Error Upgrading Modules: GPG Verify File check failed

emaktech · 2020-02-01 19:24:31 UTC

Hi All,

I have performed a fresh install of RasPBX 21 and then set the timezone, changed root password and ran
raspbx-upgrade. This brought me to RasPBX 22. Once logged into FreePBX through the browser, when trying to run module upgrades, get the following error for each upgrade or new install:

Error(s) downloading ucp:
File Integrity failed for /var/www/html/admin/modules/_cache/ucp-13.0.31.tgz.gpg - aborting (GPG Verify File check failed)

If I then try to run the process again the following error appears:

unlink(/var/www/html/admin/modules/_cache/announcement-13.0.5.tgz.gpg): No such file or directory

I have checked the /var/www/html/admin/modules/cache folder exists
The second error can be fixed by deleting all the gpg files in this directory and then it goes back to the first
When I switch to user asterisk and then run gpg --verify /var/www/html/admin/modules/cache/music-13.0.18.tgz.gpg it returns a good siganture then says gpg: Note: This key has expired!
When running the date command the system retunrs the correct date
When running hwclock --systohc it returns hwclock: Cannot access the Hardware Clock via any known method.

Any hints you can provide would be greatly appreciated. I only started using FreePBX about a month ago, but have a few installs in VMware, in the cloud and on a few other servers. It’s my first time trying RasPBX and I cross-posted this question on that forum as well. Hopefully somebody can point me in the right direction here.

Cheers

GameGamer43 · 2016-06-09 18:19:17 UTC

The problem is that the gpg key on the system has expired. Please login to the server via ssh and run the following:

sudo -u asterisk gpg --refresh-keys --keyserver pool.sks-keyservers.net

emaktech · 2016-06-09 18:03:04 UTC

Thanks Bryan, this worked perfectly! Spent a day breaking my head over this yesterday. Very helpful.

stonet · 2016-06-14 05:40:57 UTC

I just had the same problem no modules would update after new install of 6.12.65 so ran the command posted by Bryan then all modules except Framework upgraded. Framework failed:

File Integrity failed for /var/www/html/admin/modules/_cache/framework-12.0.76.3.tgz.gpg - aborting (Cause: Unable to download GPG key 3DDB2122FE6D84F7, or find /var/www/html/admin/libraries/BMO/3DDB2122FE6D84F7.key or /var/www/html/admin/libraries/BMO/FE6D84F7.key)

To be sure I ran the command again:

[root@localhost ~]# sudo -u asterisk gpg --refresh-keys --keyserver pool.sks-keyservers.net
gpg: refreshing 2 keys from hkp://pool.sks-keyservers.net
gpg: requesting key 69D2EAD9 from hkp server pool.sks-keyservers.net
gpg: requesting key B33B4659 from hkp server pool.sks-keyservers.net
gpg: key 69D2EAD9: “FreePBX Mirror 1 (Module Signing - 2014/2015) security@freepbx.org” not changed
gpg: key B33B4659: “FreePBX Module Signing (This is the master key to sign FreePBX Modules) modules@freepbx.org” not changed
gpg: Total number processed: 2
gpg: unchanged: 2

As you can see nothing changed. All suggestions welcomed.

stonet · 2016-06-14 13:57:47 UTC

I have looked in /var/www/html/admin/libraries/BMO and the two files there are 86CE877469D2EAD9.key and 9F9169F4B33B4659.key. It seems to me that Framework is still expecting the old keys not the new ones. How can I resolve?

xrobau · 2016-06-14 18:37:02 UTC

There’s something wrong with your machine. It should be automatically downloading the key as required.

However:

sudo -u asterisk gpg --keyserver pgp.mit.edu --recv-key 3DDB2122FE6D84F7

Will download and install the key

stonet · 2016-06-14 21:54:04 UTC

Perfect. Thanks for your help. It’s been a bit of a trial to sort this build out but now everything appears to be behaving normally so will get on with building the production system. Thanks again.

GeekBoy · 2016-06-17 17:00:19 UTC

When I try that command, I get

gpg: Fatal: can’t create directory `/home/asterisk/.gnupg’: No such file or directory.

