New GPG Keys

  • The GPG keys for signing the LiveConfig packages and repositories are replaced every three years for security reasons.
    From today, a new GPG key is used:


    Key name: LiveConfig Package Signer <pkgadmin@liveconfig.com>
    Key ID old: 08708961 (2048 bit, valid until 2017/11/05)
    Key ID new: 3A2B2840 (4096 bit, valid until 2020/09/19)


    The new key was already installed automatically with LiveConfig v2.5.0. For older installations, the key must be updated manually:


    Debian/Ubuntu:

    Code
    wget -O - https://www.liveconfig.com/liveconfig.key | apt-key add -


    CentOS/OpenSUSE:

    Code
    rpm --import https://www.liveconfig.com/liveconfig.key



    When not updating the key, you'll get an error message when trying to update LiveConfig packages - on Debian for example like this:

    Code
    W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repo.liveconfig.com main InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E73A23BF3A2B2840
    
    
    W: Failed to fetch http://repo.liveconfig.com/debian/dists/main/InRelease:
    W: Some index files failed to download. They have been ignored, or old ones used instead.
  • In spätere Debian/Ubuntu Versionen sieht man:

    Code
    Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8))


    ... und geht es dann doch mit:

    Code
    wget -O - https://www.liveconfig.com/liveconfig.key | gpg --dearmor - >/etc/apt/trusted.gpg.d/liveconfig.gpg

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!