Page 1 of 3
Invalid signatures
Posted: 2021-02-02, 07:32
by alerce
Please repair:
Fehl:2
http://download.opensuse.org/repositori ... /Debian_10 InRelease
Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:
stevenpusser@build.opensuse.org>
W: Während der Überprüfung der Signatur trat ein Fehler auf. Das Depot wurde nicht aktualisiert und die vorherigen Indexdateien werden verwendet. GPG-Fehler:
http://download.opensuse.org/repositori ... /Debian_10 InRelease: Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:
stevenpusser@build.opensuse.org>
W: Fehlschlag beim Holen von
http://download.opensuse.org/repositori ... /InRelease Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:
stevenpusser@build.opensuse.org>
W: Einige Indexdateien konnten nicht heruntergeladen werden. Sie wurden ignoriert oder alte an ihrer Stelle benutzt.
Re: Invalid signatures
Posted: 2021-02-02, 11:11
by Pentium4User
Please run
Code: Select all
curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/Debian_10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
and post the output of it.
Re: Invalid signatures
Posted: 2021-02-02, 11:12
by Moonchild
Please post in English only in the main boards.
Re: Invalid signatures
Posted: 2021-02-02, 11:44
by juliosoft
Pentium4User wrote: ↑2021-02-02, 11:11
Please run
Code: Select all
curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/Debian_10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
and post the output of it.
I have the same issue that alerce have.
Get:6
http://download.opensuse.org/repositori ... /Debian_10 InRelease [1,547 B]
Err:6
http://download.opensuse.org/repositori ... /Debian_10 InRelease
The following signatures were invalid: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:
stevenpusser@build.opensuse.org>
Reading package lists... Done
W: GPG error:
http://download.opensuse.org/repositori ... /Debian_10 InRelease: The following signatures were invalid: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:
stevenpusser@build.opensuse.org>
E: The repository '
http://download.opensuse.org/repositori ... /Debian_10 InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
I did it what you say in terminal, but I didnt get any output.
Re: Invalid signatures
Posted: 2021-02-02, 12:10
by Pentium4User
The Key provided in the repo is expired:
Code: Select all
/etc/apt/trusted.gpg.d/home_stevenpusser.gpg
--------------------------------------------
pub rsa2048 2016-09-28 [SC] [verfallen (expired): 2021-02-01]
F961 1EC6 ADCF DD30 3362 217A 0FAD 31CA 8719 FCE4
uid [ verfallen (expired)] home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
Confirmed.
I've added it via the command in the instructions, they key provided there expired today (1st February 2021).
They need to provide a new key.
Tested with the Key for Ubuntu 20.10 an Debian 10.
Re: Invalid signatures
Posted: 2021-02-02, 16:13
by alerce
@juliosoft "I did it what you say in terminal, but I didnt get any output."
The same here.
Re: Invalid signatures
Posted: 2021-02-03, 00:58
by stevenpusser
Can you try again? It looks like the keys were just updated:
https://download.opensuse.org/repositor ... mirrorlist
Re: Invalid signatures
Posted: 2021-02-03, 03:16
by jobbautista9
It works now, thanks steve!
Off-topic:
Btw, are your builds in gtk2 or gtk3? I haven't upgraded my browser yet.
Re: Invalid signatures
Posted: 2021-02-03, 04:00
by New Tobin Paradigm
As I have often said the past year it is the position of the Project that system packagers should favor the GTK version predominate for the target distro. However, Steve has been doing this before such a directive was decided upon. My guess is until he says different whatever it was yesterday will be what it is today.
But it is our wish for the directive to be implemented eventually for current package maintainers and done accordingly for any new ones that join the fold.
Re: Invalid signatures
Posted: 2021-02-03, 05:20
by Pentium4User
Found a solution.
New key is available
Delete old key
Code: Select all
sudo apt-key del "F961 1EC6 ADCF DD30 3362 217A 0FAD 31CA 8719 FCE4"
Install new key
Code: Select all
curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_20.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
Then it should work fine (works on my Ubuntu machine).
