You are not logged in.
- Topics: Active | Unanswered
#1 2022-09-03 11:15:26
- nenesse
- Member
- From: Paris
- Registered: 2020-01-10
- Posts: 10
[SOLVED] apt-get update: gpg error (expired key)
Hi,
problems with apt-get today
apt-get update
Get:1 http://deb.devuan.org/merged chimaera InRelease [33.9 kB]
Get:2 http://deb.devuan.org/merged chimaera-security InRelease [26.5 kB]
Err:1 http://deb.devuan.org/merged chimaera InRelease
The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
Get:3 http://deb.devuan.org/merged chimaera-backports InRelease [26.6 kB]
Err:2 http://deb.devuan.org/merged chimaera-security InRelease
The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
Err:3 http://deb.devuan.org/merged chimaera-backports InRelease
The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
Fetched 86.9 kB in 0s (174 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.devuan.org/merged chimaera InRelease: The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository
(Amprolla3 on Nemesis) <repository@devuan.org>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.devuan.org/merged chimaera-security InRelease: The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.devuan.org/merged chimaera-backports InRelease: The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
W: Failed to fetch http://deb.devuan.org/merged/dists/chimaera/InRelease The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
W: Failed to fetch http://deb.devuan.org/merged/dists/chim … /InRelease The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
W: Failed to fetch http://deb.devuan.org/merged/dists/chim … /InRelease The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
W: Some index files failed to download. They have been ignored, or old ones used instead.
gpg --keyserver keys.gnupg.net --search-keys BB23C00C61FC752C
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
Last edited by nenesse (2022-09-03 12:20:18)
Offline
#2 2022-09-03 11:41:00
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: [SOLVED] apt-get update: gpg error (expired key)
Is the system clock correct?
I see
$ gpg --keyserver keys.gnupg.net --search-keys BB23C00C61FC752C
gpg: data source: http://pgp.surf.nl:11371
(1) 4096 bit RSA key BB23C00C61FC752C, created: 2017-09-04
Keys 1-1 of 1 for "BB23C00C61FC752C". Enter number(s), N)ext, or Q)uit >
$Brianna Ghey — Rest In Power
Offline
#3 2022-09-03 11:44:44
- nenesse
- Member
- From: Paris
- Registered: 2020-01-10
- Posts: 10
Re: [SOLVED] apt-get update: gpg error (expired key)
date
Sat Sep 3 13:43:33 CEST 2022
Paris timezone
Last edited by nenesse (2022-09-03 11:45:17)
Offline
#4 2022-09-03 11:49:48
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: [SOLVED] apt-get update: gpg error (expired key)
Do you have a firewall running that might be blocking port 11371?
Can we see the output of
cat /etc/{nsswitch,resolv}.confBrianna Ghey — Rest In Power
Offline
#5 2022-09-03 12:03:32
- nenesse
- Member
- From: Paris
- Registered: 2020-01-10
- Posts: 10
Re: [SOLVED] apt-get update: gpg error (expired key)
i flush nftables ruleset
I have stopped privoxy and unbound
└─┤ cat /etc/{nsswitch,resolv}.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files
group: files
shadow: files
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
# freebox sur le réseau local
# ou sur réseau extérieur, réseau local en 172.16
# ou 4G Free
nameserver 212.27.40.240
nameserver 212.27.40.241
# partage de connexion smartphone android, autre que free
#nameserver 192.168.42.129
# openDns
#nameserver 208.67.222.222
#nameserver 208.67.220.220
# Raspberry Netgear
#nameserver 192.168.0.1
# unbound
#nameserver 127.0.0.1
Last edited by nenesse (2022-09-03 12:03:46)
Offline
#6 2022-09-03 12:10:04
- vazhnov
- Member
- From: Wrocław, Poland
- Registered: 2020-05-31
- Posts: 26
Re: [SOLVED] apt-get update: gpg error (expired key)
I think the root cause is that the key BB23C00C61FC752C expired:
$ gpg --list-keys BB23C00C61FC752C
pub rsa4096 2017-09-04 [SC] [expired: 2022-09-03]
E032601B7CA10BC3EA53FA81BB23C00C61FC752C
uid [ expired] Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>The same key described on the page https://www.devuan.org/os/keyring , fingerprint is E032 601B 7CA1 0BC3 EA53 FA81 BB23 C00C 61FC 752C.
$ apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
------------------------------------------------------------
pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
1F89 983E 0081 FDE0 18F3 CC96 73A4 F27B 8DD4 7936
uid [ unknown] Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
/etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
---------------------------------------------------------------------
pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
AC53 0D52 0F2F 3269 F5E9 8313 A484 4904 4AAD 5C5D
uid [ unknown] Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
/etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
---------------------------------------------------------
pub rsa4096 2021-02-13 [SC] [expires: 2029-02-11]
A428 5295 FC7B 1A81 6000 62A9 605C 66F0 0D6C 9793
uid [ unknown] Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>
/etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
----------------------------------------------------------
pub rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
80D1 5823 B7FD 1561 F9F7 BCDD DC30 D7C2 3CBB ABEE
uid [ unknown] Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub rsa4096 2019-04-14 [S] [expires: 2027-04-12]
/etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
-------------------------------------------------------------------
pub rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
5E61 B217 265D A980 7A23 C5FF 4DFA B270 CAA9 6DFA
uid [ unknown] Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub rsa4096 2019-04-14 [S] [expires: 2027-04-12]
/etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
-------------------------------------------------------
pub rsa4096 2019-02-05 [SC] [expires: 2027-02-03]
6D33 866E DD8F FA41 C014 3AED DCC9 EFBF 77E1 1517
uid [ unknown] Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>
/etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
-----------------------------------------------------------
pub rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
E1CF 20DD FFE4 B89E 8026 58F1 E0B1 1894 F66A EC98
uid [ unknown] Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub rsa4096 2017-05-22 [S] [expires: 2025-05-20]
/etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
--------------------------------------------------------------------
pub rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
6ED6 F5CB 5FA6 FB2F 460A E88E EDA0 D238 8AE2 2BA9
uid [ unknown] Debian Security Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub rsa4096 2017-05-22 [S] [expires: 2025-05-20]
/etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
--------------------------------------------------------
pub rsa4096 2017-05-20 [SC] [expires: 2025-05-18]
067E 3C45 6BAE 240A CEE8 8F6F EF0F 382A 1A7B 6500
uid [ unknown] Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org>
/etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.gpg
------------------------------------------------------
pub rsa2048 2014-12-02 [SC]
72E3 CB77 3315 DFA2 E464 743D 9453 2124 5419 22FB
uid [ unknown] Devuan Repository (Primary Devuan signing key) <repository@devuan.org>
sub rsa2048 2014-12-02 [E]
sub rsa4096 2016-04-26 [S]
/etc/apt/trusted.gpg.d/devuan-keyring-2016-cdimage.gpg
------------------------------------------------------
pub rsa4096 2016-10-06 [SC]
CF19 21B2 D91C 6435 848E 8100 99C4 6A90 B1FB 3B59
uid [ unknown] Devuan ISO Toaster (Devuan GNU+Linux) <onelove@devuan.org>
sub rsa4096 2016-10-06 [E]
/etc/apt/trusted.gpg.d/devuan-keyring-2017-archive.gpg
------------------------------------------------------
pub rsa4096 2017-09-04 [SC] [expired: 2022-09-03]
E032 601B 7CA1 0BC3 EA53 FA81 BB23 C00C 61FC 752C
uid [ expired] Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>and:
$ ls -lAF /etc/apt/trusted.gpg.d
total 80
-rw-r--r-- 1 root root 8700 Feb 25 2021 debian-archive-bullseye-automatic.gpg
-rw-r--r-- 1 root root 8709 Feb 25 2021 debian-archive-bullseye-security-automatic.gpg
-rw-r--r-- 1 root root 2453 Feb 25 2021 debian-archive-bullseye-stable.gpg
-rw-r--r-- 1 root root 8132 Feb 25 2021 debian-archive-buster-automatic.gpg
-rw-r--r-- 1 root root 8141 Feb 25 2021 debian-archive-buster-security-automatic.gpg
-rw-r--r-- 1 root root 2332 Feb 25 2021 debian-archive-buster-stable.gpg
-rw-r--r-- 1 root root 7443 Feb 25 2021 debian-archive-stretch-automatic.gpg
-rw-r--r-- 1 root root 7452 Feb 25 2021 debian-archive-stretch-security-automatic.gpg
-rw-r--r-- 1 root root 2263 Feb 25 2021 debian-archive-stretch-stable.gpg
-rw-r--r-- 1 root root 3637 Oct 3 2017 devuan-keyring-2016-archive.gpg
-rw-r--r-- 1 root root 2233 Oct 3 2017 devuan-keyring-2016-cdimage.gpg
-rw-r--r-- 1 root root 3638 Oct 3 2017 devuan-keyring-2017-archive.gpg $ dpkg -S /etc/apt/trusted.gpg.d/devuan-keyring-2017-archive.gpg
devuan-keyring: /etc/apt/trusted.gpg.d/devuan-keyring-2017-archive.gpg $ apt-cache policy devuan-keyring
devuan-keyring:
Installed: 2017.10.03
Candidate: 2017.10.03
Version table:
*** 2017.10.03 500
500 http://pl.deb.devuan.org/merged daedalus/main amd64 Packages
100 /var/lib/dpkg/statusLast edited by vazhnov (2022-09-03 12:17:14)
Offline
#7 2022-09-03 12:53:15
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 2,486
Re: [SOLVED] apt-get update: gpg error (expired key)
New keyring just got built and needs to get into the repos and propagate to the mirrors.
