Debian base - MongoDB 3.6 Release Signing Key EXPKEYSIG

[goofball222]

Build actions failed for Debian 8.0.24 official:

5.007 Executing: /tmp/apt-key-gpghome.ctc20k3raO/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
5.493 gpg: key 58712A2291FA4AD5: public key "MongoDB 3.6 Release Signing Key <packaging@mongodb.com>" imported
5.497 gpg: Total number processed: 1
5.497 gpg:               imported: 1
5.910 + apt-get -qqy update
6.956 W: GPG error: http://repo.mongodb.org/apt/debian stretch/mongodb-org/3.6 Release: The following signatures were invalid: EXPKEYSIG 58712A2291FA4AD5 MongoDB 3.6 Release Signing Key <packaging@mongodb.com>
6.956 E: The repository 'http://repo.mongodb.org/apt/debian stretch/mongodb-org/3.6 Release' is not signed.

Worked around in 7547d0f. However, this is not a secure or permanent solution.

Current UniFi deb package supports MongoDB versions up to 5.

Moving to MongoDB 4.0 or higher will likely cause failures with older installations/DBs due to feature compatibility version set in databases at time of creation. This is not automatically updated. IE:

• MongoDB 4.0 will start DBs with compat version 3.6 but not 3.4 or lower
  • Oldest versions of UniFi were either MongoDB 3.2 or 3.4, possibly even older
• MongoDB 4.2 will start DBs with compat version 4.0 but not 3.6 or lower
• MongoDB 4.4 will start DBs with compat version 4.2 but not 4.0 or lower
• MongoDB 5.0 will start DBs with compat version 4.4 but not 4.2 or lower
• UniFi internal MongoDB driver uses functions/features deprecated in MongoDB versions newer than 5.0
  • Replacing that driver is beyond the scope of this project. Ubiquiti needs to handle this upstream.

Proposed fixes:

• Move Ubuntu-base to default/latest and leave insecure Debian-base work-around in place with a warning (8.0/beta is currently configured this way)
• Upgrade Debian-base internal MongoDB to latest version of 4.0 and provide script/environment variable to assist in updating the mongo feature compatibility version in the databases
• Move Ubuntu-base to default/latest and remove MongoDB entirely from Debian image
• Upgrade Debian-base internal MongoDB to latest version of 5.0 that UniFi supports.
  • This will require users with old databases to create a full backup via web interface, shut down container, and wipe/move existing data before starting newer version of container and importing backup.
  • Alternatively users could stair-step upgrade their databases feature compat version via MongoDB containers but that is beyond the scope of this project.

[goofball222]

At this point with no feedback and the current state of 8.0/beta default image now being Ubuntu with Mongo 3.6 built in, I'll be moving that as-is to 8.0/official & release whenever the next UI release happens.

[goofball222]

At this point with no feedback and the current state of 8.0/beta default image now being Ubuntu with Mongo 3.6 built in, I'll be moving that as-is to 8.0/official & release whenever the next UI release happens.

That day is today.