Update the Signing Key for Percona Debian and Ubuntu PackagesHrvoje Matijakovic
Some of the users might have already noticed following warning on Ubuntu 16.04 (Xenial Xerus):
W: http://repo.percona.com/apt/dists/xenial/InRelease: Signature by key 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A uses weak digest algorithm (SHA1)
.deb packages are signed with a key that uses an algorithm now considered weak. Starting with the next release, Debian and Ubuntu packages are signed with a new key that uses the much stronger SHA-512 algorithm. All future package release will also contain the new algorithm.
You’ll need to do one of the following in order to use the new key:
- If you installed the Percona repository package as described here, this package is automatically updated to a new package version (
percona-release_0.1-4). This package currently contains both the old and new keys. This helps make the transition easier (until all packages are signed with the new key).
- Install the new Percona repository package as described in the installation guide.
- Manually download and add the key from either keys.gnupg.net or keyserver.ubuntu.com by running:
apt-key adv --keyserver keys.gnupg.net --recv-keys 8507EFA5or
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8507EFA5
It’s important that you add the new key before the next release. Otherwise you’ll see the following warning:
W: GPG error: http://repo.percona.com xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9334A25F8507EFA5
Leave any questions about updating the signing key for Percona Debian and Ubuntu packages in the comments below.