Virtualmin repo virtualmin-bionic and virtualmin-universal says EXPKEYSIG | Ubuntu 18.04

SYSTEM INFORMATION
OS type and version Ubuntu 18.04
Webmin version 2.111 (from the web interfece)
Virtualmin version 7.10.0 (from the web interfece)
Related packages SUGGESTED

Hi,

from today when I do apt update I get this error:
Err:9 http://software.virtualmin.com/vm/6/gpl/apt virtualmin-bionic InRelease The following signatures were invalid: EXPKEYSIG XXXXXXXXXXXX Virtualmin, Inc. (Package signing key for Virtualmin 6) <security@virtualmin.com>

I updated the repo with Virtualmin setup-repos and if I do apt update the system ask me to upgrade these packages:

virtualmin-config/virtualmin,virtualmin,virtualmin 7.0.16 all [upgradable from: 6.0.31-1]
virtualmin-core/virtualmin,virtualmin,virtualmin 7.0.0 all [upgradable from: 6.0.1]
virtualmin-lamp-stack/virtualmin,virtualmin,virtualmin 7.0.4-1 all [upgradable from: 6.1.4+ubuntu-20.04]
webmin-virtualmin-dav/virtualmin,virtualmin,virtualmin 3.13 all [upgradable from: 3.13]
webmin-virtualmin-init/virtualmin,virtualmin,virtualmin 2.10 all [upgradable from: 2.10]
webmin-virtualmin-slavedns/virtualmin,virtualmin,virtualmin 1.13 all [upgradable from: 1.13]

Is it safe to do this upgrade?

Thank you very much for your support!

I would think about upgrading from Ubuntu 18.04, it’s six years old things have changed quite a bit since then. I’m not sure if some updates in webmin/virtualmin will break due to the ‘old’ version of Ubuntu you are running

Thank you for your reply @jimr1

I understand that the version of my Ubuntu server is outdated but I’m using the ESM repository for now and I would like to wait another year before doing the full migration to a new server.

How should I handle the Virtualmin and Usermin updates?

We don’t test on EOL operating systems. Ubuntu 18.04 reached end of life over a year ago.

So, use at your own risk. I’d recommend you upgrade to a supported OS. That said, I believe we made it safe to go from Virtualmin 6 repos to Virtualmin 7 repos (historically that was not the case, but I believe we have handled everything that made it risky via some changes in the way we handle dependencies).

But, if you want to talk about safety, it is very not safe to run an OS that’s been unsupported since January of last year.

1 Like

@Joe thank you very much for your reply.

Ubuntu 18.04 is still supported for security fixes through ESM repo.

Now Virtualmin doesn’t support EOL OSs. Ok, I got it.

I was able to get updates regularly of Webmin and Virtualmin. That was until today because of my GPG key expired.

Anyway, the only way to receive security updates from Webmin and Virtualmin is to update the OS ASAP?

If so I will do that following your guide

Thank you!

That isn’t what I said.

It’s a production machine and I don’t want to have downtime in case of problems.
I don’t want to take this risk.

I understand that you recommend to upgrade to a supported OS but meanwhile regarding Webmin and Virtualmin can I do something to stay up-to-date at least from a security point?

Thank you for your assistance @Joe

You can look at what changes it’s going to make. The risk used to be that we switched from MySQL to Mariadb, which would have been a problem for people going from 6 to 7, but that’s been resolved by changes in dependencies (upgrading the lamp-stack package will not replace MySQL if that’s what you already have, either Mariadb or MySQL will satisfy the dependency).

I’m unaware of any other issues. The config, core, and lamp-stack packages changed between 6 and 7, but config won’t run, and the changes to core and lamp-stack won’t force a switch.

But, you can choose to upgrade any package you want. You can also look into what all these packages do, and decide whether you want to upgrade them.

Ubuntu 20.04 is still supported an has the same error …

An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://software.virtualmin.com/vm/6/gpl/apt virtualmin-focal InRelease: The following signatures were invalid: EXPKEYSIG … Virtualmin, Inc. (Package signing key for Virtualmin 6) <security@virtualmin.com>

An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://software.virtualmin.com/vm/6/gpl/apt virtualmin-universal InRelease: The following signatures were invalid: EXPKEYSIG … Virtualmin, Inc. (Package signing key for Virtualmin 6) <security@virtualmin.com>

apt clean; apt update

You always have to do that when changing repositories.

Though I thought if you’d used the repo-setup tool it would have done that…

I haven’t changed anything in a long while, just executed the usual apt update && apt upgrade which suddenly returned an error …

apt clean doesn’t help …

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.