Oh…, it is because there is no home directory for asterisk.

GSnover · 2016-06-21 20:08:12 UTC

This can also happen if the machine had it’s connection to the net interrupted (what I just found) but forcing the key download works perfectly - Thanks - as always an awesome community!

sudo -u asterisk gpg --refresh-keys --keyserver pool.sks-keyservers.net

therobust · 2017-07-18 16:58:58 UTC

Kindly help me with this issue:

sudo -u asterisk gpg --refresh-keys --keyserver pool.sks-keyservers.net

gpg: Fatal: can’t create directory ‘/root/.gnupg’: Permission denied

cynjut · 2017-07-18 17:39:52 UTC

‘asterisk’ doesn’t have write permission to /root

therobust · 2017-07-18 17:47:33 UTC

Yes I see that but is it the right directory it should be updating/creating gpg keys in? Shouldn’t it be /home/asterisk?

cynjut · 2017-07-18 17:54:44 UTC

cd to /home/asterisk first to see if that helps. I’m not sure why the sudo isn’t setting the $HOME directory for the asterisk user to the right directory. Read through the rest of the message chain and make sure the rest of the issues identified aren’t messing with you.

therobust · 2017-07-18 19:01:45 UTC

Yes I checked this thread thoroughly but I’m still stuck at:
**
–keyserver pgp.mit.edu --recv-key 9F9169F4B33B4659
gpg: WARNING: unsafe permissions on homedir '/home/asterisk/.gnupg’
gpg: key 9F9169F4B33B4659: “FreePBX Module Signing (This is the master key to sign FreePBX Modules) modules@freepbx.org” not changed
gpg: Total number processed: 1
gpg: unchanged: 1**

Seems no end soon to my miseries

cynjut · 2017-07-18 19:34:22 UTC

ls -ald /home/asterisk
ls -ald /home/asterisk/.gnupg
ls -ald /home

Let us know what you get. As a guess, at least one of those has hosed permissions.

therobust · 2017-07-19 04:29:12 UTC

ls -ald /home/asterisk
drwxr-xr-x 3 asterisk asterisk 4096 Jul 18 18:17 /home/asterisk

ls -ald /home/asterisk/.gnupg
drwxr-xr-x 4 asterisk asterisk 4096 Jul 18 18:28 /home/asterisk/.gnupg

~$ ls -ald /home
drwxr-xr-x 3 root root 4096 Jul 18 06:36 /home

(Executed all these commands in asterisk user)

dicko · 2017-07-19 04:36:02 UTC

chmod -R 600 /home/asterisk/.gnupg

therobust · 2017-07-19 04:49:35 UTC

gpg --refresh-keys --keyserver pool.sks-keyser vers.net
gpg: failed to create temporary file ‘/home/asterisk/.gnupg/.#lk0x000055ee568058b0.ubuntu.16304’: Permission denied
gpg: keyblock resource ‘/home/asterisk/.gnupg/pubring.kbx’: Permission denied

dicko · 2017-07-19 05:00:29 UTC

You would have to run that as asterisk

permission 600 , only the owner (asterisk) can read or write to that directory, that is the “safe” thing.

therobust · 2017-07-19 05:06:09 UTC

asterisk@ubuntu:~$ chmod -R 600 /home/asterisk/.gnupg
chmod: cannot access ‘/home/asterisk/.gnupg/pubring.kbx’: Permission denied
chmod: cannot access ‘/home/asterisk/.gnupg/private-keys-v1.d’: Permission denied
chmod: cannot access ‘/home/asterisk/.gnupg/random_seed’: Permission denied
chmod: cannot access ‘/home/asterisk/.gnupg/crls.d’: Permission denied
chmod: cannot access ‘/home/asterisk/.gnupg/pubring.kbx~’: Permission denied
chmod: cannot access ‘/home/asterisk/.gnupg/S.dirmngr’: Permission denied
chmod: cannot access ‘/home/asterisk/.gnupg/trustdb.gpg’: Permission denied