Modules GPG signed by invalid key or key missing

Greetings everyone:

After install I keep getting GPG warnings of Modules either not being signed or signed by invalid key.

I’ve done the following to try to remedy the problem:

  • Check server time, its fine.

  • gpg --verified the files.

gpg --verify callrecording-13.0.9.tgz.gpg
gpg: Signature made Fri 15 Jan 2016 09:39:31 AM CST using RSA key ID 69D2EAD9
gpg: requesting key 69D2EAD9 from hkp server keys.pgp.com
gpg: keyserver timed out
gpg: Can’t check signature: No public key

I did some digging and discovered the key used for signing belonging to [email protected] was expired on several servers. However, I did find the non-expired one on ubuntus server and successfully imported it.

I hope this helps others that have run into this issue.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.5
Comment: Hostname: keyserver.ubuntu.com

mI0EViU6xAEEAMOjgK1zhbmXe7qBXQGvNQGoNmEQz4ap0UcHaTxOrbslZiHk1i3zVbYMqvWp
zTl9wIV8ozb2oXPZTq+9cSlzMmU1XmbNdJN8MbU3QrycKjRDkB5jde6EjRzfhLWc8oI/MNB6
sAmueFgFbyuPXL/hsr+0ZMlY762Kz/esUb+EX3OtABEBAAG0Q0ZyZWVQQlggVGVzdCBLZXkg
MSAoVGhpcyBpcyBhbiB1bnNpZ25lZCBrZXkpIDxzZWN1cml0eUBmcmVlcGJ4Lm9yZz6IuAQT
AQIAIgUCViU6xAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQQFiCZninn8RkLwQA
vZEh6tPHWisw3EriQgteEX7CuJaJSJNwWXEEbyh5ZYp9+yIvM1LdrE8g7Q+v4DJ+mY3srbpJ
JwSVNp5M6UosNZOY6Uw1zIwbI14uwJneuxzqQ5rYVhjVvtn+kvwuBxgHqeTD3A0tw2eef3om
jG+N8sb/acMUhUM9YF5UO1713dW4jQRWJTrEAQQAynR3cuS58o99xxe1MrdOFwpl+4xroXi5
PfVjNxXnc03QIClnWth4umm686sZtFgKtPrLScOg4l8dwm0D1mLzxzBj14msdxFrJtA3mCp1
G3i+l09l8BYLn5JHc20kCYpMKLJuKB5zcF/s7efEKH2QyppcgVC4jU6aNa+mE12uawUAEQEA
AYifBBgBAgAJBQJWJTrEAhsMAAoJEEBYgmZ4p5/EW3kD/3c9ubsWkFbNHMJXEae3OqBIYnzR
b7iNDL6M02VjjhyeyBGw68uVmdYSRnyjaK5NJosAjdn5tk+jtW3pmqm+BjTlwnZW2BhduNpQ
GAlG5nwU3FFwnj+MCE/3XDYGx5n32QfdFHTkvSX3xZD6vG32AgOCH2fr3JvGpJEPZZdrLaEW
=YC4z
-----END PGP PUBLIC KEY BLOCK-----

Will update this posts if it corrects my issues.

Well, I see the correct public key in now on my keychain… but now this:

OK, I just checked user asterisk and see an entirely different key for module signing that was imported???
bash-4.2$ gpg --list-keys
/var/lib/asterisk/.gnupg/pubring.gpg

pub 4096R/B33B4659 2014-04-30 [expires: 2017-04-29]
uid [ultimate] FreePBX Module Signing (This is the master key to sign FreePBX Modules) <[email protected] org>
sub 4096R/5C2FE148 2014-04-30 [expires: 2017-04-29]

bash-4.2$ whoami
asterisk
bash-4.2$

I corrected the overall issue by noticing that user asterisk did not have a gpg.conf file in /var/lib/astertisk/.gnupg. As root I copied /root/.gnupg/gpg.conf to /var/lib/asterisk/.gnupg/ the ran gpg --refresh-keys.

I then went back to root and executed “amportal a ma refreshsignatures”

Golden!

1 Like