You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I'm using Chef 13, so I need version 1.4 of the chef-duosecurity cookbook. When I add it to a run list I get the following:
Recipe: duosecurity::package
23:55:57 172.21.9.195 * execute[remove expired duo repo key] action run (skipped due to only_if)
23:55:57 172.21.9.195 * apt_repository[duosecurity] action add
23:55:57 172.21.9.195 * remote_file[/var/chef/cache/https___duo_com_APT-GPG-KEY-DUO] action create
23:55:57 172.21.9.195 - create new file /var/chef/cache/https___duo_com_APT-GPG-KEY-DUO
23:55:57 172.21.9.195 - update content in file /var/chef/cache/https___duo_com_APT-GPG-KEY-DUO from none to 566ece
23:55:57 172.21.9.195 --- /var/chef/cache/https___duo_com_APT-GPG-KEY-DUO 2020-04-13 23:55:57.913253408 +0000
23:55:57 172.21.9.195 +++ /tmp/chef-rest20200413-6130-12h3lvi 2020-04-13 23:55:57.913253408 +0000
23:55:57 172.21.9.195 @@ -1 +1,42 @@
23:55:57 172.21.9.195 +-----BEGIN PGP PUBLIC KEY BLOCK-----
23:55:57 172.21.9.195 +Version: GnuPG v2.0.22 (GNU/Linux)
23:55:57 172.21.9.195 +
23:55:57 172.21.9.195 +mQGiBFIog+QRBACobW/uA1UTaWWDlAhwdQGi+KVOomTVsBA/POo/xXX24kU550o3
23:55:57 172.21.9.195 +ngeM0ibqIc/ghLUkt4Q2j08x9NgNEzcSjdG5DboouqBrcF5CoN4DOFaiKGiMq1zL
23:55:57 172.21.9.195 +14ZmushOHE2Qb0gA0zzxo7GwD/6GSvsH3y1z49JJU5hcXNt9PINsE6KXbwCg+Ob+
23:55:57 172.21.9.195 +qesaO7JhIPMiDLBrNh20bHsD/3KYrgGyLhbKKaYQtS9B7HUIyS3zagDmC9EU4OsW
23:55:57 172.21.9.195 +Tgwo6oDm7OTZ0W9ZSmFJn9IYs7LLu4AeDJqL+pQ83CeHvT205zM6dlgLmUgGvp22
23:55:57 172.21.9.195 +4KJ0K9Wp54AP2NqX7ok2y5edI1CDejPm01ZZLd2POXkJgeS43oftvBtkAUl+W0dD
23:55:57 172.21.9.195 +eHPfA/0ZSsV5CJ0qyaLCtnUsoWczXs460Zs4vxvKkuMdUBwZz9W1RyhBvWdsxn0l
23:55:57 172.21.9.195 +5cwk+rv/49VaYP97M2hPQtrAi7WkRtiU34ze/7Pkpv4+Qiwg9vQjZtMbwzYhWSXt
23:55:57 172.21.9.195 +C3ps0SyuwkvcHWoCejnqkdlTeZpfeQMQAvjonMyBpdgH0sgf6LQyRHVvIFNlY3Vy
23:55:57 172.21.9.195 +aXR5IFBhY2thZ2UgU2lnbmluZyA8ZGV2QGR1b3NlY3VyaXR5LmNvbT6IZgQTEQIA
23:55:57 172.21.9.195 +JgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQJbfxQqBQkNGPdGAAoJEBzJH8YV
23:55:57 172.21.9.195 +0y78WGMAoPSPCVhvfjJFj0c4UQgRHL9zApThAJ9W2f39jm6qCshHoltGRxFAPvel
23:55:57 172.21.9.195 +y7kEDQRSKIVDEBAAiu/l6B3dn0jhLyQsszyAwA1RHh3u4a6a7B4niRX+8zQ8LkQh
23:55:57 172.21.9.195 +VWADc9TXPgPiKxAZyivhgupk9CHkUaRpgyHm/jK5wIZCV6bgQ62QJymfE1FdF5m7
23:55:57 172.21.9.195 +uuq9IvfY/GTWdVwLA/XOxMw6AJMR+WiwNTd0OvlxD1C8u3TZiwEjuPatWVhPfRlT
