stripe-cli
stripe-cli copied to clipboard
stripe
The repository is no longer signed.
Issue
I'm trying to update/upgrade the system but I've run into the issue with stripe cli.
$ sudo apt-get update && sudo apt-get upgrade && sudo apt autoremove
Expected Behavior
No errors
Traceback
Err:8 https://dl.bintray.com/stripe/stripe-cli-deb stable InRelease
403 Forbidden [IP: 18.193.131.58 443]
Err:4 https://dl.yarnpkg.com/debian stable InRelease
The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <[email protected]>
Reading package lists... Done
E: Failed to fetch https://dl.bintray.com/stripe/stripe-cli-deb/dists/stable/InRelease 403 Forbidden [IP: 18.193.131.58 443]
E: The repository 'https://dl.bintray.com/stripe/stripe-cli-deb stable InRelease' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <[email protected]>
Environment
OS: Ubuntu 20.04
Hey @dobeerman, unfortunately we lost apt-get support after the bintray sunsetting and we have yet to find a good alternative. The only alternative for Linux we have is to manually download the new releases through GitHub: https://stripe.com/docs/stripe-cli#install
I'd like to offer my service Balto Repo for hosting Debian & RPM packages. As an example, here are the Debian packages for Helm- https://helm.baltorepo.com/stable/debian/ .
I went ahead and created an example repo with the most recent .deb file you released. It's available here: https://stripe.baltorepo.com/stripe-cli/debian/ Also I noticed issue #656, the RPM version of this issue, which can be resolved similarly.
Merge request https://github.com/stripe/stripe-cli/pull/673 shows how the README could be updated to reference the new repo.
@mattfox Balto looks awesome. Here’s hoping the Stripe folks use it to create a simple way for folks on elementary OS (like me), Ubuntu, etc., to install (the wonderful) Stripe CLI.
By the way, in the interim, will you be maintaining/updating the repository above? Is it cool for us to install and use Stripe CLI from there?
Update: I just read this, which answers my question: https://github.com/stripe/stripe-cli/pull/673#issuecomment-848057145
Thanks @aral - you saw Stripe's decision but I'd be happy to keep the repos available and up-to-date until they introduce their official repos. I've posted the latest release, 1.6.1.
Since https://stripe.baltorepo.com/stripe-cli/debian/ is pretty old. 9 months (1.6.4) as of writting. And in lieu of an official Stripe installer, I have developed a little program to install stripe-cli, called install-stripe-cli.
EDIT 27-03-2022: install-stripe-cli moved to its own repo: https://github.com/dotnetCarpenter/install-stripe-cli/
The Bash program, install-stripe-cli, works by downloading the checksum file from https://github.com/stripe/stripe-cli/releases/latest/download/stripe-linux-checksums.txt. Then each file name is extracted to form the available files to install. If install-stripe-cli is run without any arguments, then the correct file is guessed by comparing file extension and available package manager. install-stripe-cli knows how to install a .deb file with dpkg, .rpm with rpm and how to extract and symlink a .tar.gz file to /usr/local/bin. Of course, you can override this behavior with --install=deb|rpm|usr argument. Or you can get an interactive prompt with the --prompt argument.
Usage:
./install-stripe-cli [-h|--help] [-lps] [-i usr|deb|rpm]
install-stripe-cli is reasonable future proof by that it gets the file names from stripe-linux-checksums.txt and the installation logic is easily overridden by supplying arguments. So file names can change without breaking the script.
apt, apt-get and yum are all front ends for either dpkg or rpm, so the script does not bother with them, since they do not matter.
Overall I'm pretty happy with the result. It is by far the most advanced Bash script I have ever written. Please be kind and please give it a go on your system. Feedback is most welcome!
The program is around 200 lines of code. Around 50 lines is documentation, another 50 is optional parameter parsing. That brings the logic down to a 100 lines, which I think is a good size for a program. Everything but the parameter parsing, is functions and the main program flow is at the bottom - simply calling each function after each other.
