[Bug]: Mattermost apt repository GPG signing key is expired (today)

[almereyda]

Checks before filing an issue

• This issue doesn't reproduce on web browsers (such as in Chrome). If it does, issue reports go to the Mattermost Server repository.
• I have checked the issue tracker and have not found an issue that matches the one I'm filing.
• This issue is not a troubleshooting question. Troubleshooting questions go here: https://forum.mattermost.com/c/trouble-shoot/16.
• This issue is not a feature request. You can request features and make product suggestions here: https://mattermost.com/suggestions/.
• This issue reproduces on the most recent stable version, or the most recent prerelease version of the Mattermost Desktop App.
• I have read the contribution guidelines.

Mattermost Desktop Version

latest

Operating System

Ubuntu 23.10

Mattermost Server Version

latest

Steps to reproduce

apt update

Expected behavior

Mattermost is updated.

Observed behavior

Apt rejects the signing key.

Log Output

Fehl:21 https://deb.packages.mattermost.com stable InRelease
  Die folgenden Signaturen waren ungültig: EXPKEYSIG F8F2C31744774B28 Mattermost Build <dev-ops@mattermost.com>
…
W: Während der Überprüfung der Signatur trat ein Fehler auf. Das Depot wurde nicht aktualisiert und die vorherigen Indexdateien werden verwendet. GPG-Fehler: https://deb.packages.mattermost.com stable InRelease: Die folgenden Signaturen waren ungültig: EXPKEYSIG F8F2C31744774B28 Mattermost Build <dev-ops@mattermost.com>
W: Fehlschlag beim Holen von https://deb.packages.mattermost.com/dists/stable/InRelease Die folgenden Signaturen waren ungültig: EXPKEYSIG F8F2C31744774B28 Mattermost Build <dev-ops@mattermost.com>

Additional Information

$ curl -sL -o- https://deb.packages.mattermost.com/pubkey.gpg | gpg --show-keys -               
pub   rsa2048 2017-03-27 [SC] [verfallen: 2024-04-06]
      A1B31D46F0F3A10B02CF2D44F8F2C31744774B28
uid                      Mattermost Build <dev-ops@mattermost.com>

[wdconinc]

In English this looks like this:

/etc/apt/trusted.gpg.d $ gpg mattermost.gpg
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa2048 2017-03-27 [SC] [expired: 2024-04-06]
      A1B31D46F0F3A10B02CF2D44F8F2C31744774B28
uid           Mattermost Build <dev-ops@mattermost.com>

[KoRn0509]

Has it not been fixed in two days? What the hell?

[saturninoabril]

Thanks @almereyda @wdconinc for reporting!

@KoRn0509 It happened to fall on weekend and so it's only now being looked at.

[phoinixgrr]

Hello @almereyda

We appreciate the report. The issue has been addressed, and the GPG public key has been successfully updated.

 > curl -sL -o- https://deb.packages.mattermost.com/pubkey.gpg | gpg --show-keys -                                                                                                   
pub   rsa2048 2017-03-27 [SC] [expires: 2028-04-07]
      A1B31D46F0F3A10B02CF2D44F8F2C31744774B28
uid                      Mattermost Build <dev-ops@mattermost.com>

You can either import the new public key from https://deb.packages.mattermost.com/pubkey.gpg , or follow the provided instructions to utilize the automatic Mattermost PPA repository setup script at https://docs.mattermost.com/install/installing-mattermost-omnibus.html#add-the-mattermost-ppa-repositories.

Let us know if this resolves the issue.

[sat-hub]

Hint: Delete the old key from /etc/apt/trusted.gpg.d before re-adding the apt repository.

[phoinixgrr]

Hint: Delete the old key from /etc/apt/trusted.gpg.d before re-adding the apt repository.

Correct. This can be used, for supported ubuntu distributions being Ubuntu Bionic and Focal :

sudo gpg --batch --delete-key A1B31D46F0F3A10B02CF2D44F8F2C31744774B28
curl -sL -o- https://deb.packages.mattermost.com/pubkey.gpg |  sudo gpg --import

[phoinixgrr]

For Ubuntu Jammy :

sudo rm /usr/share/keyrings/mattermost-archive-keyring.gpg
curl -sL -o- https://deb.packages.mattermost.com/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/mattermost-archive-keyring.gpg >/dev/null

Re-running the automatic Mattermost PPA repository setup-script available at https://docs.mattermost.com/install/installing-mattermost-omnibus.html#add-the-mattermost-ppa-repositories.

shoud also fix the issue,.

[nab-77]

@cwarnermm this should be a note box at the top of both https://docs.mattermost.com/install/installing-mattermost-omnibus.html and https://docs.mattermost.com/install/install-ubuntu.html

[devinbinnie]

Going to close this issue since we've updated the GPG key and are fixing our process to make sure this doesn't come up again. Thanks @almereyda for bringing this to our attention :)

[almereyda]

On this mantic install, I was able to get inspiration from the above conversation and the current repo-setup.sh to update the apt cache with:

rm /etc/apt/sources.list.d/mattermost_stable.list
rm /etc/apt/trusted.gpg.d/mattermost.gpg
curl -s https://deb.packages.mattermost.com/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/mattermost-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/mattermost-archive-keyring.gpg] https://deb.packages.mattermost.com stable main" > /etc/apt/sources.list.d/mattermost.list

Notably, there wasn't even an upgrade for Mattermost on the table right now.

[longjon929]

I tried various things, listed here and on webpages, but those didn't work for me on Ubuntu 20.04. Piping the key into apt-key did work. So I'm leaving this hear in case others run into the same problem:

curl -sL -o- https://deb.packages.mattermost.com/pubkey.gpg | gpg --dearmor | sudo apt-key add