23:55:57 172.21.9.195 ++ISgsntjf1DdnyjqLNsOFqj4IDV8nEPlzzNHAhS8axeJAnIMkDG6RyLK2cakZahw
23:55:57 172.21.9.195 +R/2VYH4K0zjtguyfK/+w5Md9VlEsHgVKfef+Lwwbo/MJ6evsHoEYGr7CvzNxSlse
23:55:57 172.21.9.195 +2p+3J88YY7tcrlLQRlmhqf3YARS4mjPXnW3fIhlOjCcUStxIT6qvX1a9q7ap7yoP
23:55:57 172.21.9.195 +KpmXiQKqivg8eWmTFp5UACWYdcX/FXDvamd/6fwEniOtvNcblP5jQcipUAepd9uK
23:55:57 172.21.9.195 +A6hpN+uwJvp7kIqRvHB7OhZbjKLvkRishZAPvrRt6VUUdmX9fGj/KiqIVB1Xc7cE
23:55:57 172.21.9.195 +1JwybE+vtY4CSq2CGUYeo0A4a0mq1GCGE4U+00t6ci4xEBtp3+WYbyluZzyBf62l
23:55:57 172.21.9.195 +m5mFmCZ4fqu19ULB6yzmzcFxmMtw3lYPIgs7VbVSF1GjJ1n1nyLZ6mc+mBdHkhrx
23:55:57 172.21.9.195 +tueir0NP0yhwpjC+RngKdQCJkFaEbnNprZBi8PviuP7VKFCxSTePWYdwzaMAAwUP
23:55:57 172.21.9.195 +/3e8bgmKChAzdQroO/4MI6xBe0rCKur11J6lWINsm7oqtvjixqbAViiCKKhpNEgS
23:55:57 172.21.9.195 +XytDy77a9uUewjlhlVzKQV+4CZ58plxJd2ge0IvQagA5qW7/qr9QWd3h/cUWeuLb
23:55:57 172.21.9.195 +eg5iHd/uXS5LePz/jzUHgzuDrrfv2AfvPMLR4fv6lt6mg0I8P2Su5rBWXpP+zybf
23:55:57 172.21.9.195 +lj8CX+bt6ngxPIka8BOUwgfXfp4zwygB8YonpEV24dbgzeeT8cIJ9B67MNgprZjI
23:55:57 172.21.9.195 +un/0qHMo47sQxATRcqJIO3n/d/m1Rrd6b33T40xVXWvKu9SEoJ94ZbugGCkgR8LT
23:55:57 172.21.9.195 +3ir42GCFIJUahkR5ObLa9d4H5Mo1FyKsp9MqZ2p0xji4eBsNDJegiJnW+BIzuBaI
23:55:57 172.21.9.195 +io7kp9c8y+X1ew4MtRYsHaiaKybzINKHQeDNDgdKdno1bRSmuQ0pAa97bfgQRtNR
23:55:57 172.21.9.195 +4RbB9izjHrdz0FYzzSCCglUqwc4Fgc4Z/6gsIIl743MVJp6VKh8hOfQiE5JhzgxY
23:55:57 172.21.9.195 +vuGS0zrdyPEtEBTgIdMviCabgZZQCMseajFoOfNfKdtVYunAS6+X+b1Qby4WDcIV
23:55:57 172.21.9.195 +cde6FFvjvIM4HxS0OIob2ikXIltfIDoHli2QtsZa948QVrqGvqsfcQCjWcS8bVnb
23:55:57 172.21.9.195 +KLlyAI2kz675GFDmj+BKJomA4z2VW5yXtWFMeYmDYYTliE8EGBECAA8CGwwFAlt/
23:55:57 172.21.9.195 +FDoFCQ0Y9fcACgkQHMkfxhXTLvzPBwCgp38icsfj38GinpxMpGF02yxpemUAn1kr
23:55:57 172.21.9.195 +WbTIiN63dr6gdz7hoZJ7PFmJ
23:55:57 172.21.9.195 +=t1j7
23:55:57 172.21.9.195 +-----END PGP PUBLIC KEY BLOCK-----
23:55:57 172.21.9.195 - change mode from '' to '0644'
23:55:58 172.21.9.195 * execute[apt-key add /var/chef/cache/https___duo_com_APT-GPG-KEY-DUO] action run
23:55:58 172.21.9.195 - execute apt-key add /var/chef/cache/https___duo_com_APT-GPG-KEY-DUO
23:55:58 172.21.9.195 * execute[apt-cache gencaches] action run
23:55:58 172.21.9.195 - execute apt-cache gencaches
23:55:58 172.21.9.195 * execute[apt-cache gencaches] action nothing (skipped due to action :nothing)
