Possible outdated Scylla Manager APT signing key in installation documentation
Description
While installing Scylla Manager from the official APT repository on Ubuntu, I encountered a repository signature verification error when following the documented GPG key import procedure.
I wanted to confirm whether:
- I am missing a required step, or
- the documentation currently references an outdated signing key / outdated import method.
What I followed
I used the documented key import approach:
sudo gpg --homedir /tmp \
--no-default-keyring \
--keyring /etc/apt/keyrings/scylladb.gpg \
--keyserver hkp://keyserver.ubuntu.com:80 \
--recv-keys A43E06657BAC99E3
Then:
Error received
Get:5 https://downloads.scylladb.com/downloads/scylla-manager/deb/ubuntu/scylladb-manager-3.10 stable InRelease [7550 B]
Err:5 https://downloads.scylladb.com/downloads/scylla-manager/deb/ubuntu/scylladb-manager-3.10 stable InRelease
The following signatures couldn't be verified because the public key is not available:
NO_PUBKEY C503C686B007F39E
W: GPG error:
https://downloads.scylladb.com/downloads/scylla-manager/deb/ubuntu/scylladb-manager-3.10 stable InRelease:
The following signatures couldn't be verified because the public key is not available:
NO_PUBKEY C503C686B007F39E
E: The repository
'https://downloads.scylladb.com/downloads/scylla-manager/deb/ubuntu/scylladb-manager-3.10 stable InRelease'
is not signed.
What worked instead
Importing key:
worked successfully.
Commands used:
sudo gpg --homedir /tmp \
--no-default-keyring \
--keyring /tmp/temp.gpg \
--keyserver hkp://keyserver.ubuntu.com:80 \
--recv-keys C503C686B007F39E
sudo gpg --homedir /tmp \
--no-default-keyring \
--keyring /tmp/temp.gpg \
--export --armor C503C686B007F39E | \
gpg --dearmor | \
sudo tee /etc/apt/keyrings/scylladb.gpg >/dev/null
After this:
worked correctly.
Question
Is the currently documented key (A43E06657BAC99E3) outdated for the Scylla Manager repository?
Also, should the documentation recommend the newer Debian/Ubuntu keyring workflow:
recv-keys -> export -> dearmor
instead of writing directly into /etc/apt/keyrings/*.gpg using --recv-keys?
Possible outdated Scylla Manager APT signing key in installation documentation
Description
While installing Scylla Manager from the official APT repository on Ubuntu, I encountered a repository signature verification error when following the documented GPG key import procedure.
I wanted to confirm whether:
What I followed
I used the documented key import approach:
Then:
Error received
What worked instead
Importing key:
worked successfully.
Commands used:
After this:
worked correctly.
Question
Is the currently documented key (
A43E06657BAC99E3) outdated for the Scylla Manager repository?Also, should the documentation recommend the newer Debian/Ubuntu keyring workflow:
instead of writing directly into
/etc/apt/keyrings/*.gpgusing--recv-keys?