working this am (my time), around 2am UTC.

Comment by Ernie Hershey [ 28/Apr/16 ]

benr you may have been hitting the repo as it was being updated. Can you confirm you're seeing a problem and post more detail if so (the full error message and location of it or command returning it)?

Comment by Ben Richardson [ 28/Apr/16 ]

This is still a problem for me, just now while attempting to install 3.2.6.

Comment by Ernie Hershey [ 12/Jan/16 ]

Glad to hear it! Thanks for the error report and for confirming that it's working for you now.

Comment by Feng Yu [ 12/Jan/16 ]

Fixed.

Comment by Phagun Baya [ 12/Jan/16 ]

Working fine for me too. Thanks guys !

Comment by Boris Kupusovic [ 12/Jan/16 ]

I just re-ran the installation it's working now. Thanks for the quick response.

Comment by Ernie Hershey [ 12/Jan/16 ]

This was the result of a transient error in our signing and publishing script. I manually re-ran the script and verified that signature files are correct now. abcfy2 - can you try again?

Comment by Stennie Steneker (Inactive) [ 12/Jan/16 ]

Hi Feng,

Thanks for reporting this issue .. we're checking into the release signing.

Regards,
Stephen

Generated at Thu Feb 08 03:59:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.