View Issue Details

IDProjectCategoryView StatusLast Update
0007422Kali Linux[All Projects] General Bugpublic2021-11-06 15:48
Reporterelrey Assigned To 
PrioritynormalSeverityminorReproducibilitysometimes
Status newResolutionopen 
Product Version2021.3 
Target VersionFixed in Version 
Summary0007422: Sometimes GPG signature from main kali CDN isn't properly signed
DescriptionPeriodically when using the gpg signature from the main kali CDN (https://kali.download) it will fail the gpg check when verifying the signature.
Steps To Reproducecurl -fsSL https://archive.kali.org/archive-key.asc | gpg --import

gpg --verify <( curl -fsSL https://cdimage.kali.org/current/SHA256SUMS.gpg ) <( curl -fsSL https://cdimage.kali.org/current/SHA256SUMS )
Additional InformationSo, I build kali on a weekly basis, and before this weekend I didn't have any issues with the GPG signature on the main CDN (https://kali.download). For 3 consecutive times now though, I have had my builds fail because of: "gpg: BAD signature from "Kali Linux Repository <devel@kali.org>" [unknown]"

( NOTE: most of these links that I will post require you to login to CircleCI to get more detailed information )

If you go to my CircleCI pipeline for my project: https://app.circleci.com/pipelines/github/elreydetoda/packer-kali_linux you can see I had it fail for 4 times in a row ( all my trying to see if re-running the failed steps would work ).

Every time the pipeline failed it was the signature failing (you can see references to that below) :
https://app.circleci.com/pipelines/github/elreydetoda/packer-kali_linux/514/workflows/a077f696-1726-4108-9db2-3b63c08504ab/jobs/5574#step-104-85
( same file no CircleCI account required ( at the very bottom of the page )) https://circleci.com/api/v1.1/project/github/elreydetoda/packer-kali_linux/5574/output/104/0?file=true&allocation-id=617438f405f1ce6e408aec88-0-build%2F3B8433D

Started to do some local testing, and noticed that it wasn't consistent but just periodic. In this GitHub (GH) issue I have a recording of my terminal where it fails sometimes and it is using the main CDN: https://github.com/elreydetoda/packer-kali_linux/issues/125

When I swapped the CDN to use the Berkly CDN for the signature everything worked perfectly though... GH commit: https://github.com/elreydetoda/packer-kali_linux/commit/4744402085e614aca48b707cc411c62c47300615 ( this will grab both the sha256sums file & the sha256sums.gpg file ) & corresponding successful CI run (for the generate-packer-vars steps): https://app.circleci.com/pipelines/github/elreydetoda/packer-kali_linux/515/workflows/3dc61b4d-c292-4937-8a3a-a5d12fb7051c

Activities

elrey

2021-10-23 16:57

reporter  

elrey

2021-10-23 17:04

reporter   ~0015346

here is a screenshot of me
1) running what the "step to repeat" section resolves to (kali.download)
2) running the commands I mentioned in the "step to repeat" section
3) running the commands I mentioned in the "step to repeat" section, but changing it to the berkley CDN instead of main and the signature succeeding

elrey

2021-10-23 17:04

reporter   ~0015347

didn't upload the pic...sorry...

elrey

2021-10-23 17:07

reporter   ~0015348

ok..., posting on imgur since it doesn't seem to be uploading properly... https://imgur.com/a/uA8mN71

elrey

2021-10-25 03:46

reporter   ~0015355

also forgot to mention if you don't have Kali's key imported with gpg you can do this: curl -fsSL 'https://archive.kali.org/archive-key.asc' | gpg --import

elrey

2021-11-06 15:46

reporter   ~0015416

Looks like things have been fixed (don't know if anything was done or if the CDN was just acting wonky...).

Have a good weekend ��

elrey

2021-11-06 15:48

reporter   ~0015417

sorry, forgot to add a link for why I think it is: https://github.com/elreydetoda/packer-kali_linux/issues/125#issuecomment-962469642

also, I guess no emoji so emoticon/text :wave: :D

Issue History

Date Modified Username Field Change
2021-10-23 16:53 elrey New Issue
2021-10-23 16:57 elrey File Added: Screenshot_20211023_125626.png
2021-10-23 17:04 elrey Note Added: 0015346
2021-10-23 17:04 elrey Note Added: 0015347
2021-10-23 17:07 elrey Note Added: 0015348
2021-10-25 03:46 elrey Note Added: 0015355
2021-10-28 09:57 g0tmi1k Priority high => normal
2021-10-28 09:58 g0tmi1k Severity major => minor
2021-11-06 15:46 elrey Note Added: 0015416
2021-11-06 15:48 elrey Note Added: 0015417