Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apt key outdated in version 1.4? #22

Open
simnyc opened this issue Apr 14, 2020 · 0 comments
Open

apt key outdated in version 1.4? #22

simnyc opened this issue Apr 14, 2020 · 0 comments

Comments

@simnyc
Copy link

simnyc commented Apr 14, 2020

Hi, I'm using Chef 13, so I need version 1.4 of the chef-duosecurity cookbook. When I add it to a run list I get the following:

Recipe: duosecurity::package
23:55:57 172.21.9.195   * execute[remove expired duo repo key] action run (skipped due to only_if)
23:55:57 172.21.9.195   * apt_repository[duosecurity] action add
23:55:57 172.21.9.195     * remote_file[/var/chef/cache/https___duo_com_APT-GPG-KEY-DUO] action create
23:55:57 172.21.9.195       - create new file /var/chef/cache/https___duo_com_APT-GPG-KEY-DUO
23:55:57 172.21.9.195       - update content in file /var/chef/cache/https___duo_com_APT-GPG-KEY-DUO from none to 566ece
23:55:57 172.21.9.195       --- /var/chef/cache/https___duo_com_APT-GPG-KEY-DUO	2020-04-13 23:55:57.913253408 +0000
23:55:57 172.21.9.195       +++ /tmp/chef-rest20200413-6130-12h3lvi	2020-04-13 23:55:57.913253408 +0000
23:55:57 172.21.9.195       @@ -1 +1,42 @@
23:55:57 172.21.9.195       +-----BEGIN PGP PUBLIC KEY BLOCK-----
23:55:57 172.21.9.195       +Version: GnuPG v2.0.22 (GNU/Linux)
23:55:57 172.21.9.195       +
23:55:57 172.21.9.195       +mQGiBFIog+QRBACobW/uA1UTaWWDlAhwdQGi+KVOomTVsBA/POo/xXX24kU550o3
23:55:57 172.21.9.195       +ngeM0ibqIc/ghLUkt4Q2j08x9NgNEzcSjdG5DboouqBrcF5CoN4DOFaiKGiMq1zL
23:55:57 172.21.9.195       +14ZmushOHE2Qb0gA0zzxo7GwD/6GSvsH3y1z49JJU5hcXNt9PINsE6KXbwCg+Ob+
23:55:57 172.21.9.195       +qesaO7JhIPMiDLBrNh20bHsD/3KYrgGyLhbKKaYQtS9B7HUIyS3zagDmC9EU4OsW
23:55:57 172.21.9.195       +Tgwo6oDm7OTZ0W9ZSmFJn9IYs7LLu4AeDJqL+pQ83CeHvT205zM6dlgLmUgGvp22
23:55:57 172.21.9.195       +4KJ0K9Wp54AP2NqX7ok2y5edI1CDejPm01ZZLd2POXkJgeS43oftvBtkAUl+W0dD
23:55:57 172.21.9.195       +eHPfA/0ZSsV5CJ0qyaLCtnUsoWczXs460Zs4vxvKkuMdUBwZz9W1RyhBvWdsxn0l
23:55:57 172.21.9.195       +5cwk+rv/49VaYP97M2hPQtrAi7WkRtiU34ze/7Pkpv4+Qiwg9vQjZtMbwzYhWSXt
23:55:57 172.21.9.195       +C3ps0SyuwkvcHWoCejnqkdlTeZpfeQMQAvjonMyBpdgH0sgf6LQyRHVvIFNlY3Vy
23:55:57 172.21.9.195       +aXR5IFBhY2thZ2UgU2lnbmluZyA8ZGV2QGR1b3NlY3VyaXR5LmNvbT6IZgQTEQIA
23:55:57 172.21.9.195       +JgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQJbfxQqBQkNGPdGAAoJEBzJH8YV
23:55:57 172.21.9.195       +0y78WGMAoPSPCVhvfjJFj0c4UQgRHL9zApThAJ9W2f39jm6qCshHoltGRxFAPvel
23:55:57 172.21.9.195       +y7kEDQRSKIVDEBAAiu/l6B3dn0jhLyQsszyAwA1RHh3u4a6a7B4niRX+8zQ8LkQh
23:55:57 172.21.9.195       +VWADc9TXPgPiKxAZyivhgupk9CHkUaRpgyHm/jK5wIZCV6bgQ62QJymfE1FdF5m7
23:55:57 172.21.9.195       +uuq9IvfY/GTWdVwLA/XOxMw6AJMR+WiwNTd0OvlxD1C8u3TZiwEjuPatWVhPfRlT
23:55:57 172.21.9.195       ++ISgsntjf1DdnyjqLNsOFqj4IDV8nEPlzzNHAhS8axeJAnIMkDG6RyLK2cakZahw
