Upgrading to PHP 7.1.27 – how to fix the GPG error: https://packages.sury.org error.

  • You are here: Free PHP » Uncategorized » Upgrading to PHP 7.1.27 – how to fix the GPG error: https://packages.sury.org error.

If, like me, you’re still using PHP7.1, then you should upgrade to the most current security release which is 7.1.27 and was released on the 7th of March. Prior to that we were on 7.1.24 and missed out on fixed for a number of CVEs that were addressed in 7.1.26  and 7.1.25 – and fixes for a segmentation fault or two as well.

This morning, doing this on Debian Jessie yielded the error:

W: An error occurred during the signature verification.
The repository is not updated and the previous index files will be used.
GPG error: https://packages.sury.org jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B188E2B695BD4743

This is because Ondřej Surý – who maintains the packages there – had to change over to a new DPA signing key as it was present on a server which got compromised.

This means that to install packages from there since the new one was switched to, I needed to download the new key:

# wget -O /etc/apt/trusted.gpg.d/php.gpg href="https://packages.sury.org/php/apt.gpg

After doing that a quick apt-get update set things straight again and apt-get upgrade could then carry on and move things along to 7.1.27.

Realising then that we’d missed out on upgrading to 7.1.27 sooner, I’ve added an additional check to our own product’s status page to determine whether the version of PHP being used is the newest “on-branch” version. It looks something like:


/**
* Get the current/latest version released on branch x for PHP_VERSION.
*
* @param string $version Branch/Version to check for. e.g. 7.1 or 7.1.23...
*
* @return string
*/
function getLatestPHPReleaseOnBranch($version)
{
    $v = explode(".", $version);
    $branch = "{$v[0]}.{$v[1]}";
    $major = $v[0];
    if (extension_loaded('curl')) {
        $url = "https://secure.php.net/releases/active.php";
        $curl = curl_init($url);

        // Use browser's user agent string.
        $agent = $_SERVER['HTTP_USER_AGENT'];

        curl_setopt($curl, CURLOPT_USERAGENT, $agent);
        curl_setopt($curl, CURLOPT_FAILONERROR, true);
        curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        $json = curl_exec($curl);
        curl_close($curl);
        $decoded = json_decode($json, true);
        $version = $decoded[$major][$branch]['version'];
        return $version;
    } else {
        return null;
    }
}
$latestPHP = getLatestPHPReleaseOnBranch(PHP_VERSION);
if ($latestPHP !== null) {
    $current = PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "." . PHP_RELEASE_VERSION;
    $branch = PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;
    echo "Using most recent on-branch PHP release? ", version_compare($current, $latestPHP, "==") ? "Yes" : "No", " (Latest release is $latestPHP Currently on ", PHP_VERSION , ")";
}

Please use this, or something similar, to determine when and if you need to update your PHP install.

Comments are closed.
-
Powered by Gewgley