New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unsigned Repositories for 2.x Versions #1637

lcalvarez opened this Issue Oct 13, 2018 · 2 comments


None yet
2 participants

lcalvarez commented Oct 13, 2018

Bug report


Wazuh version

Install type

Install method

Log sample

TASK [wazuh-agent : Debian/Ubuntu | Installing repository] *****************************************************************************
fatal: []: FAILED! => {"changed": false, "failed": true, "module_stderr": "Connection to closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n  File \"/tmp/ansible_7rzsFp/\", line 565, in <module>\r\n    main()\r\n  File \"/tmp/ansible_7rzsFp/\", line 553, in main\r\n    cache.update()\r\n  File \"/usr/lib/python2.7/dist-packages/apt/\", line 543, in update\r\n    raise FetchFailedException(e)\r\napt.cache.FetchFailedException: E:Failed to fetch  403  Forbidden [IP: <redacted>], E:The repository ' xenial InRelease' is no longer signed.\r\n", "msg": "MODULE FAILURE", "rc": 0}

Bug description

I am running an ansible command with the following parameters to generate a repository file in /etc/apt/sources.list.d:

    repo: "deb xenial main"
    state: present

I am following the instructions in the 2.1 docs to install the wazuh agent and have already installed the key in the proper location, as well.

I am also able to bypass this using an option to not validate certificates but that is a vulnerability that we would like to not expose ourselves to.

Shouldn't these repositories continue to stay signed if there may be users of them?


This comment has been minimized.

mojojoseph commented Oct 16, 2018

Howdy @lcalvarez I can confirm as well running into this problem on 18.04 with Wazuh 2.1.1:

Err:8 xenial InRelease
  403  Forbidden [IP: 443]
Reading package lists... Done
E: Failed to fetch  403  Forbidden [IP: 443]
E: The repository ' xenial InRelease' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

How were you able to bypass this? I agree with your sentiment; it should be fixed at the repository level, but at the moment this is busting all of my playbooks on 18.04 servers so I'm willing to use a workaround in the short term. Thanks for any insight.


This comment has been minimized.

lcalvarez commented Oct 16, 2018

@mojojoseph I was able to use this:

- name: Debian/Ubuntu | Installing wazuh repository
    create: yes
    path: /etc/apt/sources.list.d/packages_wazuh_com_apt.list
    line: "deb [trusted=true] xenial main"

You can also get it to work using apt_repository with validate_certs: no on the above task but not everyone will want that option.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment