[SERVER-80968] PGP Key changed on mongodb-org/testing Created: 12/Sep/23 Updated: 29/Oct/23 Resolved: 13/Oct/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.2.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Joseph Ferguson | Assignee: | Dylan Richardson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Release Infrastructure
|
|||||||||||||||||||||||||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | |||||||||||||||||||||||||||||||||||||||||||
| Operating System: | ALL | |||||||||||||||||||||||||||||||||||||||||||
| Steps To Reproduce: | Setup gpg keys (all the release keys as used in the past):
Setup the apt sources.list:
Try to apt-get update:
With the same error for focal/mongodg-org/testing:
|
|||||||||||||||||||||||||||||||||||||||||||
| Participants: | ||||||||||||||||||||||||||||||||||||||||||||
| Story Points: | 1 |
| Description |
|
The apt signing key for https://repo.mongodb.org/apt/ubuntu/dists/jammy/mongodb-org/testing has changed with the release of 7.0.2~rc1. This breaks the build 7.0.2~rc1 as well as for other RCs like 6.0.10~rc0 (and 5.0.21~rc0 in the focal suite). The ID mentioned by apt when attempting to use the repo does not match any of the keys on https://pgp.mongodb.com/. (81B0EBBBADCEA95C). |
| Comments |
| Comment by Dylan Richardson [ 29/Sep/23 ] |
|
Hi Joseph! We made a change three weeks ago to our development and testing repositories to use a new key for signing repository metadata. Previously, we were actually using a "random" key depending on which version of the server we had most recently published. We didn't like this behavior because it meant that we couldn't tell users one specific key which was in use for that repository. You could get around it by importing all possible keys like you have done, but you also had to keep that list of keys up to date for distributions where we are publishing new major versions. Instead, we now have a single, long-lived key we will be using for development and testing releases in these repositories. We didn't realize we had external users for the testing/development repositories, so we hadn't published the new key to pgp.mongodb.com. I have now done so, and you can find the correct key at https://pgp.mongodb.com/server-dev.asc. Let me know if you have any other problems with this new key! |