-
Bug
-
Resolution: Not A Defect
-
Trivial
-
None
The instructions for LTS usage at https://pkg.jenkins.io/debian-stable/ are outdated:
% sudo apt update [...] Err:8 https://pkg.jenkins.io/debian-stable binary/ Release.gpg The following signatures were invalid: EXPKEYSIG FCEF32E745F2C3D5 Jenkins Project <jenkinsci-board@googlegroups.com> Reading package lists... Done W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://pkg.jenkins.io/debian-stable binary/ Release: The following signatures were invalid: EXP KEYSIG FCEF32E745F2C3D5 Jenkins Project <jenkinsci-board@googlegroups.com> $ wget https://pkg.jenkins.io/debian-stable/jenkins.io.key [...] $ gpg jenkins.io.key gpg: directory '/home/admin/.gnupg' created gpg: keybox '/home/admin/.gnupg/pubring.kbx' created gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa4096 2020-03-30 [SC] [expired: 2023-03-30] 62A9756BFD780C377CF24BA8FCEF32E745F2C3D5 uid Jenkins Project <jenkinsci-board@googlegroups.com> sub rsa4096 2020-03-30 [E] [expired: 2023-03-30]
Only the instructions at https://pkg.jenkins.io/debian/ mention the new GPG signing key.
Also please consider improving the key replacement/update procedure with the repository next time by signing the Debian repositories with both keys (current one and upcoming/new key), to give users some more time to adapt.
