Error Upgrading Modules: GPG Verify File check failed


(Corey Moullas) #1

Hi All,

I have performed a fresh install of RasPBX 21 and then set the timezone, changed root password and ran
raspbx-upgrade. This brought me to RasPBX 22. Once logged into FreePBX through the browser, when trying to run module upgrades, get the following error for each upgrade or new install:

Error(s) downloading ucp:
File Integrity failed for /var/www/html/admin/modules/_cache/ucp-13.0.31.tgz.gpg - aborting (GPG Verify File check failed)

If I then try to run the process again the following error appears:

unlink(/var/www/html/admin/modules/_cache/announcement-13.0.5.tgz.gpg): No such file or directory

  1. I have checked the /var/www/html/admin/modules/cache folder exists
  2. The second error can be fixed by deleting all the gpg files in this directory and then it goes back to the first
  3. When I switch to user asterisk and then run gpg --verify /var/www/html/admin/modules/cache/music-13.0.18.tgz.gpg it returns a good siganture then says gpg: Note: This key has expired!
  4. When running the date command the system retunrs the correct date
  5. When running hwclock --systohc it returns hwclock: Cannot access the Hardware Clock via any known method.

Any hints you can provide would be greatly appreciated. I only started using FreePBX about a month ago, but have a few installs in VMware, in the cloud and on a few other servers. It’s my first time trying RasPBX and I cross-posted this question on that forum as well. Hopefully somebody can point me in the right direction here.

Cheers


File Integrity Failed
(Bryan Walters) #2

The problem is that the gpg key on the system has expired. Please login to the server via ssh and run the following:

sudo -u asterisk gpg --refresh-keys --keyserver pool.sks-keyservers.net


File Integrity failed... framework-12.0.76.3.tgz.gpg
(Corey Moullas) #3

Thanks Bryan, this worked perfectly! Spent a day breaking my head over this yesterday. Very helpful.


#4

I just had the same problem no modules would update after new install of 6.12.65 so ran the command posted by Bryan then all modules except Framework upgraded. Framework failed:

File Integrity failed for /var/www/html/admin/modules/_cache/framework-12.0.76.3.tgz.gpg - aborting (Cause: Unable to download GPG key 3DDB2122FE6D84F7, or find /var/www/html/admin/libraries/BMO/3DDB2122FE6D84F7.key or /var/www/html/admin/libraries/BMO/FE6D84F7.key)

To be sure I ran the command again:

[root@localhost ~]# sudo -u asterisk gpg --refresh-keys --keyserver pool.sks-keyservers.net
gpg: refreshing 2 keys from hkp://pool.sks-keyservers.net
gpg: requesting key 69D2EAD9 from hkp server pool.sks-keyservers.net
gpg: requesting key B33B4659 from hkp server pool.sks-keyservers.net
gpg: key 69D2EAD9: “FreePBX Mirror 1 (Module Signing - 2014/2015) security@freepbx.org” not changed
gpg: key B33B4659: “FreePBX Module Signing (This is the master key to sign FreePBX Modules) modules@freepbx.org” not changed
gpg: Total number processed: 2
gpg: unchanged: 2

As you can see nothing changed. All suggestions welcomed.


#5

I have looked in /var/www/html/admin/libraries/BMO and the two files there are 86CE877469D2EAD9.key and 9F9169F4B33B4659.key. It seems to me that Framework is still expecting the old keys not the new ones. How can I resolve?


Module Update File Integrity failed
(Rob Thomas) #6

There’s something wrong with your machine. It should be automatically downloading the key as required.

However:

sudo -u asterisk gpg --keyserver pgp.mit.edu --recv-key 3DDB2122FE6D84F7

Will download and install the key


GPG Verify File check failed
#7

Perfect. Thanks for your help. It’s been a bit of a trial to sort this build out but now everything appears to be behaving normally so will get on with building the production system. Thanks again.


#8

When I try that command, I get

gpg: Fatal: can’t create directory `/home/asterisk/.gnupg’: No such file or directory.

Oh…, it is because there is no home directory for asterisk.


(Greg Snover) #9

This can also happen if the machine had it’s connection to the net interrupted (what I just found) but forcing the key download works perfectly - Thanks - as always an awesome community!

sudo -u asterisk gpg --refresh-keys --keyserver pool.sks-keyservers.net


#10

Kindly help me with this issue:

sudo -u asterisk gpg --refresh-keys --keyserver pool.sks-keyservers.net

gpg: Fatal: can’t create directory ‘/root/.gnupg’: Permission denied


(Dave Burgess) #11

‘asterisk’ doesn’t have write permission to /root


#12

Yes I see that but is it the right directory it should be updating/creating gpg keys in? Shouldn’t it be /home/asterisk?


(Dave Burgess) #13

cd to /home/asterisk first to see if that helps. I’m not sure why the sudo isn’t setting the $HOME directory for the asterisk user to the right directory. Read through the rest of the message chain and make sure the rest of the issues identified aren’t messing with you.


#14

Yes I checked this thread thoroughly but I’m still stuck at:
**
–keyserver pgp.mit.edu --recv-key 9F9169F4B33B4659
gpg: WARNING: unsafe permissions on homedir '/home/asterisk/.gnupg’
gpg: key 9F9169F4B33B4659: “FreePBX Module Signing (This is the master key to sign FreePBX Modules) modules@freepbx.org” not changed
gpg: Total number processed: 1
gpg: unchanged: 1**

Seems no end soon to my miseries


(Dave Burgess) #15

ls -ald /home/asterisk
ls -ald /home/asterisk/.gnupg
ls -ald /home

Let us know what you get. As a guess, at least one of those has hosed permissions.


#16

ls -ald /home/asterisk
drwxr-xr-x 3 asterisk asterisk 4096 Jul 18 18:17 /home/asterisk

ls -ald /home/asterisk/.gnupg
drwxr-xr-x 4 asterisk asterisk 4096 Jul 18 18:28 /home/asterisk/.gnupg

~$ ls -ald /home
drwxr-xr-x 3 root root 4096 Jul 18 06:36 /home

(Executed all these commands in asterisk user)


#17

chmod -R 600 /home/asterisk/.gnupg


#18

gpg --refresh-keys --keyserver pool.sks-keyser vers.net
gpg: failed to create temporary file ‘/home/asterisk/.gnupg/.#lk0x000055ee568058b0.ubuntu.16304’: Permission denied
gpg: keyblock resource ‘/home/asterisk/.gnupg/pubring.kbx’: Permission denied


#19

You would have to run that as asterisk

permission 600 , only the owner (asterisk) can read or write to that directory, that is the “safe” thing.


#20

asterisk@ubuntu:~$ chmod -R 600 /home/asterisk/.gnupg
chmod: cannot access ‘/home/asterisk/.gnupg/pubring.kbx’: Permission denied
chmod: cannot access ‘/home/asterisk/.gnupg/private-keys-v1.d’: Permission denied
chmod: cannot access ‘/home/asterisk/.gnupg/random_seed’: Permission denied
chmod: cannot access ‘/home/asterisk/.gnupg/crls.d’: Permission denied
chmod: cannot access ‘/home/asterisk/.gnupg/pubring.kbx~’: Permission denied
chmod: cannot access ‘/home/asterisk/.gnupg/S.dirmngr’: Permission denied
chmod: cannot access ‘/home/asterisk/.gnupg/trustdb.gpg’: Permission denied