none
How to update a Linux (Ubuntu) DSVM - apt keyexpired RRS feed

  • Question

  • Hi,

    I'm working on getting Azure Update Management working against a number of Linux DSVMs. Some of this was to do with firewalling so I've worked through the process with our engineer to whitelist the correct download URLs etc.

    Downloads now appear to be fine but the update process is failing and when I look at the logs it complains about signatures on tensorflow-serving-apt i.e. 

    Ign:25 http://storage.googleapis.com/tensorflow-serving-apt stable InRelease
    Get:26 http://storage.googleapis.com/tensorflow-serving-apt stable Release [2,144 B]
    Get:27 http://storage.googleapis.com/tensorflow-serving-apt stable Release.gpg [819 B]
    Err:27 http://storage.googleapis.com/tensorflow-serving-apt stable Release.gpg
      The following signatures were invalid: KEYEXPIRED 1531525724  KEYEXPIRED 1531525724  KEYEXPIRED 1531525724
    Reading package lists... Done
    W: GPG error: http://storage.googleapis.com/tensorflow-serving-apt stable Release: The following signatures were invalid: KEYEXPIRED 1531525724  KEYEXPIRED 1531525724  KEYEXPIRED 1531525724
    E: The repository 'http://storage.googleapis.com/tensorflow-serving-apt stable Release' is no longer signed.
    N: Updating from such a repository can't be done securely, and is therefore disabled by default.
    N: See apt-secure(8) manpage for repository creation and user configuration details.

    I've tried updating the key but the keyserver entries I have can't find the key.

    Any tips - I'm trying to apply critical & security updates as reported by Azure - as you can guess the Windows Server DSVMs have updated fine.

    Thanks in Advance.

    A.

    Thursday, August 16, 2018 1:38 PM

Answers

  • Hi,

    The key entry for TensorFlow Serving expired, and that is causing the issue you are seeing. Run this command to update it:

    curl https://storage.googleapis.com/tensorflow-serving-apt/tensorflow-serving.release.pub.gpg | sudo apt-key add -

    apt update should then work fine.

    • Marked as answer by AlistairL Friday, August 17, 2018 7:15 AM
    Thursday, August 16, 2018 11:02 PM
    Owner

All replies

  • Hi,

    The key entry for TensorFlow Serving expired, and that is causing the issue you are seeing. Run this command to update it:

    curl https://storage.googleapis.com/tensorflow-serving-apt/tensorflow-serving.release.pub.gpg | sudo apt-key add -

    apt update should then work fine.

    • Marked as answer by AlistairL Friday, August 17, 2018 7:15 AM
    Thursday, August 16, 2018 11:02 PM
    Owner
  • Hi,

    That was excellent on two fronts - I had to get our firewall amended to allow https connections to storage.googleapis.com (it was only allowing http) as the above command would only work against https. This then allowed sudo apt update to run through.

    And then when I checked back on update management the other running linux dsvms had updated themselves - the firewall change seemed to free them up.

    Thank you very much!

    Friday, August 17, 2018 7:14 AM
  • As stated by others, those error mean certain certificate has expired. I'm sharing part of a ansible playbook I've made to correct those issue and update the vm's to the latest packages version. I hope this could be helpful to others!

    
      - name: import de la nouvelle clef pour ubuntu repo
        apt_key:
          keyserver: keyserver.ubuntu.com
          id: 71A1D0EFCFEB6281FD0437C93D5919B448457EE0
    
      - name: import de la nouvelle clef pour repo CRAN
        apt_key:
          keyserver: keyserver.ubuntu.com
          id: E084DAB9
    
      - name: Add an Apt new key for tensorflow
        apt_key:
          url: https://storage.googleapis.com/tensorflow-serving-apt/tensorflow-serving.release.pub.gpg
          state: present
    
      - name: install msodbcsql17 package (Required because package don't get updated to latest)
        apt:
          update_cache: yes
          name: msodbcsql17
          state: latest
        environment:
          ACCEPT_EULA: 'y'
    
      - name: Mise à jour des packages a la derniere version
        apt:
         name: "*"
         state: latest
         force_apt_get: yes
        notify: Reboot Server
    
      handlers:
      - name: Reboot Server
        shell: sleep 2 && /sbin/shutdown -r now "Rebooting server now"
        ignore_errors: true
    

    Monday, August 27, 2018 1:45 PM