3

I try to upgrade jenkins.

I use the new way to use gpg keys:

wget https://pkg.jenkins.io/debian-stable/jenkins.io.key gpg --dearmor jenkins.io.key mv jenkins.io.key.gpg /usr/share/keyrings/jenkins-keyring.asc

cat /etc/apt/sources.list.d/jenkins.list

deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian-stable binary/

apt-key:

apt-key list | grep -i jenkins # nothing 
# file /usr/share/keyrings/jenkins-keyring.asc /usr/share/keyrings/jenkins-keyring.asc: PGP/GPG key public ring (v4) created Mon Mar 30 15:10:17 2020 RSA (Encrypt or Sign) 4096 bits MPI=0x99a14538d6e6150d...

But when I run apt update:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://pkg.jenkins.io/debian-stable binary/ Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY FCEF32E745F2C3D5 W: Failed to fetch https://pkg.jenkins.io/debian-stable/binary/Release.gpg The following signatures couldn't be verified because the public key is not available: NO_PUBKEY FCEF32E745F2C3D5 W: Some index files failed to download. They have been ignored, or old ones used instead.

What's wrong?

Improve this question

2 Answers 2

Reset to default
5

Repository signing keys were changed.

Beginning March 28, 2023, the Jenkins weekly releases will use new repository signing keys for the Linux installation packages. The same change will be made in Jenkins LTS releases beginning April 5, 2023. Administrators of Linux systems must install the new signing keys on their Linux servers before installing Jenkins Jenkins weekly 2.397 or Jenkins LTS 2.387.2.

https://www.jenkins.io/blog/2023/03/27/repository-signing-keys-changing/

Install the new signing keys, and wait for updating repository signed by new key until 5 April.

Improve this answer
2

This is not a problem on your end. That key has expired.

$ gpg --import jenkins.io.key gpg: key FCEF32E745F2C3D5: public key "Jenkins Project <[email protected]>" imported gpg: Total number processed: 1 gpg: imported: 1 $ gpg --fingerprint FCEF32E745F2C3D5 pub rsa4096 2020-03-30 [SC] [expired: 2023-03-30] 62A9 756B FD78 0C37 7CF2 4BA8 FCEF 32E7 45F2 C3D5 uid [ expired] Jenkins Project <[email protected]>

You could email the address attached to the key to inform them about it, or wait for them to notice it and upload an updated key.

While what I said is true on Debian 11 (bullseye), I'm getting a different error than you. My error says:

W: GPG error: ... EXPKEYSIG FCEF32E745F2C3D5

Yours says:

... GPG error: ... NO_PUBKEY FCEF32E745F2C3D5

That plus a few other small textual differences between our outputs makes me think you are on an older version of debian. I'm able to get the same output on buster, so is it possible you are running stretch (deb 9)? If you are running stretch, then you may need to resort to apt-key add jenkins.io.key (though you'll still get the EXPKEYSIG until jenkins updates).

Improve this answer
0

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.