23:55:58 172.21.9.195 * apt_update[duosecurity] action nothing (skipped due to action :nothing)
23:55:58 172.21.9.195 * file[/etc/apt/sources.list.d/duosecurity.list] action create
23:55:58 172.21.9.195 - create new file /etc/apt/sources.list.d/duosecurity.list
23:55:58 172.21.9.195 - update content in file /etc/apt/sources.list.d/duosecurity.list from none to cd6d7f
23:55:58 172.21.9.195 --- /etc/apt/sources.list.d/duosecurity.list 2020-04-13 23:55:58.401266322 +0000
23:55:58 172.21.9.195 +++ /etc/apt/sources.list.d/.chef-duosecurity20200413-6130-1aryy2a.list 2020-04-13 23:55:58.401266322 +0000
23:55:58 172.21.9.195 @@ -1 +1,2 @@
23:55:58 172.21.9.195 +deb "http://pkg.duosecurity.com/Ubuntu" xenial main
23:55:58 172.21.9.195 - change mode from '' to '0644'
23:55:58 172.21.9.195 - change owner from '' to 'root'
23:55:58 172.21.9.195 - change group from '' to 'root'
23:55:59 172.21.9.195 * execute[apt-cache gencaches] action run
23:55:59 172.21.9.195 - execute apt-cache gencaches
23:55:59 172.21.9.195 * apt_update[duosecurity] action update
23:55:59 172.21.9.195 - force update new lists of packages
23:55:59 172.21.9.195 * directory[/var/lib/apt/periodic] action create (up to date)
23:55:59 172.21.9.195 * directory[/etc/apt/apt.conf.d] action create (up to date)
23:55:59 172.21.9.195 * file[/etc/apt/apt.conf.d/15update-stamp] action create_if_missing (up to date)
23:56:06 172.21.9.195 * execute[apt-get -q update] action run
23:56:06 172.21.9.195 - execute apt-get -q update
23:56:06 172.21.9.195
23:56:06 172.21.9.195
23:56:06 172.21.9.195 * apt_package[login-duo] action purge (up to date)
23:56:06 172.21.9.195 * apt_package[libpam-duo] action purge (up to date)
23:56:06 172.21.9.195 * apt_package[duo-unix] action upgrade
23:56:06 172.21.9.195
23:56:06 172.21.9.195 ================================================================================
23:56:06 172.21.9.195 Error executing action `upgrade` on resource 'apt_package[duo-unix]'
23:56:06 172.21.9.195 ================================================================================
23:56:06 172.21.9.195
23:56:06 172.21.9.195 Mixlib::ShellOut::ShellCommandFailed
23:56:06 172.21.9.195 ------------------------------------
23:56:06 172.21.9.195 Expected process to exit with [0], but received '100'
23:56:06 172.21.9.195 ---- Begin output of apt-get -q -y install duo-unix=1.11.3-0 ----
23:56:06 172.21.9.195 STDOUT: Reading package lists...
