HPE Morpheus VM Essentials
1836006 Members
3304 Online
110088 Solutions
New Discussion

HPE VME Repository

 
jwantland
Occasional Contributor

HPE VME Repository

Seems to be an issue with the repo for VME:

apt update
Ign:1 https://update1.linux.hpe.com/repo/hpevme/zion-private-ubuntu pulp InRelease
Ign:2 https://update1.linux.hpe.com/repo/hpevme/zion-os-updates-prod/ubuntu2404-os-updates noble-updates InRelease
Hit:3 https://update1.linux.hpe.com/repo/hpevme/zion-private-ubuntu pulp Release
Hit:4 https://update1.linux.hpe.com/repo/hpevme/zion-os-updates-prod/ubuntu2404-os-updates noble-updates Release
Ign:5 https://update1.linux.hpe.com/repo/hpevme/zion-private-ubuntu pulp Release.gpg
Ign:6 https://update1.linux.hpe.com/repo/hpevme/zion-os-updates-prod/ubuntu2404-os-updates noble-updates Release.gpg
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
N: Missing Signed-By in the sources.list(5) entry for 'https://update1.linux.hpe.com/repo/hpevme/zion-private-ubuntu'
N: Missing Signed-By in the sources.list(5) entry for 'https://update1.linux.hpe.com/repo/hpevme/zion-os-updates-prod/ubuntu2404-os-updates'
root@phxdvme01:~#

why is there only 1 repo in the sources?  are there alternates that we can add to the hpe-ubuntu-sources?

root@system~# cat /etc/apt/sources.list.d/hpe-ubuntu.sources
Types: deb
URIs: https://update1.linux.hpe.com/repo/hpevme/zion-private-ubuntu/
Suites: pulp
Components: upload
Check-Valid-Until: False
Trusted: True


Types: deb
URIs: https://update1.linux.hpe.com/repo/hpevme/zion-os-updates-prod/ubuntu2404-os-updates/
Suites: noble-updates
Components: main
Check-Valid-Until: False
Trusted: True

 

 

 

3 REPLIES 3
chypsa
Occasional Advisor

Re: HPE VME Repository

I'm gonna go out on a limb and say that the repo list is limited so as to be controlled and remain tested and minimized.

However, what does seem to be wrong is that there's no information on how to obtain the gpg key and import it to the VM. As this is a work-in-progress kinda thing, I'm gonna guess this is an oversight, but I also may be lacking some fundamental understanding of how Linux works.

Either way, you can do this: "sudo apt-get --allow-unauthenticated upgrade" and bypass the requirement for gpg keys, after which your OS will update.

This99
Senior Member

Re: HPE VME Repository

Hi Chypsa

Big thanks is a great workaround.

But it's possible to fix this issue ? 

Thx.

 

kind regards,

This

chypsa
Occasional Advisor

Re: HPE VME Repository

The fix to use these built-in repositories would be to import the GPG keys to your system. But, I have searched the web and have not found where to download them. For example, HPE offers GPG keys found on the link below, but these do not contain the needed key for the HPE VME image. 

https://support.hpe.com/connect/s/softwaredetails?language=en_US&collectionId=MTX-5e49ea6151b1451e&tab=releaseNotes

If you do find the needed VME public key, you can import it the same way as written in instructions above, copy to system, then run:

# gpg --import /path_to_the_key/<keynumber>.pub

Alternatively, you could allow your system to update from a different repository (which I have not tested), by adding a new repo. Some guidance found here:

https://jumpcloud.com/blog/how-to-manage-apt-repositories-debian-ubuntu

However, once you add the new repo, you again probably need to import its GPG key, to make your system trust the installation files. With well-known, public repos, getting the key should not be a problem.