With the upgrade script, the repro is not signed.

[coreykeeling]

When upgrading from 14 -> 14.1, I get the following error after running the upgrade command.

/usr/local/pf/addons/upgrade/do-upgrade.sh

Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://security.debian.org/debian-security bookworm-security InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
Get:4 http://inverse.ca/downloads/PacketFence/debian/14.1 bookworm InRelease [4,527 B]
Err:4 http://inverse.ca/downloads/PacketFence/debian/14.1 bookworm InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY CB2D3A2AA0030E2C
Reading package lists... Done
W: GPG error: http://inverse.ca/downloads/PacketFence/debian/14.1 bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY CB2D3A2AA0030E2C
E: The repository 'http://inverse.ca/downloads/PacketFence/debian/14.1 bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

[satkunas]

What is the contents of the following?

cat /etc/apt/sources.list.d/packetfence.list

gpg --show-keys --with-fingerprint /etc/apt/keyrings/packetfence.gpg

[JeGoi]

Just test it this morning it is working and signed.
Please follow the documentation or ask for help with a contract (https://www.packetfence.org/support.html#/commercial) or with community (https://www.packetfence.org/support.html#/community).
Thanks for using PacketFence

[JeGoi]

Hum, maybe I closed that one a bit too fast.
I think it is not related to the repo but more the upgrade script.

[JeGoi]

Please double check that you update your current PacketFence to the latest 14.0 before doing the upgrade.
If not please provide the PF version installed.
Thanks

[coreykeeling]

I am running 14. I followed the upgrade guide. I'm also pretty sure I did apt get upgrade before running the script to make sure it was on the latest maintenance release.

[JeGoi]

Ok, thanks and I will test it.
Any specific config?

[coreykeeling]

This is a standard configuration. I am connecting to a single AD forest with AD authentication for machines. I have been using it as a test for another issue I logged about machine authentication.

The additional information that was asked for is included below.

deb http://inverse.ca/downloads/PacketFence/debian/14.1 bookworm bookworm

and

pub   rsa4096 2016-03-15 [SC]
      B022 C48D 3D63 73D7 FC25  6A8C CB2D 3A2A A003 0E2C
uid                      Inverse Support (RPM package signing) <support@inverse.ca>

[JeGoi]

@coreykeeling there is an error in your /etc/apt/sources.list.d/packetfence.list
It should be something like:

deb [signed-by=/etc/apt/keyrings/packetfence.gpg] http://inverse.ca/downloads/PacketFence/debian/14.1 bookworm bookworm

And the upgrade script should have add it correctly.
I will check.
Thanks

[JeGoi]

Ok it may come from that https://github.com/inverse-inc/packetfence/blob/maintenance/14.0/addons/full-upgrade/run-upgrade.sh#L110
It is in https://github.com/inverse-inc/packetfence/blob/maintenance/14.1/addons/full-upgrade/run-upgrade.sh#L110
So, I will check.
Thanks

[coreykeeling]

Running the below command based on your link and then running apt get update allowed me to upgrade to 14.1.

echo "deb [signed-by=/etc/apt/keyrings/packetfence.gpg] http://inverse.ca/downloads/PacketFence/debian/14.1 bookworm bookworm" > /etc/apt/sources.list.d/packetfence.list