I am trying to install RVM on my ubuntu system using this blog. https://rvm.io/
when I run these command
gpg2 --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
\curl -sSL https://get.rvm.io | bash -s stable
I am getting this problem.
Downloading https://github.com/rvm/rvm/archive/1.29.9.tar.gz
Downloading https://github.com/rvm/rvm/releases/download/1.29.9/1.29.9.tar.gz.asc
gpg: Signature made Wednesday 10 July 2019 02:01:02 PM IST
gpg: using RSA key 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
gpg: Good signature from "Piotr Kuczynski <piotr.kuczynski#gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7D2B AF1C F37B 13E2 069D 6956 105B D0E7 3949 9BDB
GPG verified '/usr/share/rvm/archives/rvm-1.29.9.tgz'
tar: binscripts: Cannot utime: Operation not permitted
tar: config/solaris: Cannot utime: Operation not permitted
tar: config: Cannot utime: Operation not permitted
tar: contrib/hudson: Cannot utime: Operation not permitted
tar: contrib: Cannot utime: Operation not permitted
tar: docs: Cannot utime: Operation not permitted
I think keys are not working. Does anyone knows how to solve this problem?
Looks like the ubuntu rvm package is already installed and you are trying to install rvm again. If you installed using the package, there is no need to run the manual install steps, rvm will work.
To remove the package, just use sudo apt purge rvm. After it finishes, check if you have any presence of /usr/share/rvm and delete the folder in case it's present.
After that, you can get the latest rvm through the steps you are already doing.
Related
xyz#ubuntu:~$ curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | sudo apt-key add -
gpg: no valid OpenPGP data found.
getting this error while installing ROS noetic in ubuntu 20.04.5, arm64, UTM
Tried few steps but didn't worked
I am configuring CentOS 6 Server. i am trying to install rvm but i am getting error. when i try to install rvm in server. Can anyone knows the reason?
step1.
gpg --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
OUTPUT
gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis#gmail.com>" not changed
gpg: key D39DC0E3: "Totally Legit Signing Key <mallory#example.org>" not changed
gpg: key 39499BDB: "Piotr Kuczynski <piotr.kuczynski#gmail.com>" not changed
gpg: Total number processed: 3
gpg: unchanged: 3
step 2 (where i get error)
curl -sSL https://get.rvm.io | bash -s stable
Output
WARN: ...the preceeding error with code 35 occurred while fetching https://api.github.com/repos/rvm/rvm/tags
curl: (35) SSL connect error
WARN: ...the preceeding error with code 35 occurred while fetching https://api.bitbucket.org/2.0/repositories/mpapis/rvm/refs/tags?sort=-name&pagelen=20
ERROR: Exhausted all sources trying to fetch version 'latest' of RVM!
What is the version of cURL in your server?
This might shed some light: cURL SSL connect error 35 with NSS error -5961
from apt-get update:
The following signatures were invalid: BADSIG 26C95CF201182252 Neo Technology Admins <admins#neotechnology.com> The following signatures were invalid: KEYEXPIRED 1572135620
Fetched 328 kB in 0s (339 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://debian.neo4j.org/repo stable/ Release: The following signatures were invalid: BADSIG 26C95CF201182252 Neo Technology Admins <admins#neotechnology.com> The following signatures were invalid: KEYEXPIRED 1572135620
W: Failed to fetch https://debian.neo4j.org/repo/stable/Release.gpg The following signatures were invalid: BADSIG 26C95CF201182252 Neo Technology Admins <admins#neotechnology.com> The following signatures were invalid: KEYEXPIRED 1572135620
W: Some index files failed to download. They have been ignored, or old ones used instead.
apt-key list:
# apt-key list 01182252
pub 4096R/01182252 2014-10-28 [expired: 2019-10-27]
uid Neo Technology Admins <admins#neotechnology.com>
I use https://debian.neo4j.org/neotechnology.gpg.key to fetch the key
The key is now updated. You can redo:
wget -O - https://debian.neo4j.com/neotechnology.gpg.key | sudo apt-key add -
or to update the apt keys list from the keyserver:
sudo apt-key adv --recv-keys --keyserver keys.gnupg.net D37F5F19 01182252
I am trying to install RVM in my Ubuntu machine with the following info:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04 LTS
I am doing this by following the official RVM guide, presented here:
https://rvm.io/rvm/install
However I fail in the very first command, I cannot import mpapi's public key (even when using sudo):
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
I get the following error:
fl4m3ph03n1x: ~ $ sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
gpg: WARNING: unsafe ownership on configuration file `/home/fl4m3ph03n1x/.gnupg/gpg.conf'
gpg: external program calls are disabled due to unsafe options file permissions
gpg: keyserver communications error: general error
gpg: keyserver receive failed: general error
At first I thought that the problem was a permission issue (by checking the warning), but after reading and trying out the solution in the discussion below nothing changed.
