I have an installation of the Gitlab CE version on the virtual machine. It is running on the Host Proxmox VE.  Normally I do the update/upgrade through the Webmin interface. I knew that Gitlab has very active development. They may publish a new release every week. But, recently, I did not see the Gitlab CE updates when I upgraded the packages of my VM, which is Ubuntu 22.04.

So I SSH to the VM. Run the command sudo apt update

I got the following error message

An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu focal InRelease: The following signatures were invalid: EXPKEYSIG 3F01618A51312F3F GitLab B.V. (package repository signing key) <packages@gitlab.com>

The error is invalid signatures: EXPKEYSIG 3F01618A51312F3F

My first idea is to delete this invalid signature.

sudo apt-key del 3F01618A51312F3F

Then I run the update again. Of course, another problem came.

davidyin@gitlab:/etc/apt/sources.list.d$ sudo apt update
Ign:1 https://download.webmin.com/download/newkey/repository stable InRelease
Hit:3 https://download.webmin.com/download/newkey/repository stable Release
Hit:4 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:6 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:7 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:9 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:8 https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu jammy InRelease
Get:2 https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu focal InRelease [23.3 kB]
Err:2 https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu focal InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3F01618A51312F3F
Fetched 23.3 kB in 2s (13.8 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3F01618A51312F3F
W: Failed to fetch https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu/dists/focal/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3F01618A51312F3F
W: Some index files failed to download. They have been ignored, or old ones used instead.

This time the error is public key is not available: NO_PUBKEY 3F01618A51312F3F

What is my next move? Add the public key for it.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3F01618A51312F3F
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.StjvcTDgCs/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 3F01618A51312F3F
gpg: key 3F01618A51312F3F: public key "GitLab B.V. (package repository signing key) <packages@gitlab.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Run the update, another problem is shown.

davidyin@gitlab:/etc/apt/sources.list.d$ sudo apt update
Ign:1 https://download.webmin.com/download/newkey/repository stable InRelease
Hit:2 https://download.webmin.com/download/newkey/repository stable Release
Hit:5 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:6 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:8 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:9 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu focal InRelease
Hit:7 https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu jammy InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu/dists/focal/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

Oh, it is not an error, it is a warning. I can ignore it. But I don’t like it. I have to clean these.

So I save this key into a file located in /etc/apt/tursted.gpg.d/ folder. Then run the update again.

davidyin@gitlab:/etc/apt/sources.list.d$ sudo apt-key export  51312F3F | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/gitlab-david.gpg
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
davidyin@gitlab:/etc/apt/sources.list.d$ sudo apt update
Ign:2 https://download.webmin.com/download/newkey/repository stable InRelease
Hit:3 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:4 https://download.webmin.com/download/newkey/repository stable Release
Hit:5 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:7 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:8 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:1 https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu focal InRelease
Hit:6 https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu jammy InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.

It looks OK. But I found one line, Hit:1 https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu focal InRelease

Ubuntu Facal is Ubuntu 20.04. It is the old one. I don’t need it. So I go to /etc/apt/sources.list.d/, edit gitlab.list file. Commented the line with Facal.

Now I am satisfied.

OK. One another thing about the updated Gitlab. At the beginning, the Gitlab CE is version 16.91

I run the following to add/update the sources.

curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash

Then, I run the sudo apt update and sudo apt upgrade to upgrade the Gitlab CE to the latest version 16.11.0.

PS.

Gitlab Ce Installation Instructions: https://packages.gitlab.com/gitlab/gitlab-ce/install

Gitlab Release lists: https://about.gitlab.com/releases/categories/releases/

Apt-key command manual: https://manpages.ubuntu.com/manpages/noble/en/man8/apt-key.8.html

 

David Yin

David is a blogger, geek, and web developer — founder of FreeInOutBoard.com. If you like his post, you can say thank you here

Leave a Reply

Your email address will not be published. Required fields are marked *