Offline
#8 2022-09-03 14:03:53
- nenesse
- Member
- From: Paris
- Registered: 2020-01-10
- Posts: 10
Re: [SOLVED] apt-get update: gpg error (expired key)
apt-cache policy devuan-keyring
devuan-keyring:
Installé : 2022.09.03
Candidat : 2022.09.03
Table de version :
*** 2022.09.03 100
100 /var/lib/dpkg/status
2017.10.03 500
500 http://deb.devuan.org/merged chimaera/main amd64 Packages
gpg --keyserver keys.gnupg.net --search-keys BB23C00C61FC752C
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
Offline
#9 2022-09-03 14:14:43
- iceman1
- Member
- Registered: 2022-09-03
- Posts: 1
Re: [SOLVED] apt-get update: gpg error (expired key)
Hello Everyone
The devs are working on it since midnight, please give me some time. this is a known issue
Offline
#10 2022-09-03 15:33:20
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: [SOLVED] apt-get update: gpg error (expired key)
@nenesse: I think you'll have to use
wget http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb
dpkg -i devuan-keyring_2022.09.04_all.debLast edited by Head_on_a_Stick (2022-09-03 15:33:37)
Brianna Ghey — Rest In Power
Offline
#11 2022-09-03 15:55:40
- nenesse
- Member
- From: Paris
- Registered: 2020-01-10
- Posts: 10
Re: [SOLVED] apt-get update: gpg error (expired key)
yes
then copying /usr/share/keyrings/devuan-keyring.gpg => /etc/apt/trusted.gpg.d
and deleting /etc/apt/trusted.gpg.d/devuan-keyring-2017-archive.gpg
apt-get update works.
Temporary solution pending that of the developers.
Offline
#12 2022-09-03 16:09:25
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 2,486
Re: [SOLVED] apt-get update: gpg error (expired key)
yes
then copying /usr/share/keyrings/devuan-keyring.gpg => /etc/apt/trusted.gpg.d
and deleting /etc/apt/trusted.gpg.d/devuan-keyring-2017-archive.gpg
apt-get update works.Temporary solution pending that of the developers.
I believe those extra steps are only needed if you installed the first package made today, dated 2022.09.03, but the second package with date 2022.09.04 copies the new file for you.
Offline
#13 2022-09-03 16:21:07
- nenesse
- Member
- From: Paris
- Registered: 2020-01-10
- Posts: 10
Re: [SOLVED] apt-get update: gpg error (expired key)
yes, extra steps for 2022.09.03.deb, not needed with 2022.09.04.deb.
I mark this post solved, thanks to the developers for the speed.
rendez-vous le 3 septembre 2023 
Last edited by nenesse (2022-09-03 17:04:26)
Offline
#14 2022-09-03 18:35:12
- brocashelm
- Member
- Registered: 2020-06-29
- Posts: 114
Re: [SOLVED] apt-get update: gpg error (expired key)
devuan-keyring has already been updated in the repository. This command was provided by Bb|hcb in the IRC channel:
apt update --allow-insecure-repositories && apt install devuan-keyring --allow-unauthenticated
Last edited by brocashelm (2022-09-03 19:09:30)
Offline
#15 2022-09-03 20:22:20
- fhblf
- Member
- Registered: 2022-04-17
- Posts: 1
Re: [SOLVED] apt-get update: gpg error (expired key)
@nenesse: I think you'll have to use
wget http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb dpkg -i devuan-keyring_2022.09.04_all.deb
Works great, thanks!