gpg: WARNING: unsafe ownership on configuration file, $gpg --fingerprint on Ubuntu9.10
Here are the permissions on the file:
fl4m3ph03n1x: ~ $ ls -ld /home/fl4m3ph03n1x/.gnupg/gpg.conf
-rwx------ 1 fl4m3ph03n1x fl4m3ph03n1x 9398 Jul 21 14:43 /home/fl4m3ph03n1x/.gnupg/gpg.conf
fl4m3ph03n1x: ~ $ ls -l /home/fl4m3ph03n1x/.gnupg/gpg.conf
-rwx------ 1 fl4m3ph03n1x fl4m3ph03n1x 9398 Jul 21 14:43 /home/fl4m3ph03n1x/.gnupg/gpg.conf
What am I doing wrong ? How can I fix my problem?
It turns out that the problem was indeed fixed by file permissions. There are a few things I want to point out however.
The solution for this problem relies in changing the permission of several files in cascade.
For a more complete answer on permissions, I recommend this discussion, suggested by Maxim Pontyushenko:
gpg: WARNING: unsafe ownership on configuration file, $gpg --fingerprint on Ubuntu9.10
Now for the solution itself. You must changed the ownership and the read/write permissions of the following files, in the following order:
/home/[username]/.gnupg/gpg.conf
/home/[username]/.gnupg/pubring.gpg
/home/[username]/.gnupg/trustdb.gpg
You must change the permissions on these 3 files in this specific order.
Additionally, do not run the gpg command using sudo.
If you do it, you will be stuck on a error regarding safe file permissions to which i was not able to find any solution.
Instead, run the gpg command using your username.
I hope this helps the next person having problems. Kudos++ to all who commented!
To install rvm, I use the command provided on the rvm website (https://rvm.io/rvm/install) to install stable versions of rvm:
\curl -sSL https://get.rvm.io | bash -s stable --ruby
I am a little concerned about the warning I get from gpg: "There is no indication that the signature belongs to the owner." Is this gpg just being a bit too picky? The primary key fingerprint (409B 6B17 96C2 7546 2A17 0311 3804 BB82 D39D C0E3) matches Michal Papis so that is re-assuring.
But then why does gpg warn that "This key is not certified with a trusted signature! There is no indication that the signature belongs to the owner"? This reminds me of Certificate Authorities (CAs) and not paying a CA, but doesn't gpg work differently?
Output during installation:
Downloading https://github.com/rvm/rvm/archive/1.26.11.tar.gz
Downloading https://github.com/rvm/rvm/releases/download/1.26.11/1.26.11.tar.gz.asc
gpg: Signature made Mon Mar 30 14:52:13 2015 PDT using RSA key ID BF04FF17
gpg: Good signature from "Michal Papis (RVM signing) <mpapis#gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 409B 6B17 96C2 7546 2A17 0311 3804 BB82 D39D C0E3
Subkey fingerprint: 62C9 E5F4 DA30 0D94 AC36 166B E206 C29F BF04 FF17
GPG verified '/Users/MyHome/.rvm/archives/rvm-1.26.11.tgz'
GnuPG does more than verifying a hash sum, it can also help you at verifying who issued a signature.
This line tells you, that the signature is valid (file is untampered) and was made using a certain key.
gpg: Good signature from "Michal Papis (RVM signing) <mpapis#gmail.com>"
Simply having a key locally does not help you at deciding whom it really belongs to:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 409B 6B17 96C2 7546 2A17 0311 3804 BB82 D39D C0E3
GnuPG requires a trust path from a key owned by you to the key you want to validate, similarly to the chain of trust for X.509 (as used in HTTPS ...).
A basic approach to verifying the key manually would be comparing its fingerprint against the one provided on the TLS-secured download page (https://rvm.io/rvm/install), which hopefully are equal (don't care whether there are spaces or not in-between, that's just for readability). This way, you'll have to trust the web page, but not care for the rather complex OpenPGP trust idea. Using the OpenPGP web of trust to validate key ownership, you can probably be more certain of the issuer, you have to decide on your own how much effort you put into the validation.
It's fine. I don't think you actually need to use SSL anyway but if you do so as per the instructions on the rvm page, make sure you add the key first.
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
\curl -sSL https://get.rvm.io | bash -s stable