I'm working with linux gnuPG. It looks like at some point I received a public key without a UID. I've since receaved a new key, with uid, but the original key can not be deleted from the chain. Further more when trying to restore keys from a backup it fails at this key.
$ gpg --delete-keys D7FA4AC2
gpg (GnuPG) 2.0.22; Copyright ...
Fatal error: Invalid argument
Aborted
$gpg --list-keys --keyid-format long D7FAC2
pub 2048/83191D...
uid
sub 2048R/E1387...
$gpg --delete-key 83191D...
gpg (GnuPG) 2.0.22; Copyright ...
Fatal error: Invalid argument
Aborted
Related
I'm trying to install Terraform on Ubuntu with:
https://developer.hashicorp.com/terraform/tutorials/docker-get-started/install-cli
When trying to verify Hashicorp's GPG signing key I see this command
gpg --no-default-keyring \
--keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \
--fingerprint
should have the expected output of
/usr/share/keyrings/hashicorp-archive-keyring.gpg
-------------------------------------------------
pub rsa4096 2020-05-07 [SC]
E8A0 32E0 94D8 EB4E A189 D270 DA41 8C88 A321 9F7B
uid [ unknown] HashiCorp Security (HashiCorp Package Signing) <security+packaging#hashicorp.com>
sub rsa4096 2020-05-07 [E]
as of the posting of this question. This also matches Hashicorp's Security page under the heading Linux Package Checksum Verification.
However, I see a new key created 2023-01-10 instead:
/usr/share/keyrings/hashicorp-archive-keyring.gpg
-------------------------------------------------
pub rsa4096 2023-01-10 [SC] [expires: 2028-01-09]
798A EC65 4E5C 1542 8C8E 42EE AA16 FCBC A621 E701
uid [ unknown] HashiCorp Security (HashiCorp Package Signing) <security+packaging#hashicorp.com>
sub rsa4096 2023-01-10 [S] [expires: 2028-01-09]
Am I correct in not trusting this key, as until Hashicorp fixes their documentation, this could be a compromised key?
HashiCorp has rotated its main signing keys this week.
The updated key, along with a note confirming the change of key, is now in the Official Packaging Guide document.
I am building a SLURM multi-cluster setup, with a slurmdbd hosted on-premises and a slurmctld node in Oracle Cloud. The slurmctld is able to connect to the slurmdbd, but receives this error message when I try to connect to the database in any way:
sacct: error: slurm_persist_conn_open: Something happened with the receiving/processing of the persistent connection init message to <IP_ADDRESS>: Failed to unpack SLURM_PERSIST_INIT message
sacct: error: slurmdbd: Sending PersistInit msg: No error
JobID JobName Partition Account AllocCPUS State ExitCode
------------ ---------- ---------- ---------- ---------- ---------- --------
sacct: error: slurm_persist_conn_open: Something happened with the receiving/processing of the persistent connection init message to <IP_ADDRESS>: Failed to unpack SLURM_PERSIST_INIT message
sacct: error: slurmdbd: Sending PersistInit msg: No error
sacct: error: slurmdbd: DBD_GET_JOBS_COND failure: Unspecified error
Looking at the /var/log/slurm/slurmdbd.log file on my slurmdbd cluster, it records this error:
[2022-03-11T08:29:47.541] error: Munge decode failed: Invalid credential
[2022-03-11T08:29:47.541] auth/munge: _print_cred: ENCODED: Wed Dec 31 19:00:00 1969
[2022-03-11T08:29:47.541] auth/munge: _print_cred: DECODED: Wed Dec 31 19:00:00 1969
[2022-03-11T08:29:47.541] error: slurm_unpack_received_msg: auth_g_verify: REQUEST_PERSIST_INIT has authentication error: Unspecified error
[2022-03-11T08:29:47.541] error: slurm_unpack_received_msg: Protocol authentication error
[2022-03-11T08:29:47.551] error: CONN:10 Failed to unpack SLURM_PERSIST_INIT message
To ensure that my credentials are valid, I have copied the slurmdbd's MUNGE key to the slurmctld via SCP, ensured that the UID and GID of the slurm and munge users on all nodes are identical, and made sure that the clocks are all in sync. When I munge and unmunge on either server, it successfully decodes the encrypted message. However, when I try to authenticate the credential from one server to the other using the echo foo | ssh user#server munge | unmunge command, it gives me a response of unmunge: error: invalid credential. What could I be doing to still receive this response? What should I do to make sure that my credential is valid?
