Hi all,
I’m attempting to upgrade my CE install of GitLab (I’m a few versions behind). I understand that GitLab updated their signing keys a few years ago. I’ve attempted to update the keys but have been unsuccessful so far. My sources.list.d looks like this:
deb [signed-by=/usr/share/keyrings/gitlab_gitlab-ce-archive-keyring.gpg] https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu/ bionic main
deb-src [signed-by=/usr/share/keyrings/gitlab_gitlab-ce-archive-keyring.gpg] https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu/ bionic main
Which I understand means I’m using signed-by rather than apt-key. I’ve run the script provided on GitLab to update it;
awk '/deb \[signed-by=/{
pubkey = $2;
sub(/\[signed-by=/, "", pubkey);
sub(/\]$/, "", pubkey);
print pubkey
}' /etc/apt/sources.list.d/gitlab_gitlab-?e.list | \
while read line; do
curl -s "https://packages.gitlab.com/gpg.key" | gpg --dearmor > $line
done
My apt-key list contains:
/etc/apt/trusted.gpg.d/gitlab.gpg
---------------------------------
pub rsa4096 2020-03-02 [SC] [expires: 2024-03-01]
F640 3F65 44A3 8863 DAA0 B6E0 3F01 618A 5131 2F3F
uid [ unknown] GitLab B.V. (package repository signing key) <packages@gitlab.com>
sub rsa4096 2020-03-02 [E] [expires: 2024-03-01]
But still get the following error:
An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3F01618A51312F3F
Any ideas anyone?