Cloudflared PKG NO_PUBKEY Error

Hello,

I’m having an issue installing the cloudflared package on Ubuntu Server 20.04 hardened with CIS Level 2 Benchmark. (although I don’t think the hardening is causing the issue)
See below:

I’ve followed the instructions from the PKG documentation which has worked fine on my Ubuntu 22.04.2 servers, so I’m not sure what I’m missing.
Thanks

Cloudflared hasn’t used the apt key in a while and you should remove it.

What does your /etc/apt/sources.list.d/cloudflared.list show as it should be

deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared focal main

I’ve removed the apt key.

Output of /etc/apt/sources.list.d/cloudflared.list:

deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared focal main

Looks correct from what I can tell.

This does look correct

Are you still getting the apt error with the apt key removed? I have the same setup and don’t see any error.

Yep - Removed the key with sudo apt-key del. The only other thing I can think of is that somehow the CIS hardening is preventing this from working, but I don’t understand how or why.
Thanks

I can’t imagine CIS hardening effecting this. I would try removing the apt list and key and redoing it to see if that helps

I tried that too. I deleted the apt list and the GPG key and reran the steps from the documentation.
Thanks

Do you get any about when you run gpg --show-keys /usr/share/keyrings/cloudflare-main.gpg. Maybe the key is getting corrupted.

Looks correct to me:

It all looks right to me. Maybe another @MVP might have an idea for this

2 Likes

Usage of the apt-key adv --keyserver keyserver.ubuntu.com --recv-keys KEY_HERE looks good.

May I ask, have you tried using non-signed and modifying the .list file by commeting signed / temporary ignoring it, or allowing insecure upgrades? :thinking:

I am using Debian or Raspbian mostly. I’ve had once the issue with the key, but … how did I solve it, can’t recall at the moment. Will write back…

Gave it a go. /etc/apt/sources.list.d/cloudflared.list now looks like:

deb [trusted=yes] https://pkg.cloudflare.com/cloudflared focal main

With this config I am able to install cloudflared, although the GPG warning does persist.

W: GPG error: https://pkg.cloudflare.com/cloudflared focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 254B391D8CACCBF8

I wonder, the directory /usr/share/keyrings had 755, but what about the downloaded .gpg file? Did it had the CHMOD set to the 644, or? :thinking:

Using apt update and/or apt clean doesn’t help neither?

You’re right, it’s fixed now. Must have been foobarred permissions. Running sudo chmod 755 /usr/share/keyrings/cloudflare-main.gpg fixed the issue. Thanks all.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.