I'm trying to build a Docker image, based on ubuntu:20.04, with R and bookdown with PDF support. But I'm getting ERROR: cannot verify yihui.org's certificate [...] with tinytex::install_tinytex():
> tinytex::install_tinytex()
trying URL 'https://yihui.org/tinytex/TinyTeX-1.tar.gz'
trying URL 'https://yihui.org/tinytex/TinyTeX-1.tar.gz'
--2020-11-23 09:19:05-- https://yihui.org/tinytex/TinyTeX-1.tar.gz
Resolving yihui.org (yihui.org)... 167.99.129.42, 134.209.226.211
Connecting to yihui.org (yihui.org)|167.99.129.42|:443... connected.
ERROR: cannot verify yihui.org's certificate, issued by 'CN=SSL-SG1-GROBU,OU=Operations,O=Cloud Services,C=US':
Unable to locally verify the issuer's authority.
To connect to yihui.org insecurely, use `--no-check-certificate'.
Error in download.file(url, output, ..., method = method) :
'wget' call had nonzero exit status
Calls: <Anonymous> ... download_file -> <Anonymous> -> download -> download.file
In addition: Warning messages:
1: In download.file(url, output, ..., method = method) :
URL 'https://yihui.org/tinytex/TinyTeX-1.tar.gz': status was 'SSL peer certificate or SSH remote key was not OK'
2: In download.file(url, output, ..., method = method) :
URL 'https://yihui.org/tinytex/TinyTeX-1.tar.gz': status was 'SSL peer certificate or SSH remote key was not OK'
You may have to restart your system after installing TinyTeX to make sure ~/bin appears in your PATH variable (https://github.com/yihui/tinytex/issues/16).
Execution halted
I need to find a way to verify and trust the certificate chain from yihui.org, as I'm not allowed to bypass the verification with --no-check-certificate.
Thanks in advance for any hint!
Mihai
The default docker image has no certificates installed, therefore there are also no root certificates. That is what is indicated by the error message Unable to locally verify the issuer's authority. You can obtain the root certificates from the package ca-certificates (install it via apt-get).
I am trying to initialize fabric-ca following its user guide using this config file but when executing the following command:
fabric-ca-server init --cafiles fabric-ca-server-config.yaml
I am getting the following error:
2018/11/12 22:59:45 [DEBUG] Intializing nonce manager for issuer 'undercroft'
2018/11/12 22:59:45 [DEBUG] Closing server DBs
2018/11/12 22:59:45 [FATAL] Initialization failure: CA name 'undercroft' is used in '/home/paradox/hyperledger/fabric/undercroft/fabric-ca/server/fabric-ca-server-config.yaml' and '/home/paradox/hyperledger/fabric/undercroft/fabric-ca/server/fabric-ca-server-config.yaml'
While I am getting this error if I am using the command line flags of fabric-ca-server I am successfully able to initialize and launch the
This is the full error log
As of now the --cafiles flag is only used when there are multiple CAs, in case of a single ca it will only use the config file at the $FABRIC_CA_SERVER_HOME directory.
Have you try if you change the CN of the fabric-ca-server ? or change the name of the CA ?
Am Trying to build a debian package from source, it signs the package once the source builds.
Am able to build package on my desktop but same package build is failing on my VNC session which is the same desktop.
success on desktop:
----------
Now signing changes and any dsc files...
signfile <file1>.changes info#abc.com
gpg: key 9F54A1B3: secret key without public key - skipped
Successfully signed changes file
---------------------------
Error on VNC:
----------
Now signing changes and any dsc files...
signfile <file1>.changes info#abc.com
gpg: key 9F54A1B3: secret key without public key - skipped
gpg: problem with the agent - disabling agent use
debsign: gpg --no-tty --passphrase tigris error occurred! Aborting....
debuild: fatal error at line 1283:
running debsign failed
Do I need to add anything to the keyring may be. Here is the gpg key list
root#vdeore:/home/vdeore/ws/VCA# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024R/A3888BE1 2015-01-15
uid vdeore <info#abc.com>
sub 1024R/9965A356 2015-01-15
pub 1024R/EAE69D3A 2015-01-15
uid abc <info#abc.com>
sub 1024R/79C683AB 2015-01-15
Tried generating key on VNC, but it did not make any difference.
Any suggestions ? Appreciate the help, thanks in advance.