3rd party module signing


#1

Have there been any changes that would affect signing of 3rd party modules? I have two PBXs both running 15.0.16.73 on identical CentOS 8 boxes. The one most recently installed refuses to acknowledge that my modules are signed. Have tried fwconsole ma refreshsignatures and it just tells me “Signature Invalid Could not find signed module on remote server!”


(TheWebMachine Networks (Sangoma Software Development Partner)) #2

Which module(s) are showing unsigned? Are these self-signed with an imported cert or is your cert signed by Sangoma for distribution…or are we talking about someone else’s 3rd party module(s)?


#3

They’re signed with my own key, which is signed by FreePBX. As I said, it’s working fine on all my other PBXs, just the one I installed last week is a problem.


(Franck Danard) #4

Hi

Have you tried to update your system with yum update?
Why not update devtools.

Just an idea like that.


#5

I can’t see what updating my system would do, since it’s only my self-signed modules that are affected. But this was installed last week, and is fully updated. Not sure what “devtools” is; as I said I’m running CentOS 8.

If I run sudo -u asterisk gpg --list-keys on the new PBX, my key is not listed. But it is present on the PBX installed in July (and all the others before that.) It was not added manually, but I’ll try that on the new PBX and see what happens.

I also notice my key EE024B99 is trusted by FreePBX’s B33B4659, but not by the newer 6BD35B34. Could this be a problem?


#6

So I ran sudo -u asterisk gpg --keyserver pool.sks-keyservers.net --recv-keys EE024B99 and now it works fine. I’ve never manually added the key before, it’s always done (I presume) when the signed modules are installed via URL.


(Franck Danard) #7

Great.

I don’t know about Centos 8 and FreePBX.
I know some gpg stuff is updated with distro update.

https://wiki.freepbx.org/display/FOP/Signing+your+own+modules