#2180 closed defect (fixed)

Installation instructions fail on Ubuntu 16.04

Reported by: ovenblast@… Owned by: thresh
Priority: minor Milestone:
Component: documentation Version: 1.19.x
Keywords: Cc:
uname -a: Linux 525b07850e66 4.19.76-linuxkit #1 SMP Thu Oct 17 19:31:58 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: n/a


Installation instructions for Ubuntu were changed recently and currently cause apt update to fail on Ubuntu 16.04.

# apt update
Get:1 http://nginx.org/packages/ubuntu xenial InRelease [4354 B]
Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease
Hit:3 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:4 http://archive.ubuntu.com/ubuntu xenial-backports InRelease
Hit:5 http://security.ubuntu.com/ubuntu xenial-security InRelease
Err:1 http://nginx.org/packages/ubuntu xenial InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ABF5BD827BD9BF62
Reading package lists... Done
W: GPG error: http://nginx.org/packages/ubuntu xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ABF5BD827BD9BF62
E: The repository 'http://nginx.org/packages/ubuntu xenial InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

The previous version of instructions (with apt-key add) works fine on Ubuntu 16.04 and Ubuntu 20.04.

Tested on Docker images ubuntu:xenial and ubuntu:focal.

Change History (6)

comment:1 by thresh, 17 months ago

Indeed, this seems to be wrong for Ubuntu Xenial. I guess my manual checking used the VM images that already got the key imported via apt-key.

I'm not sure if we want to fix it, since Xenial is EOL since April 30: https://lists.ubuntu.com/archives/ubuntu-announce/2021-March/000266.html and we probably should just remove the mention of that OS altogether.

comment:2 by thresh, 17 months ago

Alternatively, we might want to use /usr/share/keyrings to drop the gpg keys to, run gpg --dearmor to convert them to keyring, and mention them via signed-by= keyword in the sources.list entries. This seems to work on Ubuntu 16.04 at least.

comment:3 by thresh, 17 months ago

Owner: set to thresh
Status: newassigned

comment:4 by ovenblast@…, 17 months ago

What's wrong with adding key via apt-key add thoguh? This is the method I usually see in other APT repositories.

comment:5 by thresh, 17 months ago

It's deprecated: https://manpages.debian.org/testing/apt/apt-key.8.en.html

So it's unwise to provide instructions that still utilize it.

comment:6 by thresh, 13 months ago

Resolution: fixed
Status: assignedclosed

The current instructions (since http://hg.nginx.org/nginx.org/rev/6eff5d63925b) work fine (except for the incompatible gpg check command).

Note that we no longer build packages for Ubuntu Xenial since it's EOL.

Note: See TracTickets for help on using tickets.