wget http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb && sudo dpkg -i devuan-keyring_2022.09.04_all.debLast edited by fhblf (2022-09-03 20:24:21)
Offline
#16 2022-09-03 20:32:16
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: [SOLVED] apt-get update: gpg error (expired key)
I think the --allow-insecure-repositories & --allow-unauthenticated options are a bit easier. I forgot about them :-)
Brianna Ghey — Rest In Power
Offline
#17 2022-09-03 21:13:06
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 2,486
Re: [SOLVED] apt-get update: gpg error (expired key)
If you download the file and want a checksum, here they are:
$ md5sum devuan-keyring_2022.09.04_all.deb
6209781a66b39c95c012765bc7ca2297 devuan-keyring_2022.09.04_all.deb
$ sha256sum devuan-keyring_2022.09.04_all.deb
96c4a206e8dfdc21138ec619687ef9acf36e1524dd39190c040164f37cc3468d devuan-keyring_2022.09.04_all.debOffline
#18 2022-09-03 22:33:30
- Bakaras
- Member
- Registered: 2022-09-03
- Posts: 1
Re: [SOLVED] apt-get update: gpg error (expired key)
I use:
rm -rf /var/lib/apt/lists/*
apt update --allow-insecure-repositories
apt upgrade
Currently works only with pkgmaster.devuan.org
Last edited by Bakaras (2022-09-03 22:47:01)
Offline
#19 2022-09-04 00:54:22
- Joerg_rw
- Member
- Registered: 2017-04-23
- Posts: 2
Re: [SOLVED] apt-get update: gpg error (expired key)
https://dev1galaxy.org/viewtopic.php?pid=37322#p37322 is about same issue, https://dev1galaxy.org/viewtopic.php?id=5212 "[SOLVED] Invalid Signatures" should get merged in here, replacing my message
Note that the full hands-on may also require that the old local InRelease file for the distribution is removed manually, so the sequence of command would thus be (eg for chimaera):
# rm /var/lib/apt/lists/deb.devuan.org_merged_dists_chimaera_InRelease
# apt-get update --allow-unauthenticated --allow-insecure-repositories
# apt-get install devuan-keyring --allow-unauthenticated
Alternatively: Anyone uncomfortable with those command line options should rather download the new keyring directly, eg
# sha256sum devuan-keyring_2022.09.04_all.deb 96c4a206e8dfdc21138ec619687ef9acf36e1524dd39190c040164f37cc3468d
# dpkg -i devuan-keyring_2022.09.04_all.deb
Alternatively: if you have your own method that works, then that is fine too.
Offline
#20 2022-09-05 09:48:18
- Morgennebel
- Member
- Registered: 2017-06-07
- Posts: 17
Re: [SOLVED] apt-get update: gpg error (expired key)
Unfortunately this bug also prevents new installations with existing ISO files.
Workaround:
* Once installer fails to read a network mirror
* Start a shell from the installer (somewhere at the bottom of the menu)
* Execute wget as described above
* mv *.deb /target/root
* chroot /target
* dpkg -i /root/*.deb
* exit shell
* Continue installation
-MN
Offline
#21 2022-09-05 12:30:31
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 2,486
Re: [SOLVED] apt-get update: gpg error (expired key)
To do a new install with the existing live isos, you can just download the package in a terminal with wget, check the sha256sum and install with dpkg or gdebi. Then run the installer.
Offline
#22 2022-09-05 16:09:23
- Morgennebel
- Member
- Registered: 2017-06-07
- Posts: 17
Re: [SOLVED] apt-get update: gpg error (expired key)
To do a new install with the existing live isos, you can just download the package in a terminal with wget, check the sha256sum and install with dpkg or gdebi. Then run the installer.
I tried the server and netinstall ISOs. Both do not have dpkg available (or I did not found them in /usr/sbin, /sbin or /usr/bin).
Offline
#23 2022-09-05 21:10:59
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 2,486
Re: [SOLVED] apt-get update: gpg error (expired key)
fsmithred wrote:To do a new install with the existing live isos, you can just download the package in a terminal with wget, check the sha256sum and install with dpkg or gdebi. Then run the installer.
I tried the server and netinstall ISOs. Both do not have dpkg available (or I did not found them in /usr/sbin, /sbin or /usr/bin).
For the installer isos (server, desktop, netinstall) the following might work in a shell:
anna install devuan-keyring_2022.09.04_all.debor maybe...
anna install /pool/DEBIAN/main/d/dpkg/dpkg_1.20.9_amd64.deb
dpkg -i devuan-keyring_2022.09.04_all.debFor the live isos (minimal-live, desktop-live) dpkg is installed and will work. Only the desktop-live has gdebi.
Offline
#24 2022-09-05 22:10:17
- adant
- Member
- Registered: 2018-09-19
- Posts: 3
Re: [SOLVED] apt-get update: gpg error (expired key)
Just FYI the expired key is still exists in beowulf (@ Amprolla3 on Nemesis). Scared me for a minute.
Thanks for all you do
Offline
#25 2022-09-08 16:50:42
- Morgennebel
- Member
- Registered: 2017-06-07
- Posts: 17
Re: [SOLVED] apt-get update: gpg error (expired key)
fsmithred wrote:To do a new install with the existing live isos, you can just download the package in a terminal with wget, check the sha256sum and install with dpkg or gdebi. Then run the installer.
I tried the server and netinstall ISOs. Both do not have dpkg available (or I did not found them in /usr/sbin, /sbin or /usr/bin).
You need first to chroot to /target first. dpkg is then available.
# chroot /target
# dpkg -i ....
Ciao, -MN
Offline
