Invalid signatures Topic is solved

Support and discussions for the x86/x64 Linux version of Pale Moon and specific Linux distribution questions related to the browser.

Moderator: trava90

Forum rules
If your question is about general use of the browser and not specific to Linux, then please use the General Support board.
User avatar
alerce
Newbie
Newbie
Posts: 5
Joined: 2021-02-02, 07:28

Invalid signatures

Post by alerce » 2021-02-02, 07:32

Please repair:

Fehl:2 http://download.opensuse.org/repositori ... /Debian_10 InRelease
Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Während der Überprüfung der Signatur trat ein Fehler auf. Das Depot wurde nicht aktualisiert und die vorherigen Indexdateien werden verwendet. GPG-Fehler: http://download.opensuse.org/repositori ... /Debian_10 InRelease: Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Fehlschlag beim Holen von http://download.opensuse.org/repositori ... /InRelease Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Einige Indexdateien konnten nicht heruntergeladen werden. Sie wurden ignoriert oder alte an ihrer Stelle benutzt.

User avatar
Pentium4User
Astronaut
Astronaut
Posts: 617
Joined: 2019-04-24, 09:38

Re: Invalid signatures

Post by Pentium4User » 2021-02-02, 11:11

Please run

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/Debian_10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
and post the output of it.
Powerline adapters (dLAN) hardly interfere shortwave radio, so stop using them.

Yes, I still use a 64 bit capable Pentium 4 670 processor with Pale Moon.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 29276
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Invalid signatures

Post by Moonchild » 2021-02-02, 11:12

Please post in English only in the main boards.
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Image

User avatar
juliosoft
New to the forum
New to the forum
Posts: 2
Joined: 2021-02-02, 11:19

Re: Invalid signatures

Post by juliosoft » 2021-02-02, 11:44

Pentium4User wrote:
2021-02-02, 11:11
Please run

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/Debian_10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
and post the output of it.
I have the same issue that alerce have.
Get:6 http://download.opensuse.org/repositori ... /Debian_10 InRelease [1,547 B]
Err:6 http://download.opensuse.org/repositori ... /Debian_10 InRelease
The following signatures were invalid: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
Reading package lists... Done
W: GPG error: http://download.opensuse.org/repositori ... /Debian_10 InRelease: The following signatures were invalid: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
E: The repository 'http://download.opensuse.org/repositori ... /Debian_10 InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

I did it what you say in terminal, but I didnt get any output.

User avatar
Pentium4User
Astronaut
Astronaut
Posts: 617
Joined: 2019-04-24, 09:38

Re: Invalid signatures

Post by Pentium4User » 2021-02-02, 12:10

The Key provided in the repo is expired:

Code: Select all

/etc/apt/trusted.gpg.d/home_stevenpusser.gpg
--------------------------------------------
pub   rsa2048 2016-09-28 [SC] [verfallen (expired): 2021-02-01]
      F961 1EC6 ADCF DD30 3362  217A 0FAD 31CA 8719 FCE4
uid        [ verfallen (expired)] home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>

Confirmed.
I've added it via the command in the instructions, they key provided there expired today (1st February 2021).
They need to provide a new key.

Tested with the Key for Ubuntu 20.10 an Debian 10.
Powerline adapters (dLAN) hardly interfere shortwave radio, so stop using them.

Yes, I still use a 64 bit capable Pentium 4 670 processor with Pale Moon.

User avatar
alerce
Newbie
Newbie
Posts: 5
Joined: 2021-02-02, 07:28

Re: Invalid signatures

Post by alerce » 2021-02-02, 16:13

@juliosoft "I did it what you say in terminal, but I didnt get any output."
The same here.

User avatar
stevepusser
Project Contributor
Project Contributor
Posts: 713
Joined: 2015-08-01, 18:33
Location: California

Re: Invalid signatures

Post by stevepusser » 2021-02-03, 00:58

Can you try again? It looks like the keys were just updated: https://download.opensuse.org/repositor ... mirrorlist

User avatar
jobbautista9
Fanatic
Fanatic
Posts: 108
Joined: 2020-11-03, 06:47
Location: Philippines
Contact:

Re: Invalid signatures

Post by jobbautista9 » 2021-02-03, 03:16

It works now, thanks steve! :thumbup:
Off-topic:
Btw, are your builds in gtk2 or gtk3? I haven't upgraded my browser yet.
I just love Cyndaquil. Obviously the best Johto starter!

Developer of Ambassador in Window Menu, BrowserTickTock, Clickity Touch 'n Push, ColorPili, EditDatContent, EditDatTitle, Esrever, and Go Menu.

