GPG key errors for https://oss-binaries.phusionpassenger.com precise BADSIG 561F9B9CAC40B2F7

[spovich]

I have a precise64 box where 'apt-get update' is producing the following error:

GPG error: https://oss-binaries.phusionpassenger.com precise Release: The following signatures were invalid: BADSIG 561F9B9CAC40B2F7 Phusion Automated Software Signing (Used by automated tools to sign software packages) <auto-softw...@phusion.nl>

I ran the following prior (as per http://blog.phusion.nl/2013/09/11/debian-and-ubuntu-packages-for-phusion-passenger/): 

gpg --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7

gpg --armor --export 561F9B9CAC40B2F7 | sudo apt-key add

And 'sudo apt-key list' gives a list that includes

pub   4096R/AC40B2F7 2013-06-30

uid                  Phusion Automated Software Signing (Used by automated tools to sign software packages) <auto-softw...@phusion.nl>

sub   4096R/4DB76CB6 2013-06-30

I've done 'sudo apt-key del AC40B2F7' and verified that apt-key list is clean, then re-run this but getting the same error.

Any idea if the problem is on my server or upstream?

Thanks!

[spovich]

I also tried the steps outlined here http://www.ubuntugeek.com/how-to-fix-the-ubuntu-gpg-error-badsig.html which reset  the apt-get list directory/db but same error.

On Sunday, October 20, 2013 12:08:56 AM UTC-7, spovich wrote:

I have a precise64 box where 'apt-get update' is producing the following error:

GPG error: https://oss-binaries.phusionpassenger.com precise Release: The following signatures were invalid: BADSIG 561F9B9CAC40B2F7 Phusion Automated Software Signing (Used by automated tools to sign software packages) <auto-software-signing@phusion.nl>

I ran the following prior (as per http://blog.phusion.nl/2013/09/11/debian-and-ubuntu-packages-for-phusion-passenger/): 

gpg --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7

gpg --armor --export 561F9B9CAC40B2F7 | sudo apt-key add

And 'sudo apt-key list' gives a list that includes

pub   4096R/AC40B2F7 2013-06-30

uid                  Phusion Automated Software Signing (Used by automated tools to sign software packages) <auto-software-signing@phusion.nl>

sub   4096R/4DB76CB6 2013-06-30

[spike grobstein]

I'm having the exact same issue. It suddenly started a couple days ago, where about a week ago, the error didn't exist.

I believe it's something happening on phusion's side where they didn't sign something properly, but since I don't know a ton about how apt signs repositories, that's just a wild-assed-guess.

...spike

[Hongli Lai]

We uploaded some new packages, but maybe something went wrong during
signing. I've regenerated the signatures now. Does this help?

> --
> You received this message because you are subscribed to the Google Groups
> "Phusion Passenger Discussions" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to phusion-passen...@googlegroups.com.
> To post to this group, send email to phusion-...@googlegroups.com.
> Visit this group at http://groups.google.com/group/phusion-passenger.
> For more options, visit https://groups.google.com/groups/opt_out.



--
Phusion | Ruby & Rails deployment, scaling and tuning solutions

Web: http://www.phusion.nl/
E-mail: in...@phusion.nl
Chamber of commerce no: 08173483 (The Netherlands)

[spovich]

Yep, that fixed it for me.  Thank you!