23:56:06 172.21.9.195 Building dependency tree...
23:56:06 172.21.9.195 Reading state information...
23:56:06 172.21.9.195 The following NEW packages will be installed:
23:56:06 172.21.9.195 duo-unix
23:56:06 172.21.9.195 0 upgraded, 1 newly installed, 0 to remove and 17 not upgraded.
23:56:06 172.21.9.195 Need to get 273 kB of archives.
23:56:06 172.21.9.195 After this operation, 728 kB of additional disk space will be used.
23:56:06 172.21.9.195 WARNING: The following packages cannot be authenticated!
23:56:06 172.21.9.195 duo-unix
23:56:06 172.21.9.195 STDERR: E: There were unauthenticated packages and -y was used without --allow-unauthenticated
23:56:06 172.21.9.195 ---- End output of apt-get -q -y install duo-unix=1.11.3-0 ----
Here are the repo keys the machine has after that:
$ sudo apt-key list
/etc/apt/trusted.gpg
--------------------
...
pub 1024D/15D32EFC 2013-09-05 [expires: 2020-08-22]
uid Duo Security Package Signing <[email protected]>
sub 4096g/AD7DC31D 2013-09-05 [expires: 2020-08-22]
...
And apt complains about the duosecurity repo:
$ sudo apt-get update
...
Fetched 110 kB in 1s (60.1 kB/s)
Reading package lists... Done
W: GPG error: http://pkg.duosecurity.com/Ubuntu xenial Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 01EF98E910448FDB
W: The repository 'http://pkg.duosecurity.com/Ubuntu xenial Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
...
Looking at the master branch I notice that it's downloading the key from a different URL than in version 1.4.1.
If I try to add this key manually, I can install the package:
$ curl https://duo.com/DUO-GPG-PUBLIC-KEY.asc -o /tmp/duo_key
$ sudo apt-key add /tmp/duo_key
$ sudo apt-key list
/etc/apt/trusted.gpg
--------------------
...
pub 1024D/15D32EFC 2013-09-05 [expires: 2020-08-22]
uid Duo Security Package Signing <[email protected]>
sub 4096g/AD7DC31D 2013-09-05 [expires: 2020-08-22]
pub 4096R/10448FDB 2019-10-30 [expires: 2024-10-28]
uid Duo Security Package Signing <[email protected]>
sub 4096R/0B4CD976 2019-10-30 [expires: 2024-10-28]
$ sudo apt-get update
...
$ sudo apt-get -q -y install duo-unix=1.11.3-0
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
duo-unix
0 upgraded, 1 newly installed, 0 to remove and 17 not upgraded.
Need to get 273 kB of archives.
After this operation, 728 kB of additional disk space will be used.
Get:1 http://pkg.duosecurity.com/Ubuntu xenial/main amd64 duo-unix amd64 1.11.3-0 [273 kB]
Fetched 273 kB in 0s (2,397 kB/s)
Selecting previously unselected package duo-unix.
(Reading database ... 109729 files and directories currently installed.)
Preparing to unpack .../duo-unix_1.11.3-0_amd64.deb ...
Unpacking duo-unix (1.11.3-0) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up duo-unix (1.11.3-0) ...
Processing triggers for libc-bin (2.23-0ubuntu11) ...
Am I missing something here?
Thanks
The text was updated successfully, but these errors were encountered:
Hi, I'm using Chef 13, so I need version 1.4 of the
chef-duosecurity
cookbook. When I add it to a run list I get the following:Here are the repo keys the machine has after that:
And apt complains about the
duosecurity
repo:Looking at the master branch I notice that it's downloading the key from a different URL than in version 1.4.1.
If I try to add this key manually, I can install the package:
Am I missing something here?
Thanks
The text was updated successfully, but these errors were encountered: