Lilac master: The following signatures were invalid: EXPKEYSIG 68818C72E52529D4 MongoDB 4.0 Release Signing Key

Site Operators Site Operations Help
1

Hello Everyone,
I am installing lilac openedx version on ubuntu 20.04 according to openedx documentation and getting error can’t install mongodb 4.0 on ubuntu 20.04. Can you help me through this step?
As far as I know, ubuntu keyserver for mongodb 4.0 can only be installed on ubuntu 16.04 instance.
Link: 3.2.2. Lilac Open edX Native Installation — Installing, Configuring, and Running the Open edX Platform: Lilac Release documentation
tags: configuration/util/install at open-release/lilac.master · openedx/configuration · GitHub

TASK [server_utils : Install ubuntu system packages] ***************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: W:Updating from such a repository can't be done securely, and is therefore disabled by default., W:See apt-secure(8) manpage for repository creation and user configuration details., W:GPG error: http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 Release: The following signatures were invalid: EXPKEYSIG 68818C72E52529D4 MongoDB 4.0 Release Signing Key <packaging@mongodb.com>, E:The repository 'http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 Release' is not signed."}

PLAY RECAP *********************************************************************
localhost                  : ok=5    changed=1    unreachable=0    failed=1    skipped=99   rescued=0    ignored=0   

 
============================================================
Ansible failed!
------------------------------------------------------------
 
Decoded error:
== msg ===========================
Failed to update apt cache: W:Updating from such a repository can't be done securely, and is therefore disabled by default., W:See apt-secure(8) manpage for repository creation and user configuration details., W:GPG error: http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 Release: The following signatures were invalid: EXPKEYSIG 68818C72E52529D4 MongoDB 4.0 Release Signing Key <packaging@mongodb.com>, E:The repository 'http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 Release' is not signed.
 
============================================================
Installation failed!
------------------------------------------------------------
If you need help, see https://open.edx.org/getting-help .
When asking for help, please provide as much information as you can.
These might be helpful:
    Your log file is at /home/server/logs/install-20230524-032707.log
    Your environment:
        OPENEDX_RELEASE=open-release/lilac.master
============================================================
Installation finished at 2023-05-24 03:29:02
2

Hi @phatlh, has this problem been resolved?
i experienced the same thing

3

hi, please help, i meet the same issue @@

4

I also have the same problem. Is there a fix / workaround?

5

Based on my understanding/reverse-engineering, this might help, but it’s untested, I hope it helps you though :slight_smile:
Mongo have depreciated 4.0 (end of life) and decided not to update keys anymore Mongo db 4.0 GPG key expired for ubuntu 18.04 - #3 by Divyesh_Panchani - Welcome - MongoDB Developer Community Forums

But I poked around in configuration/playbooks/roles/mongo_4_0/defaults
/main.yml

Look for these lines:

MONGODB_REPO: "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/{{ MONGO_VERSION_MAJOR_MINOR }} multiverse"
MONGODB_REPO_BIONIC: "deb http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/{{ MONGO_VERSION_MAJOR_MINOR }} multiverse"

and add in [arch=amd64 trusted=yes] after “deb” (replace amd64 with your correct architecture if different), example:

MONGODB_REPO: "deb [arch=amd64 trusted=yes] http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/{{ MONGO_VERSION_MAJOR_MINOR }} multiverse"
MONGODB_REPO_BIONIC: "deb [arch=amd64 trusted=yes] http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/{{ MONGO_VERSION_MAJOR_MINOR }} multiverse"

The point of trusted=yes is to disable the key checking on ONLY that specific repo (others will still work normally, better security)

I’m guessing you’ll just have to clone the repo GitHub - openedx/configuration: A collection of edx configuration scripts and utilities that edx.org uses to deploy openedx.
make the changes as suggested above and run the ansible bootstrap and native scripts from the configuration/util/install dir in your clone instead of piping it in from the original script as described here: 3.2.2. Lilac Open edX Native Installation — Installing, Configuring, and Running the Open edX Platform: Lilac Release documentation

Disclaimer: this is untested and I’m not an expert in openedx, I still have a hard time piecing everything together :slight_smile:

6

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.