23:55:57 172.21.9.195       +R/2VYH4K0zjtguyfK/+w5Md9VlEsHgVKfef+Lwwbo/MJ6evsHoEYGr7CvzNxSlse
23:55:57 172.21.9.195       +2p+3J88YY7tcrlLQRlmhqf3YARS4mjPXnW3fIhlOjCcUStxIT6qvX1a9q7ap7yoP
23:55:57 172.21.9.195       +KpmXiQKqivg8eWmTFp5UACWYdcX/FXDvamd/6fwEniOtvNcblP5jQcipUAepd9uK
23:55:57 172.21.9.195       +A6hpN+uwJvp7kIqRvHB7OhZbjKLvkRishZAPvrRt6VUUdmX9fGj/KiqIVB1Xc7cE
23:55:57 172.21.9.195       +1JwybE+vtY4CSq2CGUYeo0A4a0mq1GCGE4U+00t6ci4xEBtp3+WYbyluZzyBf62l
23:55:57 172.21.9.195       +m5mFmCZ4fqu19ULB6yzmzcFxmMtw3lYPIgs7VbVSF1GjJ1n1nyLZ6mc+mBdHkhrx
23:55:57 172.21.9.195       +tueir0NP0yhwpjC+RngKdQCJkFaEbnNprZBi8PviuP7VKFCxSTePWYdwzaMAAwUP
23:55:57 172.21.9.195       +/3e8bgmKChAzdQroO/4MI6xBe0rCKur11J6lWINsm7oqtvjixqbAViiCKKhpNEgS
23:55:57 172.21.9.195       +XytDy77a9uUewjlhlVzKQV+4CZ58plxJd2ge0IvQagA5qW7/qr9QWd3h/cUWeuLb
23:55:57 172.21.9.195       +eg5iHd/uXS5LePz/jzUHgzuDrrfv2AfvPMLR4fv6lt6mg0I8P2Su5rBWXpP+zybf
23:55:57 172.21.9.195       +lj8CX+bt6ngxPIka8BOUwgfXfp4zwygB8YonpEV24dbgzeeT8cIJ9B67MNgprZjI
23:55:57 172.21.9.195       +un/0qHMo47sQxATRcqJIO3n/d/m1Rrd6b33T40xVXWvKu9SEoJ94ZbugGCkgR8LT
23:55:57 172.21.9.195       +3ir42GCFIJUahkR5ObLa9d4H5Mo1FyKsp9MqZ2p0xji4eBsNDJegiJnW+BIzuBaI
23:55:57 172.21.9.195       +io7kp9c8y+X1ew4MtRYsHaiaKybzINKHQeDNDgdKdno1bRSmuQ0pAa97bfgQRtNR
23:55:57 172.21.9.195       +4RbB9izjHrdz0FYzzSCCglUqwc4Fgc4Z/6gsIIl743MVJp6VKh8hOfQiE5JhzgxY
23:55:57 172.21.9.195       +vuGS0zrdyPEtEBTgIdMviCabgZZQCMseajFoOfNfKdtVYunAS6+X+b1Qby4WDcIV
23:55:57 172.21.9.195       +cde6FFvjvIM4HxS0OIob2ikXIltfIDoHli2QtsZa948QVrqGvqsfcQCjWcS8bVnb
23:55:57 172.21.9.195       +KLlyAI2kz675GFDmj+BKJomA4z2VW5yXtWFMeYmDYYTliE8EGBECAA8CGwwFAlt/
23:55:57 172.21.9.195       +FDoFCQ0Y9fcACgkQHMkfxhXTLvzPBwCgp38icsfj38GinpxMpGF02yxpemUAn1kr
23:55:57 172.21.9.195       +WbTIiN63dr6gdz7hoZJ7PFmJ
23:55:57 172.21.9.195       +=t1j7
23:55:57 172.21.9.195       +-----END PGP PUBLIC KEY BLOCK-----
23:55:57 172.21.9.195       - change mode from '' to '0644'
23:55:58 172.21.9.195     * execute[apt-key add /var/chef/cache/https___duo_com_APT-GPG-KEY-DUO] action run
23:55:58 172.21.9.195       - execute apt-key add /var/chef/cache/https___duo_com_APT-GPG-KEY-DUO
23:55:58 172.21.9.195     * execute[apt-cache gencaches] action run
23:55:58 172.21.9.195       - execute apt-cache gencaches
23:55:58 172.21.9.195     * execute[apt-cache gencaches] action nothing (skipped due to action :nothing)
23:55:58 172.21.9.195     * apt_update[duosecurity] action nothing (skipped due to action :nothing)
23:55:58 172.21.9.195     * file[/etc/apt/sources.list.d/duosecurity.list] action create
23:55:58 172.21.9.195       - create new file /etc/apt/sources.list.d/duosecurity.list
23:55:58 172.21.9.195       - update content in file /etc/apt/sources.list.d/duosecurity.list from none to cd6d7f
23:55:58 172.21.9.195       --- /etc/apt/sources.list.d/duosecurity.list	2020-04-13 23:55:58.401266322 +0000