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 8918
Joined: 2012-10-09, 19:37
Location: Seriphia Galaxy

Re: Invalid signatures

Post by New Tobin Paradigm » 2021-02-03, 04:00

As I have often said the past year it is the position of the Project that system packagers should favor the GTK version predominate for the target distro. However, Steve has been doing this before such a directive was decided upon. My guess is until he says different whatever it was yesterday will be what it is today.

But it is our wish for the directive to be implemented eventually for current package maintainers and done accordingly for any new ones that join the fold.
How far are you prepared to go? How much are you prepared to risk? How many people are you prepared to sacrifice for victory?
Are you willing to die friendless, alone, deserted by everyone? Because that's what may be required of you in the war that is to come.

Image

User avatar
Pentium4User
Astronaut
Astronaut
Posts: 617
Joined: 2019-04-24, 09:38

Re: Invalid signatures

Post by Pentium4User » 2021-02-03, 05:20

Found a solution.
New key is available

Delete old key

Code: Select all

sudo apt-key del "F961 1EC6 ADCF DD30 3362  217A 0FAD 31CA 8719 FCE4"
Install new key

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_20.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
Then it should work fine (works on my Ubuntu machine).
Powerline adapters (dLAN) hardly interfere shortwave radio, so stop using them.

Yes, I still use a 64 bit capable Pentium 4 670 processor with Pale Moon.

User avatar
alerce
Newbie
Newbie
Posts: 5
Joined: 2021-02-02, 07:28

Re: Invalid signatures

Post by alerce » 2021-02-03, 08:57

@stevepusser "Can you try again? It looks like the keys were just updated:"

I tried it again, but it still doesn't work:

Fehl:4 http://download.opensuse.org/repositori ... /Debian_10 InRelease
Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Während der Überprüfung der Signatur trat ein Fehler auf. Das Depot wurde nicht aktualisiert und die vorherigen Indexdateien werden verwendet. GPG-Fehler: http://download.opensuse.org/repositori ... /Debian_10 InRelease: Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Fehlschlag beim Holen von http://download.opensuse.org/repositori ... /InRelease Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Einige Indexdateien konnten nicht heruntergeladen werden. Sie wurden ignoriert oder alte an ihrer Stelle benutzt.

Python54
Moongazer
Moongazer
Posts: 9
Joined: 2014-10-12, 18:26
Location: UK

Re: Invalid signatures

Post by Python54 » 2021-02-03, 09:48

I've downloaded the new key so I'm not getting the invalid signatures error any more. However, Update Manager is not finding Palemoon v29 update.

I notice my file /etc/apt/sources.list.d/home:stevenpusser.list referenced http://download.opensuse.org/repositori ... untu_20.04
which doesn't contain Palemoon v29 files.

However, https://download.opensuse.org/repositor ... untu_20.04 does contain them. So I edited /etc/apt/sources.list.d/home:stevenpusser.list to reference the latter, but still no joy with Update Manager.

The 'Packages' file on https://download.opensuse.org/repositor ... untu_20.04 contains:
Package: palemoon
Version: 28.17.0-1
Architecture: amd64

Just guessing, but could that be the problem?

User avatar
juliosoft
New to the forum
New to the forum
Posts: 2
Joined: 2021-02-02, 11:19

Re: Invalid signatures

Post by juliosoft » 2021-02-03, 11:02

Pentium4User wrote:
2021-02-03, 05:20
Found a solution.
New key is available

Delete old key

Code: Select all

sudo apt-key del "F961 1EC6 ADCF DD30 3362  217A 0FAD 31CA 8719 FCE4"
Install new key

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_20.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
Then it should work fine (works on my Ubuntu machine).
I did this:
sudo apt-key del "F961 1EC6 ADCF DD30 3362 217A 0FAD 31CA 8719 FCE4"

And after that I did

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_20.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg >

I used Synaptic to find palemoon package but it only showed palemoon arm64.

I did all this process again:

echo 'deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_10/ /' | sudo tee /etc/apt/sources.list.d/home:stevenpusser.list
curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/Debian_10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
sudo apt update
sudo apt install palemoon

And palemoon installed correctly. And it is shown in synaptic.

So It is solved. Thanks.

User avatar
Pentium4User
Astronaut
Astronaut
Posts: 617
Joined: 2019-04-24, 09:38

Re: Invalid signatures

Post by Pentium4User » 2021-02-03, 12:10

It worked at my side, I updated 2 computers via the repo today, both amd64.
Please try again, maybe the author made changes to the repo.
Powerline adapters (dLAN) hardly interfere shortwave radio, so stop using them.

Yes, I still use a 64 bit capable Pentium 4 670 processor with Pale Moon.

User avatar
alerce
Newbie
Newbie
Posts: 5
Joined: 2021-02-02, 07:28

Re: Invalid signatures

Post by alerce » 2021-02-03, 13:34

This worked for Debian 10:

I saved profile .moonchild productions

sudo apt remove palemoon

I deleted /etc/apt/sources.list.d/home:stevenpusser

sudo apt-key del "F961 1EC6 ADCF DD30 3362 217A 0FAD 31CA 8719 FCE4"

echo 'deb http://download.opensuse.org/repositori ... Debian_10/ /' | sudo tee /etc/apt/sources.list.d/home:stevenpusser.list

curl -fsSL https://download.opensuse.org/repositor ... elease.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null

sudo apt update

sudo apt install palemoon

Thanks for help!

User avatar
Pentium4User
Astronaut
Astronaut
Posts: 617
Joined: 2019-04-24, 09:38

Re: Invalid signatures

Post by Pentium4User » 2021-02-03, 15:24

You don't need to backup you profile, apt does not remove the user's PM profile when using --purge, if you only use remove it doesn't remove any configuration files.

You also don't need to remove the repo itself from you system.

Deleting the old key and importing the new one should be enough.
Powerline adapters (dLAN) hardly interfere shortwave radio, so stop using them.

Yes, I still use a 64 bit capable Pentium 4 670 processor with Pale Moon.

User avatar
alerce
Newbie
Newbie
Posts: 5
Joined: 2021-02-02, 07:28

Re: Invalid signatures

Post by alerce » 2021-02-03, 15:48

You're right. Thanks for explanation. But I wanted a fresh installation to play safe.

Ez-waker
Hobby Astronomer
Hobby Astronomer
Posts: 20
Joined: 2017-01-12, 23:20

Re: Invalid signatures

Post by Ez-waker » 2021-02-03, 18:42

Pentium4User wrote:
2021-02-03, 05:20
Found a solution.
New key is available

Delete old key

Code: Select all

sudo apt-key del "F961 1EC6 ADCF DD30 3362  217A 0FAD 31CA 8719 FCE4"
Install new key

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_20.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
Then it should work fine (works on my Ubuntu machine).
Tried this, but for Ubuntu 16.04 using

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_16.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
since I am on Mint 18.3. No success.

I also just tried removing and reinstalling the repo. No success.

Here is my error message when I refresh update manager:

Code: Select all

An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_16.04  InRelease: The following signatures were invalid: KEYEXPIRED 1612202234Failed to fetch http://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_16.04/InRelease  The following signatures were invalid: KEYEXPIRED 1612202234Some index files failed to download. They have been ignored, or old ones used instead.
Seems like there should be a way to fix this without purging my PM installation. Any help would be greatly appreciated.

User avatar
stevepusser
Project Contributor
Project Contributor
Posts: 713
Joined: 2015-08-01, 18:33
Location: California

Re: Invalid signatures

Post by stevepusser » 2021-02-03, 18:56

Python54 wrote:
2021-02-03, 09:48
I've downloaded the new key so I'm not getting the invalid signatures error any more. However, Update Manager is not finding Palemoon v29 update.

I notice my file /etc/apt/sources.list.d/home:stevenpusser.list referenced http://download.opensuse.org/repositori ... untu_20.04
which doesn't contain Palemoon v29 files.

However, https://download.opensuse.org/repositor ... untu_20.04 does contain them. So I edited /etc/apt/sources.list.d/home:stevenpusser.list to reference the latter, but still no joy with Update Manager.

The 'Packages' file on https://download.opensuse.org/repositor ... untu_20.04 contains:
Package: palemoon
Version: 28.17.0-1
Architecture: amd64

Just guessing, but could that be the problem?
29.0.0 is not building for amd64 for 20.04, for reasons I don't really know yet. It builds for ARM 64, armhf (32-bit like on the Pi), and for x86 32-bit systems, and has no issues building on 18.04 and 20.10. Perhaps it's some new problem with gcc-9 on that architecture, AFAIK, that's the only distro now that my PM's building against with that version.

This is going to take time and effort to diagnose. Right now I'm trying a build in an sbuild 20.04 schroot on my laptop to see if that fails.

About gtk2 and gtk3 versions: I know it's possible to do two different builds from the same source, but I'll have to see if I can figure out how it's done in the debian/rules folder. It's pretty much build the gtk2 binary, then switch out the mozconfig and build the gtk3 binary, and then install the two binaries in different package folders, and then install whatever extra files manually instead of relying on PM's install scripts. That also will take time and effort.

User avatar
stevepusser
Project Contributor
Project Contributor
Posts: 713
Joined: 2015-08-01, 18:33
Location: California

Re: Invalid signatures

Post by stevepusser » 2021-02-03, 18:59

If you still have the original Release.key file sitting in the same place as you try and download a new one, curl will give it a different name. Always run "rm -f Release.key" before downloading a new one.

If that doesn't work, please give us the terminal output of the repo setup commands.

Post Reply