/srv/irclogs.ubuntu.com/2025/01/16/#ubuntu-security.txt

RikMillsLP: #2095004 after rsync update05:10
-ubottu:#ubuntu-security- Launchpad bug 2095004 in rsync (Ubuntu) "Internal hashtable error: illegal key supplied!" [Undecided, Confirmed] https://launchpad.net/bugs/209500405:10
JackFrostDebian #109316005:20
-ubottu:#ubuntu-security- Debian bug 1093160 in rsync "rsync: failed verification -- update discarded" [Grave, Open] https://bugs.debian.org/109316005:20
=== steve2 is now known as Steeve
oerhekshi, how do i file a bugreport against Jammy/E: The repository 'https://esm.ubuntu.com/apps/ubuntu jammy-apps-security Release' is no longer signed.22:15
oerheksubuntu-advantage-tools?22:16
sarnoldoerheks: the https://esm.ubuntu.com/apps/ubuntu/dists/jammy-apps-security/InRelease that I just downloaded now was signed by E8A443CE358113D187BEE0E6AB01A101DB53907B -- this key is in /usr/share/keyrings/ubuntu-pro-esm-apps.gpg which is provided by ubuntu-pro-client -- are these the same things you're seeing?23:00
oerheksit is fixed not, sarnold 23:00
sarnoldah! yay23:00
oerheksc/not/now23:00
oerheksjust a glitch?23:01
oerheksfor some minutes?23:01
sarnoldI wonder what would have caused that :/23:01
sarnoldhttps should protect against the silliest causes of errors23:02
sarnoldoerheks: hmm.. maybe check dmesg, maybe there's segfaults in there or block storage errors? I'm not sure how exactly this would have worked well enough to get you the files, but then give you files that fail..23:05
oerhekshow do i get my key print?23:06
sarnoldoerheks: something like this:23:12
sarnold$ gpg --verify /var/lib/apt/lists/esm.ubuntu.com_apps_ubuntu_dists_focal-apps-security_InRelease 23:13
sarnoldgpg: Signature made Thu Jan 16 04:13:10 2025 UTC23:13
sarnoldgpg:                using RSA key E8A443CE358113D187BEE0E6AB01A101DB53907B23:13
sarnoldgpg: Can't check signature: No public key23:13
sarnoldbut probably /var/lib/apt/lists/esm.ubuntu.com_apps_ubuntu_dists_jammy-apps-security_InRelease23:13
oerheksgpg --verify /var/lib/apt/lists/esm.ubuntu.com_apps_ubuntu_dists_jammy-apps-security_InRelease 23:14
oerheksgpg: Signature made do 16 jan 2025 23:13:20 CET23:14
oerheksgpg:                using RSA key E8A443CE358113D187BEE0E6AB01A101DB53907B23:14
oerheksgpg: Can't check signature: No public key23:14
oerhekssame23:14
oerheks just to check, thanks23:14
sarnoldoh yeah, and to actually validate it, rather than just find out what key signed it :)23:16
sarnoldgpg --keyring /usr/share/keyrings/ubuntu-pro-esm-apps.gpg --verify /var/lib/apt/lists/esm.ubuntu.com_apps_ubuntu_dists_focal-apps-security_InRelease23:16
oerheksjammy23:17
oerheksgpg --keyring /usr/share/keyrings/ubuntu-pro-esm-apps.gpg --verify /var/lib/apt/lists/esm.ubuntu.com_apps_ubuntu_dists_jammy-apps-security_InRelease23:17
oerheksgpg: Signature made do 16 jan 2025 23:13:20 CET23:17
oerheksgpg:                using RSA key E8A443CE358113D187BEE0E6AB01A101DB53907B23:17
oerheksgpg: Good signature from "Ubuntu Apps Automatic Signing Key <esm@canonical.com>" [unknown]23:17
oerheksgpg: WARNING: This key is not certified with a trusted signature!23:17
oerheksgpg:          There is no indication that the signature belongs to the owner.23:17
oerheksPrimary key fingerprint: E8A4 43CE 3581 13D1 87BE  E0E6 AB01 A101 DB53 907B23:17
oerhekssome warnings, should i be concerned?23:18
sarnoldnah, that just means you haven't marked any of the keys that sign this one as "trusted"23:19
oerheksoh23:19
sarnoldI might have published signatures on some of our keys just so I could silence these things for myself :) but it's really no big deal, so long as you know you received the key from a trusted source23:20
oerheksit is an old discussion, how to trust the keys on your iso?23:21
oerheksas basis23:21
sarnoldbingo23:21
oerheksubuntu core did something right23:21
oerheksregister..23:21
oerheksthen https does not matter anymore23:22
JanCI assume the keys are signed by various people23:43
JanCat least the old release keys used to be?23:45

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!