gerbera
gerbera copied to clipboard
gerbera
jfrog outage?
Good day to all. Went to go update my servers and got this:
...
Err:6 https://gerbera.jfrog.io/artifactory/debian jammy InRelease
Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
Reading package lists... Done
E: Failed to fetch https://gerbera.jfrog.io/artifactory/debian/dists/jammy/InRelease Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
E: The repository 'https://gerbera.jfrog.io/artifactory/debian jammy InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Seems the jfrog account is disabled? (checking to see if signing key is expired/renewed)
Thanks so much for the look.
Ref(s):
- https://docs.gerbera.io/en/stable/install.html#ubuntu-mint
curl -fsSL https://gerbera.jfrog.io/artifactory/api/gpg/key/public | sudo apt-key add -
sudo apt-add-repository https://gerbera.jfrog.io/artifactory/debian
$ curl -fsSL https://gerbera.jfrog.io/artifactory/api/gpg/key/public | sudo apt-key add -
[sudo] password for user:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
gpg: no valid OpenPGP data found.
Work-around found for WARNING that will eventually become more (rename source and target .gpg files of course):
$ wget -O- https://example.com/EXAMPLE.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/EXAMPLE.gpg > /dev/null
$ cat /etc/apt/sources.list.d/gerbera-jfrog-io-debian-releases.list
deb [signed-by=/usr/share/keyrings/artifactory-keyring.gpg arch=amd64] https://gerbera.jfrog.io/artifactory/debian jammy main
# deb-src https://gerbera.jfrog.io/artifactory/debian jammy main```
Was working until most recently this weekend (Last run was 2022-07-29)
Yeah I think its been disabled as we are over our quota.
I dont have time to look at it.
So Ive tried to sign into the jfrog and it looks like our account has been deactivated? for some reason.
Currently getting a message "please hang on while we resume your environment.
Okay, seems like its back.
No idea why it went away, which is rather concerning.
Could @Hyper200 or @Martii confirm its ok now?
@whyman
which is rather concerning
Security is a never ending battle. :smile_cat: or perhaps they migrated the server hardware and don't have a way to "restart it". *shrugs*
Looks good re-enabling the apt source and using apt:
$ sudo apt update && sudo apt dist-upgrade -yy
...
Hit:2 http://us.archive.ubuntu.com/ubuntu jammy InRelease
Hit:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:4 http://us.archive.ubuntu.com/ubuntu jammy-updates InRelease
Get:5 http://us.archive.ubuntu.com/ubuntu jammy-backports InRelease [99.8 kB]
Hit:6 https://gerbera.jfrog.io/artifactory/debian jammy InRelease
Hit:7 https://ppa.launchpadcontent.net/team-xbmc/ppa/ubuntu jammy InRelease
...
Thanks so much.
I've also updated the above work-around to be a little more exact based on the output of the signing key. Jammy doesn't require it currently but eventually most distro's might be using the isolated form and eventually/probably Ubuntu with whatever Windows Manager is in a particular distro. A mental note for future Gerbera docs perhaps. :smile: .
Awesome news, a PR for the docs would be welcome if you are feeling generous
@whyman
a PR for the docs would be welcome if you are feeling generous
Always willing to lend some time to a project that needs assistance especially when it's a favorite of mine... however there's a lot of ways to do this from my experience:
- Naming conventions are a concern with the key... I melded current Gerbera with Ubuntu's base keys... but doesn't mean that other naming conventions aren't accepted/wanted. I'm also not sure why "artifactory" is in there and doesn't seem to match "gerbera" naming.
- How abstract does Gerbera want it?
- Replace existing doc snippet or append to existing header (since it's a deprecation atm instead of an eol)
- I don't use Mint so I'm not sure how this would work over there. Not sure I have time to install Mint in a VM right away and backwards compatibility.
- Assumptions on binary switches as well.
- Assumptions on /dev/null output to prevent unnecessary output.
- Also don't want to scare new users away with the complexity but it seems to be a complete methodology. Don't see any switch with
apt-add-repositorythat allows a parameter ofsigned-byatm. - Also don't know if this repo only does 64 bit AMD builds or if it has 32 bit builds. I usually specify arch but that doesn't help if it's ARM/PPC/RISC/other based. So probably leave that to autodetection is a guess.
For tagged releases this could be an option (and also compatible with focal):
curl -fsSL https://gerbera.jfrog.io/artifactory/api/gpg/key/public | sudo gpg --batch --yes --dearmor -o /usr/share/keyrings/artifactory-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/artifactory-keyring.gpg] https://gerbera.jfrog.io/artifactory/debian $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/gerbera-jfrog-io-debian-releases.list > /dev/null
echo "# deb-src [signed-by=/usr/share/keyrings/artifactory-keyring.gpg] https://gerbera.jfrog.io/artifactory/debian $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/gerbera-jfrog-io-debian-releases.list > /dev/null
... or perhaps this with variables in bash:
KEY=https://gerbera.jfrog.io/artifactory/api/gpg/key/public
KEYRING=/usr/share/keyrings/artifactory-keyring.gpg
REPO=https://gerbera.jfrog.io/artifactory/debian
LIST=/etc/apt/sources.list.d/gerbera-jfrog-io-debian-releases.list
curl -fsSL $KEY | sudo gpg --batch --yes --dearmor -o $KEYRING
echo "deb [signed-by=$KEYRING] $REPO $(lsb_release -cs) main" | sudo tee $LIST > /dev/null
echo "# deb-src [signed-by=$KEYRING] $REPO $(lsb_release -cs) main" | sudo tee -a $LIST > /dev/null
... instead of the current:
curl -fsSL https://gerbera.jfrog.io/artifactory/api/gpg/key/public | sudo apt-key add -
sudo apt-add-repository https://gerbera.jfrog.io/artifactory/debian