23:55:58 172.21.9.195       +++ /etc/apt/sources.list.d/.chef-duosecurity20200413-6130-1aryy2a.list	2020-04-13 23:55:58.401266322 +0000
23:55:58 172.21.9.195       @@ -1 +1,2 @@
23:55:58 172.21.9.195       +deb      "http://pkg.duosecurity.com/Ubuntu" xenial main
23:55:58 172.21.9.195       - change mode from '' to '0644'
23:55:58 172.21.9.195       - change owner from '' to 'root'
23:55:58 172.21.9.195       - change group from '' to 'root'
23:55:59 172.21.9.195     * execute[apt-cache gencaches] action run
23:55:59 172.21.9.195       - execute apt-cache gencaches
23:55:59 172.21.9.195     * apt_update[duosecurity] action update
23:55:59 172.21.9.195       - force update new lists of packages
23:55:59 172.21.9.195       * directory[/var/lib/apt/periodic] action create (up to date)
23:55:59 172.21.9.195       * directory[/etc/apt/apt.conf.d] action create (up to date)
23:55:59 172.21.9.195       * file[/etc/apt/apt.conf.d/15update-stamp] action create_if_missing (up to date)
23:56:06 172.21.9.195       * execute[apt-get -q update] action run
23:56:06 172.21.9.195         - execute apt-get -q update
23:56:06 172.21.9.195     
23:56:06 172.21.9.195   
23:56:06 172.21.9.195   * apt_package[login-duo] action purge (up to date)
23:56:06 172.21.9.195   * apt_package[libpam-duo] action purge (up to date)
23:56:06 172.21.9.195   * apt_package[duo-unix] action upgrade
23:56:06 172.21.9.195     
23:56:06 172.21.9.195     ================================================================================
23:56:06 172.21.9.195     Error executing action `upgrade` on resource 'apt_package[duo-unix]'
23:56:06 172.21.9.195     ================================================================================
23:56:06 172.21.9.195     
23:56:06 172.21.9.195     Mixlib::ShellOut::ShellCommandFailed
23:56:06 172.21.9.195     ------------------------------------
23:56:06 172.21.9.195     Expected process to exit with [0], but received '100'
23:56:06 172.21.9.195     ---- Begin output of apt-get -q -y install duo-unix=1.11.3-0 ----
23:56:06 172.21.9.195     STDOUT: Reading package lists...
23:56:06 172.21.9.195     Building dependency tree...
23:56:06 172.21.9.195     Reading state information...
23:56:06 172.21.9.195     The following NEW packages will be installed:
23:56:06 172.21.9.195       duo-unix
23:56:06 172.21.9.195     0 upgraded, 1 newly installed, 0 to remove and 17 not upgraded.
23:56:06 172.21.9.195     Need to get 273 kB of archives.
23:56:06 172.21.9.195     After this operation, 728 kB of additional disk space will be used.
23:56:06 172.21.9.195     WARNING: The following packages cannot be authenticated!
23:56:06 172.21.9.195       duo-unix
23:56:06 172.21.9.195     STDERR: E: There were unauthenticated packages and -y was used without --allow-unauthenticated
23:56:06 172.21.9.195     ---- End output of apt-get -q -y install duo-unix=1.11.3-0 ----

