apt doesn't have permission to read package signing pubkey #714

qrkourier · 2023-08-21T17:14:54Z

reported in Discourse: https://openziti.discourse.group/t/bad-inrelease-signatures-at-https-packages-openziti-org-zitipax-openziti-deb-stable/1517/3?u=qrkourier

apt drops privs before attempting to read the package signing pubkey imported in /usr/share/keyrings/openziti.gpg by anyone following our install instructions or running the Ubuntu install script.

Alternatives include importing the package signing pubkey into the default keyring instead of creating a new one, but that contradict's the guidance to adopt this new pattern of separate keyrings for third party repos.

The Discourse user's suggestion of ensuring the openziti.gpg keyring file is other-readable makes sense to me.

let others read the Linux package signing pubkey; resolves #714

qrkourier transferred this issue from openziti/ziti-doc Aug 21, 2023

qrkourier added a commit that referenced this issue Aug 21, 2023

let others read the Linux package signing pubkey; resolves #714

130e9ca

qrkourier linked a pull request Aug 21, 2023 that will close this issue

let others read the Linux package signing pubkey; resolves #714 #715

Merged

qrkourier closed this as completed in #715 Aug 24, 2023

qrkourier added a commit that referenced this issue Aug 24, 2023

Merge pull request #715 from openziti/read-signing-keyring

c7f28d4

let others read the Linux package signing pubkey; resolves #714

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

apt doesn't have permission to read package signing pubkey #714

apt doesn't have permission to read package signing pubkey #714

qrkourier commented Aug 21, 2023

apt doesn't have permission to read package signing pubkey #714

apt doesn't have permission to read package signing pubkey #714

Comments

qrkourier commented Aug 21, 2023