The license is MIT and you're free to adapt the code to your needs. At the top, after the license text, you can easily change variables that are most likely to change over time. For instance, the github repo URL (GITHUB_RELEASE_DOWNLOAD_URL), the file name of the checksums file (STRIPE_LINUX_CHECKSUMS_FILE) and the program, sha256sum, that does the checksum validation.
If for instance, the checksums would change to sha512, you would simply change CHECKSUM_PROGRAM=sha256sum to CHECKSUM_PROGRAM=sha512sum. Or for SHAKE128, CHECKSUM_PROGRAM=shake128sum etc. As long as the program has the same interface and can handle these three options, --ignore-missing --quiet --check, it will work fine.
You can even get a changelog with the --changelog argument. Note that, this requires jq to be installed. Also note that both
dpkg and rpm requires sudo, whereas symlinking to your local bin folder does not. You should be asked for user credential if needed and there should not be any need to run install-stripe-cli as root.
Unfortunately, I do not have a redhat system readily available, so I have not tested installation of a .rpm file. According to the documentation I could find, it should however work. Both the debian and symlink installation is thoroughly tested on Ubuntu21.10 with Bash 5.1. I expect that install-stripe-cli works with all Bash versions from 4.3+ (because of local -n files=$1).
Usage:
./install-stripe-cli [-h|--help] [-lps] [-i usr|deb|rpm]
Options:
-h, --help Print usage and exit. -h for short usage and --help for long.
-i, --install=deb|rpm|usr Choose how to install. Negates --prompt.
-l, --changelog Display the changelog. Requires 'jq' to be installed.
-p, --prompt Ask which file to install.
-s, --silent Only print errors, when installing.
Examples:
./install-stripe-cli
will download stripe-cli to your current folder and automagically
install either the .deb or .rpm file with your package manager.
Or symlink it to /usr/local/bin if neither dpkg or rpm was found
on your system.
./install-stripe-cli -i usr
will download stripe-cli to your current folder and symlink it from
/usr/local/bin. '--install usr' option does not require 'sudo'.
./install-stripe-cli -li deb
will download stripe-cli to your current folder, install it with dpkg and
print the changelog.
Exit Status:
Returns success unless an invalid option is given or an error occurs.
Error code 1: Invalid option.
Error code 2: stripe-linux-checksums.txt failed to download.
Error code 4: Invalid --install option value.
Error code 8: Could not figure out which file to install.
Coded with 💓 by @dotnetCarpenter - MIT LICENSE © 2022
What else is in store in the future for install-stripe-cli? I would like to try doing something about dependencies. For
install-stripe-cli to work properly, your system must have jq, wget, curl, cat, cut, rm, tar, which etc. installed. Not all of them are required and some like jq, curl and which are only needed in some circumstances. It would be neat to high-light that to a user and perhaps enable/disable features, depending on available commands.
Other than that, I guess more flags. Perhaps unit tests.. Who knows? For now, it scratches an itch I had. If install-stripe-cli is useful to others, then I am more motivated to work on it.
I learned a lot about Bash that I didn't already know while coding this and there is still of lot more to learn. For Bash programming itself, I am not sure what is the recommended way of returning a value from a function. I have opted for a global variable. Currently only $STRIPE_CLI. For function arguments, I am mostly using global variables as well, with the exception of a few helper functions; setStripeCliFromFileExtension, echoerr and usage. So far it is manageable but I do not know if it scales. As I said, this is by far the most advanced Bash script I have ever written.
cc @gracegoo-stripe @dobeerman @mattfox @aral
In case somebody wants to install Stripe CLI to have it available in a GitHub Action, you can try a workflow step similar to this:
- name: Install Stripe CLI
run: |
gh release download --pattern "*.deb" --repo "stripe/stripe-cli"
sudo dpkg -i stripe*.deb
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Note: this one is for a Ubuntu runner. Change the --pattern accordingly.
@dotnetCarpenter Had the same issue following the current setup guide and man, your script ran perfect! Thank you so much!
