Ubuntu 更新Gitlab-ce提示:The following signatures were invalid: EXPKEYSIG 3F01618A51312F3F GitLab B.V.
Err:36 https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu focal InRelease
The following signatures were invalid: EXPKEYSIG 3F01618A51312F3F GitLab B.V. (package repository signing key) packages@gitlab.com
原因:密钥2年一期,此次过期时间是2024年3月1日,需要更新公钥。
官方解决方案:
This key’s expiration was extended from 2024-03-01 to 2026-02-27. If you encounter a complaint of expiration on 2024-03-01, perform the steps in Update keys after expiry extension to incorporate the updated public key content.
https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6701#note_1801065765
公钥到期后更新延长
1 基于Debian的发行版
- 确认是使用的是
apt-key
还是signed-by
:grep 'deb \[signed-by=' /etc/apt/sources.list.d/gitlab_gitlab-?e.list
- 如果没有返回值,使用的是
apt-key
; - 如果有返回值,使用的是
signed-by
。
- 如果没有返回值,使用的是
- 对于
signed-by
,输入以下脚本更新公钥awk '/deb \[signed-by=/{ pubkey = $2; sub(/\[signed-by=/, "", pubkey); sub(/\]$/, "", pubkey); print pubkey }' /etc/apt/sources.list.d/gitlab_gitlab-?e.list | \ while read line; do curl -s "https://packages.gitlab.com/gpg.key" | gpg --dearmor > $line done
- 对于
apt-key
,输入一下脚本更新公钥apt-key del 3F01618A51312F3F curl -s "https://packages.gitlab.com/gpg.key" | apt-key add - apt-key list 3F01618A51312F3F
2 基于RPM的发行版
yum
和dnf
有些细微的区别,但底层配置是相同的。
- 移除现有密钥
for pubring in /var/cache/dnf/gitlab_gitlab-?e-*/pubring do gpg --homedir $pubring --delete-key F6403F6544A38863DAA0B6E03F01618A51312F3F done
- 更新现有密钥
dnf check-update