Done. Simply bump to ros-tooling/setup-ros@0.2.1. There is nothing to do for people using @v0.2.
3 Likes
Wonderful, works like a charme. Thanks!
1 Like
+1, worked fine. Thanks for the prompt update.
Affected images should be rebuilt soon after this gets mered upstream by the librarians:
2 Likes
In the meantime you can setup the new key in your container before installing more packages.
For example:
docker run -it --rm ros:foxy
apt update || apt install -y curl && curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | apt-key add -
3 Likes
Just noticed the docker images were updated, thanks to everyone involved in fixing this!
Much appreciated.
Maybe Iâm jumping the gun, but it doesnât look like the focal/noetic images were updated. I donât see a new GitCommit in the above PR for the focal noetic-ros-core.
I was looking at the dockerhub, seems like the noetic and focal image tags were updated:
Focal
Noetic
Noetic images still do not work.
16:30 $ docker pull ros:noetic-robot
noetic-robot: Pulling from library/ros
Digest: sha256:61660593caa87bb2a0299c363a2a408998362502e38ba2acf88f8801d0576548
Status: Image is up to date for ros:noetic-robot
docker.io/library/ros:noetic-robot
16:30 $ docker run -it ros:noetic-robot bash
root@52910c874989:/# sudo apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Get:2 http://packages.ros.org/ros/ubuntu focal InRelease [4676 B]
Get:3 http://archive.ubuntu.com/ubuntu focal InRelease [265 kB]
Err:2 http://packages.ros.org/ros/ubuntu focal InRelease
The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics <info@osrfoundation.org>
Get:4 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [27.6 kB]
Get:5 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [728 kB]
Get:6 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [836 kB]
Get:7 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:8 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [275 kB]
Get:9 http://archive.ubuntu.com/ubuntu focal-backports InRelease [101 kB]
Get:10 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [11.3 MB]
Get:11 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages [1275 kB]
Get:12 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [177 kB]
Get:13 http://archive.ubuntu.com/ubuntu focal/restricted amd64 Packages [33.4 kB]
Get:14 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [315 kB]
Get:15 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [975 kB]
Get:16 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [1272 kB]
Get:17 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [29.8 kB]
Get:18 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [4305 B]
Reading package lists... Done
W: GPG error: http://packages.ros.org/ros/ubuntu focal InRelease: The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics <info@osrfoundation.org>
E: The repository 'http://packages.ros.org/ros/ubuntu focal InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
foxy images still do not work. In fact, the last update in Dockerhub is 7 days ago: Docker Hub
2 Likes
More updates here:
3 Likes
The new key has now propagated to all ros:* and osrf/ros:* images. Thanks all for your patience.
If you encounter any issues donât hesitate to open a ticket here
Happy containing
4 Likes
@cottsay : Youâre right, the key wasnât changed, only the expiration date was extended, so we donât need to change the installation instructions. Thanks for clearing that up!
Would it be possible to please simplify the ROS key and install process with:
sudo apt-add-repository ppa:ros/foxy
sudo apt update && sudo apt install ros-foxy-desktop
This is much more memorizable then the current curl/tee/foo and a lot of other software is this easy to install.
We have now published this:
Unfortunately the shorthand used for the PPA is only valid for the official Ubuntu hosted PPAs which cannot support our use cases. If youâre not using the Canonical hosted PPAs you still have to fetch the keys explicitly which is important to make clear as this is your source of trust.
Thus you could use it instead of the echoing the source line like this: apt-add-repository "http://packages.ros.org/ros2/ubuntu focal main"
Limitations of apt-add-repository:
- It requires a larger dependency requirements for base installation
- Doesnât support
signed-byargument - Doesnât support
archarguments - You canât control the name of the file
Thus sticking with the lower level tools is both more powerful and more transparent as to whatâs happening which is especially important at a point when you have to trust the results to install software on your system.
1 Like
For ROS Noetic with Debian Buster I still see some problems with the GPG keys in armhf using:
curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | apt-key add -
echo "deb http://packages.ros.org/noetic/ubuntu `lsb_release -cs` main" \
> /etc/apt/sources.list.d/noetic-latest.list;
Error:
gpg: no valid OpenPGP data found.
and
W: GPG error: http://packages.ros.org/ros/ubuntu buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F42ED6FBAB17C654
E: The repository 'http://packages.ros.org/ros/ubuntu buster InRelease' is not signed.
For Ubuntu-Mate 16.04 /ROS Kinetic (Turtlebot3 Burger), same error:
~$ curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | sudo apt-key add -
gpg: no valid OpenPGP data found.