Update Expired GPG Keys
Package Upgrade from Cumulus Linux 5.5.0 or Earlier to 5.8.0
Issue
When you try to upgrade a switch from Cumulus Linux 5.5.0 or earlier to 5.8.0 with package upgrade, you see errors for expired GPG keys that prevent you from upgrading:
W: GPG error: http://apt.cumulusnetworks.com/repo CumulusLinux-5-latest InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 191184DAB33070E2
Resolution
Install the new keys, then upgrade the switch:
cumulus@switch:~$ wget https://download.nvidia.com/cumulus/apt.cumulusnetworks.com/repo/pool/cumulus/c/cumulus-archive-keyring/cumulus-archive-keyring_4-cl5.6.0u5_all.deb
cumulus@switch:~$ sudo apt install ./cumulus-archive-keyring_4-cl5.6.0u5_all.deb
cumulus@switch:~$ sudo apt update
cumulus@switch:~$ sudo apt upgrade
Package Upgrade from Cumulus Linux 4.4.0 to 4.4.x
Issue
When you try to upgrade a switch from Cumulus Linux 4.4.0 to 4.4.x with package upgrade, you see errors for expired GPG keys that prevent you from upgrading:
Err:4 https://download.nvidia.com/cumulus/apt.cumulusnetworks.com/repo CumulusLinux-4.4-latest InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 191184DAB33070E2
Reading package lists... Done
W: GPG error: https://download.nvidia.com/cumulus/apt.cumulusnetworks.com/repo CumulusLinux-4.4-latest InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 191184DAB33070E2
E: The repository 'http://apt.cumulusnetworks.com/repo CumulusLinux-4.4-latest InRelease' is not signed.
Resolution
Download the new repository keys, then upgrade the switch:
cumulus@switch:~$ wget https://download.nvidia.com/cumulus/apt.cumulusnetworks.com/repo/pool/cumulus/c/cumulus-archive-keyring/cumulus-archive-keyring_4-cl4.4.7u1_all.deb
cumulus@switch:~$ sudo apt install ./cumulus-archive-keyring_4-cl4.4.7u1_all.deb
cumulus@switch:~$ sudo -E apt-get update
cumulus@switch:~$ sudo -E apt-get upgrade
Package Upgrade from Cumulus Linux 4.3.0 to 4.3.x
Issue
When you try to upgrade a switch from Cumulus Linux 4.3.0 to 4.3.x with package upgrade, you see errors for expired GPG keys that prevent you from upgrading:
Err:4 https://download.nvidia.com/cumulus/apt.cumulusnetworks.com/repo CumulusLinux-4.3.2 InRelease
The following signatures were invalid: EXPKEYSIG A3C0E377EB5BF3F0 Cumulus Linux 4.0 Package Repository Release Signing Key <dev-support@cumulusnetworks.com>
Reading package lists... Done
W: GPG error: https://download.nvidia.com/cumulus/apt.cumulusnetworks.com/repo CumulusLinux-4.3.2 InRelease: The following signatures were invalid: EXPKEYSIG A3C0E377EB5BF3F0 Cumulus Linux 4.0 Package Repository Release Signing Key <dev-support@cumulusnetworks.com>
Resolution
Download the new repository keys, then upgrade the switch:
cumulus@switch:~$ wget https://download.nvidia.com/cumulus/apt.cumulusnetworks.com/repo/pool/cumulus/c/cumulus-archive-keyring/cumulus-archive-keyring_4-cl4.3.4u1_all.deb
cumulus@switch:~$ sudo apt install ./cumulus-archive-keyring_4-cl4.3.4u1_all.deb
cumulus@switch:~$ sudo apt update
cumulus@switch:~$ sudo apt upgrade
Package Upgrade from Cumulus Linux 3.7.x to 3.7.16
Issue
When you try to upgrade a switch from Cumulus Linux 3.7.x to 3.7.16 with package upgrade, you see errors for expired GPG keys that prevent you from upgrading:
W: GPG error: http://repo3.cumulusnetworks.com CumulusLinux-3 InRelease: The following signatures were invalid: KEYEXPIRED 1522652605 KEYEXPIRED 1522652605 KEYEXPIRED 1522652605
W: GPG error: http://repo3.cumulusnetworks.com CumulusLinux-3-security-updates InRelease: The following signatures were invalid: KEYEXPIRED 1522652605 KEYEXPIRED 1522652605 KEYEXPIRED 1522652605
W: GPG error: http://repo3.cumulusnetworks.com CumulusLinux-3-updates InRelease: The following signatures were invalid: KEYEXPIRED 1522652605 KEYEXPIRED 1522652605 KEYEXPIRED 1522652605
Resolution
Download the new repository keys, then upgrade the switch:
cumulus@switch:~$ wget https://download.nvidia.com/cumulus/repo3.cumulusnetworks.com/public-key/repo3-2024-key
cumulus@switch:~$ sudo apt-key add repo3-2024-key
cumulus@switch:~$ sudo -E apt-get update
cumulus@switch:~$ sudo -E apt-get upgrade