FreePBX 14 Installer (Class 'FreePBX\Install\PDO')

When the installer ends up getting to “Trusting FreePBX…Trusted” (as displayed in the ‘No improvement’ log provided above), the downloads that follow still receive “File Integrity failed”.

I understand that. If I manually retrieve and install the proper GPG key from BEFORE running the installer, there are NO problems. If I manually retrieve and install the proper GPG key from AFTER running the installer, all the existing problems are corrected. It certainly appears there is some kind of problem with your retrieval/installation of the GPG key when installing on Debian 9.

C’mon Andrew, you know what I meant. You also know that I’m fully aware that Framework, Core, etc. are part of the ‘bare minimum’.

Playing word games isn’t going to solve anything. If you don’t want to pursue this problem, I can’t force you.

I’ve put a bandaid on the problem by retrieving/installing the proper GPG key after Asterisk is installed and before the FreePBX installer is launched. If the key ever changes without the problem being fixed, a key refresh will obviously be necessary.

No I didn’t.

If I didn’t want to pursue I wouldn’t be here.

This wasn’t really made clear.

The way this works is that everything is done through the asterisk user with complex fopen commands and can be different on different systems. I will need a debian 9 system to login to so I will have to go spin one up.

I really can’t provide you with commands to run and check as the code in that area is particularly complex.

This will also be a problem for third party module distributors who have signed their own keys and then want to put modules onto your PIs using Debian 9 the modules will always show tampered.

So let’s try to figure this out.

@reraikes what commands are you running to add the GPG key yourself?

apt-get -y install dirmngr
sudo -u asterisk gpg --refresh-keys --keyserver

Interesting. With that command you aren’t pulling down our key. You are just refreshing keys. The keys might not even exist.

Instead of running sudo why don’t you use su to switch into the user account.

I’m assuming you’re suggesting I run:

su asterisk
gpg --refresh-keys --keyserver

instead of:

sudo -u asterisk gpg --refresh-keys --keyserver

FWIW, Asterisk 13 behaves the same as Asterisk 14. The interesting difference is that the Asterisk 13 installer has no base modules with dependencies that require downloading.

There doesn’t appear to be any difference running:

su asterisk
gpg --refresh-keys --keyserver

instead of:

sudo -u asterisk gpg --refresh-keys --keyserver

But you said that doesnt matter because even if it gets to Trusting the key it still fails afterwards right?

All I was saying is that everything that’s been stated about Asterisk 14 also applies to and occurs with Asterisk 13.

With the current FreePBX installers, GPG failures abort the current operation and go onto the next phase. Regardless of the number of failures/aborted operations,

Trusting FreePBX…Trusted
You have successfully installed FreePBX

is ultimately displayed, but successfully installed base modules are flagged as ‘tampered’.

Without manual intervention regarding the GPG key, all module downloads fail GPG verification on Debian 9.

If I run ‘gpg --refresh-keys --keyserver’ before running the FreePBX installer, all is well on Debian 9.

My point is running refresh keys before freepbx is install means you are refreshing nothing. I have a feeling that the directories aren’t being created for gpg until you run those commands and they fail otherwise. Will have to keep dogging.