Package Source Repo GPG Key Broken?

We've recently run into errors when attempting to set up the repository for Ubuntu following the directions here: https://docs.chef.io/packages/

When running apt update after adding the source and the key, we receive the following error on 18.04.5 Ubuntu Bionic which prevents us from booting machines:

E: The repository 'https://packages.chef.io/repos/apt/stable bionic Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

The key listed in apt-key list does not show an expiration date, we are unsure why this repo has stopped working. Can you please help us with this? Our only work around at this time is to add the [trusted=yes] flag to the repo source destination which is not something we feel comfortable doing long term.

Has anyone else run into these issues and found a solution? Hoping we aren't an isolated case somehow and something else is badly broken somewhere else in the chain.

We are also getting this.

Confirm, see the same issue, there's no release.gpg file to be had, I suppose someone at Chef needs to fix it on the serverside.

$ curl https://packages.chef.io/repos/apt/stable/dists/{trusty,xenial,bionic,focal}/Release.gpg
{
"errors" : [ {
"status" : 404,
"message" : "File not found."
} ]
}{
"errors" : [ {
"status" : 404,
"message" : "File not found."
} ]
}{
"errors" : [ {
"status" : 404,
"message" : "File not found."
} ]
}{
"errors" : [ {
"status" : 404,
"message" : "File not found."
} ]
}

@tas50 You published a Release Announcement of Chef Infra client 16.6.14 on the 15th Oct. Could anything in release procedure have gone wrong that omitted the creation of signatures?

Seems to be working again, thanks!

Bringing this thread back as we are experiencing the same issues as last time. It only seems to impact bionic and focal distros over this past weekend. Output from bjozet's curl:

$ curl https://packages.chef.io/repos/apt/stable/dists/{trusty,xenial,bionic,focal}/Release.gpg
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.61
iEYEABEIAAYFAmDDmrkACgkQKUCrqYPvgmpemQCggYryqZimiiILlVXzOGa6KMIo
DGgAnjNPZsbB/0CY80dQJWPQelbi2RK0
=fAVo
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.61
iEYEABEIAAYFAmDKnnQACgkQKUCrqYPvgmo/ugCdESrXCsSY5lAC8h2MdZXBJdMV
Se0Anjzg9ficYt5+fvD1dDTKD2hCc6Zn
=ZtGg
-----END PGP SIGNATURE-----
{
  "errors" : [ {
    "status" : 404,
    "message" : "File not found."
  } ]
}{
  "errors" : [ {
    "status" : 404,
    "message" : "File not found."
  } ]

Debian Stretch and Buster are also broken. This makes our CI fail all builds.

I'm seeing the same issue. It seems like something might be broken with their package server. For example, https://packages.chef.io/repos/apt/stable/ubuntu/ just hangs in my browser...

I tried emailing support@chef.io but it looks like you have to have a hosted chef account to open a ticket. Does anyone on this thread have a paid account? If not, hopefully someone at Chef will see this thread.

This happens when you don't request a file. Then you will get an instant 404. Looks like they use JFrog Artifactory.

I would love to see production machines, being able to update their client using APT instead of manual .deb rollout.

I've got two emails, one asking for my customer credentials and one confirmation including an internal ticket number. I guess they still get and read the requests from unknown contacts.

Yep, automatically closed.

Hey everyone, thanks for notifying us of this. This is being tracked internally.

We resolved the issue with signed debian/apt repositories. Sorry for the trouble it caused.