Here are the repo keys the machine has after that:

$ sudo apt-key list
/etc/apt/trusted.gpg
--------------------
...
pub   1024D/15D32EFC 2013-09-05 [expires: 2020-08-22]
uid                  Duo Security Package Signing <[email protected]>
sub   4096g/AD7DC31D 2013-09-05 [expires: 2020-08-22]
...

And apt complains about the duosecurity repo:

$ sudo apt-get update
...
Fetched 110 kB in 1s (60.1 kB/s)
Reading package lists... Done
W: GPG error: http://pkg.duosecurity.com/Ubuntu xenial Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 01EF98E910448FDB
W: The repository 'http://pkg.duosecurity.com/Ubuntu xenial Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
...

Looking at the master branch I notice that it's downloading the key from a different URL than in version 1.4.1.

If I try to add this key manually, I can install the package:

$ curl https://duo.com/DUO-GPG-PUBLIC-KEY.asc -o /tmp/duo_key
$ sudo apt-key add /tmp/duo_key
$ sudo apt-key list
/etc/apt/trusted.gpg
--------------------
...
pub   1024D/15D32EFC 2013-09-05 [expires: 2020-08-22]
uid                  Duo Security Package Signing <[email protected]>
sub   4096g/AD7DC31D 2013-09-05 [expires: 2020-08-22]

pub   4096R/10448FDB 2019-10-30 [expires: 2024-10-28]
uid                  Duo Security Package Signing <[email protected]>
sub   4096R/0B4CD976 2019-10-30 [expires: 2024-10-28]
$ sudo apt-get update
...
$ sudo apt-get -q -y install duo-unix=1.11.3-0
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  duo-unix
0 upgraded, 1 newly installed, 0 to remove and 17 not upgraded.
Need to get 273 kB of archives.
After this operation, 728 kB of additional disk space will be used.
Get:1 http://pkg.duosecurity.com/Ubuntu xenial/main amd64 duo-unix amd64 1.11.3-0 [273 kB]
Fetched 273 kB in 0s (2,397 kB/s)
Selecting previously unselected package duo-unix.
(Reading database ... 109729 files and directories currently installed.)
Preparing to unpack .../duo-unix_1.11.3-0_amd64.deb ...
Unpacking duo-unix (1.11.3-0) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up duo-unix (1.11.3-0) ...
Processing triggers for libc-bin (2.23-0ubuntu11) ...

Am I missing something here?
Thanks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@simnyc