Couldn't figure out how to run the script (it fails with "There is no installation file that ends with .deb - aborting" after checking that file that was never downloaded doesn't exist).
The manual installation is trivial, not sure why it isn't documented in Stripe docs:
- Go to https://github.com/stripe/stripe-cli
- Click on the latest release
- Download package and install (dpkg -I ...deb for Ubuntu/Debian)
If anyone gets to this issue from google, where you tried to run sudo apt update and received an error like this:
Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Get:2 https://packages.stripe.dev/stripe-cli-debian-local stable InRelease [4279 B]
Hit:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
Err:2 https://packages.stripe.dev/stripe-cli-debian-local stable InRelease
The following signatures were invalid: EXPKEYSIG DEEBD57F917C83E3 Stripe <[email protected]>
Hit:4 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:5 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Fetched 4279 B in 1s (2938 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.stripe.dev/stripe-cli-debian-local stable InRelease: The following signatures were invalid: EXPKEYSIG DEEBD57F917C83E3 Stripe <[email protected]>
W: Failed to fetch https://packages.stripe.dev/stripe-cli-debian-local/dists/stable/InRelease The following signatures were invalid: EXPKEYSIG DEEBD57F917C83E3 Stripe <[email protected]>
W: Some index files failed to download. They have been ignored, or old ones used instead.
Stripe changed their key and show how to fix the issue by reinstalling the stripe-cli in their docs:
You can see the instructions here (click the apt tab in step 1): https://docs.stripe.com/stripe-cli#install
I had faced the same issue in my Ubuntu 23.10, like below
Hit:7 https://packages.stripe.dev/stripe-cli-debian-local stable InRelease
Err:7 https://packages.stripe.dev/stripe-cli-debian-local stable InRelease
The following signatures were invalid: EXPKEYSIG DEEBD57F917C83E3 Stripe <[email protected]>
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.stripe.dev/stripe-cli-debian-local stable InRelease: The following signatures were invalid: EXPKEYSIG DEEBD57F917C83E3 Stripe <[email protected]>
W: Failed to fetch https://packages.stripe.dev/stripe-cli-debian-local/dists/stable/InRelease The following signatures were invalid: EXPKEYSIG DEEBD57F917C83E3 Stripe <[email protected]>
W: Some index files failed to download. They have been ignored, or old ones used instead.
I guessed this happened because a few days ago I received an email regarding the closing of my Stripe account due to inactivity.
So I was able to get rid of this message by removing the Stripe-CLI repository by following these steps.
Remove stripe from your system
sudo apt remove stripe
Then open the sources.list file
sudo nano /etc/apt/sources.list
Delete the line / comment out containing stripe cli
# deb https://packages.stripe.dev/stripe-cli-debian-local/ stable main
# Comment out like above / remove the line completely
then run
sudo apt update
You can also remove the directory completely by following these steps
List all files in /etc/apt/sources.list.d/
ls /etc/apt/sources.list.d/
Now remove the stripe list
e.g. by running /etc/apt/sources.list.d/ I got two files, like below
stripe.list
stripe.list.save
Remove these two
sudo rm /etc/apt/sources.list.d/stripe.list
sudo rm /etc/apt/sources.list.d/stripe.list.save
Now run sudo apt update again; it should have been removed and the error message won't show.
Now, if you need it, you can install the Stripe cli again from the official docs.
I hope it helps.
Remove an old Stripe GPG signing key
sudo rm -rf /usr/share/keyrings/stripe.gpg
Get a new key
curl -s https://packages.stripe.dev/api/security/keypair/stripe-cli-gpg/public | gpg --dearmor | sudo tee /usr/share/keyrings/stripe.gpg
On April 5th, 2024, we changed Stripe CLI’s GPG key to install the Stripe CLI through apt. If you configured the public key before April 5th, you’ll encounter this error:
Just do : curl -s https://packages.stripe.dev/api/security/keypair/stripe-cli-gpg/public | gpg --dearmor | sudo tee /usr/share/keyrings/stripe.gpg
Source: https://docs.stripe.com/stripe-cli#install
