Very Siberian's picture
Very Siberian - Wed, 2024/06/19 - 23:06

Hello! I am unable to install security updates for some reason. If anyone has suggestions based on the following error messages, I would appreciate it!

Best regards,

Rob

Forum: 
Support
Tags: 
security updates
Timmy's picture

Timmy - Sun, 2024/06/23 - 16:40

The second image appears to be an error regarding the display of the error in the first image - so I think you can set that aside as not germane to the problem of installing security updates.

How are you kicking off these security updates? Is this on a first-time install?

Very Siberian's picture

Very Siberian - Sun, 2024/06/23 - 17:09

Thanks for your reply. This is a clone of a TKL hub instance. Since launched, the clone is running adequately in terms of the application, but I can neither install security updates (or any updates) nor can I re-initialize backups.

Jeremy Davis's picture

Jeremy Davis - Tue, 2024/06/25 - 01:37

Thanks for reporting and sorry for slow response. I've had a crazy amount going on lately - both TurnKey related and otherwise.

Thanks too Timmy for jumping in. It's so awesome to have someone respond while I've been tied up!

Timmy is on point and the sec updates are failing...

Bottom line, it looks like the backend cli command is failing!? Unfortunately, that stacktrace doesn't really give me any clear idea of what exactly went wrong.

When you say "the clone is running adequately in terms of the application" does that mean that everything else appears to be working?

Here are some commands from the CLI - that should hopefully help me diagnose the issue. Please post the output of these (each line is a separate command - in case that's not obvious):

turnkey-install-security-updates
apt list confconsole
apt update
turnkey-version

I'll watch this thread and once you share that info I'll as get back to you ASAP.

Hopefully speak more soon.

Very Siberian's picture

Very Siberian - Tue, 2024/06/25 - 02:48

root@theaacn ~# turnkey-install-security-updates
+ SEC_UPDATES=FORCE
+ /usr/lib/inithooks/firstboot.d/95secupdates
Traceback (most recent call last):
  File "/usr/bin/hubclient-status", line 37, in <module>
    main()
  File "/usr/bin/hubclient-status", line 33, in main
    hubapi.Server().status(serverid, boot_status, comment)
  File "/usr/lib/python3.9/dist-packages/hubclient_lib/api.py", line 59, in status
    response = self.api.request('PUT', url, attrs)
  File "/usr/lib/python3.9/dist-packages/pycurl_wrapper.py", line 190, in request
    raise self.Error(response.code, name, description)
pycurl_wrapper.Error: 404 - b'HubServer.NotFound (Hub Server ID does not exist')

root@theaacn ~# apt list confconsole
Listing... Done
confconsole/bullseye,now 2.0.5 all [installed]

root@theaacn ~# apt update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Get:2 http://security.debian.org bullseye-security InRelease [48.4 kB]
Ign:3 http://archive.turnkeylinux.org/debian bullseye-security InRelease
Ign:4 http://archive.turnkeylinux.org/debian bullseye InRelease
Hit:5 http://archive.turnkeylinux.org/debian bullseye-security Release
Hit:6 http://archive.turnkeylinux.org/debian bullseye Release
Get:7 https://packages.sury.org/php bullseye InRelease [7551 B]
Get:8 http://security.debian.org bullseye-security/main amd64 Packages [275 kB]
Err:7 https://packages.sury.org/php bullseye InRelease                         
  The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key <deb@sury.org>
Ign:11 https://download.webmin.com/download/newkey/repository stable InRelease
Hit:12 https://download.webmin.com/download/newkey/repository stable Release
Fetched 331 kB in 1s (515 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
93 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.sury.org/php bullseye InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key <deb@sury.org>
W: Failed to fetch https://packages.sury.org/php/dists/bullseye/InRelease  The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key <deb@sury.org>
W: Some index files failed to download. They have been ignored, or old ones used instead.

root@theaacn ~# turnkey-version
turnkey-nginx-php-fastcgi-17.1-bullseye-amd64

Best regards,

Rob

Jeremy Davis's picture

Jeremy Davis - Wed, 2024/06/26 - 05:36

Ok it looks like there are 2 issues. They may be related, but I don't think so.

The initial issue you hit appears to be Hub related. To look at that closer, please message me via Hub support so I can have a closer look and see what might be going on over there.

The second one is that the "sury.org" apt signing key has expired. Try this:

keyfile=/usr/share/keyrings/php-sury.org.gpg
wget -O $keyfile https://packages.sury.org/php/apt.gpg

The rerun 'apt update' and hopefully the error message is gone.

Also, while we'll need to have a look at the Confconsole security updates issue via the Hub, in the meantime a workaround would be to manually install all updates. TBH that's probably worth doing regardless. Your server is quite old and beyond security updates, there are likely lots of other updates that include bugfixes and/or improvements. It's at least well worth updating the PHP packages from sury.org. They aren't included in the security updates as his repo doesn't have security specific updates. FWIW it is possible to just update the PHP related packages, but it's a bit of a PITA. It should be easier in v18.x, but still not as easy as I hope to make it when I get a chance.

Chat soon regardless

Very Siberian's picture

Very Siberian - Wed, 2024/06/26 - 13:36

Thanks for your help! That did the trick. 

Add new comment