Re: Invalid signatures
Posted: 2021-02-03, 08:57
by alerce
@stevepusser "Can you try again? It looks like the keys were just updated:"
I tried it again, but it still doesn't work:
Fehl:4
http://download.opensuse.org/repositori ... /Debian_10 InRelease
Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:
stevenpusser@build.opensuse.org>
W: Während der Überprüfung der Signatur trat ein Fehler auf. Das Depot wurde nicht aktualisiert und die vorherigen Indexdateien werden verwendet. GPG-Fehler:
http://download.opensuse.org/repositori ... /Debian_10 InRelease: Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:
stevenpusser@build.opensuse.org>
W: Fehlschlag beim Holen von
http://download.opensuse.org/repositori ... /InRelease Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:
stevenpusser@build.opensuse.org>
W: Einige Indexdateien konnten nicht heruntergeladen werden. Sie wurden ignoriert oder alte an ihrer Stelle benutzt.
Re: Invalid signatures
Posted: 2021-02-03, 09:48
by Python54
I've downloaded the new key so I'm not getting the invalid signatures error any more. However, Update Manager is not finding Palemoon v29 update.
I notice my file /etc/apt/sources.list.d/home:stevenpusser.list referenced
http://download.opensuse.org/repositori ... untu_20.04
which doesn't contain Palemoon v29 files.
However,
https://download.opensuse.org/repositor ... untu_20.04 does contain them. So I edited /etc/apt/sources.list.d/home:stevenpusser.list to reference the latter, but still no joy with Update Manager.
The 'Packages' file on
https://download.opensuse.org/repositor ... untu_20.04 contains:
Package: palemoon
Version: 28.17.0-1
Architecture: amd64
Just guessing, but could that be the problem?
Re: Invalid signatures
Posted: 2021-02-03, 11:02
by juliosoft
Pentium4User wrote: ↑2021-02-03, 05:20
Found a solution.
New key is available
Delete old key
Code: Select all
sudo apt-key del "F961 1EC6 ADCF DD30 3362 217A 0FAD 31CA 8719 FCE4"
Install new key
Code: Select all
curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_20.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
Then it should work fine (works on my Ubuntu machine).
I did this:
sudo apt-key del "F961 1EC6 ADCF DD30 3362 217A 0FAD 31CA 8719 FCE4"
And after that I did
curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_20.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg >
I used Synaptic to find palemoon package but it only showed palemoon arm64.
I did all this process again:
echo 'deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_10/ /' | sudo tee /etc/apt/sources.list.d/home:stevenpusser.list
curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/Debian_10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
sudo apt update
sudo apt install palemoon
And palemoon installed correctly. And it is shown in synaptic.
So It is solved. Thanks.
Re: Invalid signatures
Posted: 2021-02-03, 12:10
by Pentium4User
It worked at my side, I updated 2 computers via the repo today, both amd64.
Please try again, maybe the author made changes to the repo.
Re: Invalid signatures
Posted: 2021-02-03, 13:34
by alerce
This worked for Debian 10:
I saved profile .moonchild productions
sudo apt remove palemoon
I deleted /etc/apt/sources.list.d/home:stevenpusser
sudo apt-key del "F961 1EC6 ADCF DD30 3362 217A 0FAD 31CA 8719 FCE4"
echo 'deb
http://download.opensuse.org/repositori ... Debian_10/ /' | sudo tee /etc/apt/sources.list.d/home:stevenpusser.list
curl -fsSL
https://download.opensuse.org/repositor ... elease.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
sudo apt update
sudo apt install palemoon
Thanks for help!
Re: Invalid signatures
Posted: 2021-02-03, 15:24
by Pentium4User
You don't need to backup you profile, apt does not remove the user's PM profile when using --purge, if you only use remove it doesn't remove any configuration files.
You also don't need to remove the repo itself from you system.
Deleting the old key and importing the new one should be enough.
Re: Invalid signatures
Posted: 2021-02-03, 15:48
by alerce
You're right. Thanks for explanation. But I wanted a fresh installation to play safe.
Re: Invalid signatures
Posted: 2021-02-03, 18:42
by Ez-waker
Pentium4User wrote: ↑2021-02-03, 05:20
Found a solution.
New key is available
Delete old key
Code: Select all
sudo apt-key del "F961 1EC6 ADCF DD30 3362 217A 0FAD 31CA 8719 FCE4"
Install new key
Code: Select all
curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_20.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
Then it should work fine (works on my Ubuntu machine).
Tried this, but for Ubuntu 16.04 using
Code: Select all
curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_16.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
since I am on Mint 18.3. No success.
I also just tried removing and reinstalling the repo. No success.
Here is my error message when I refresh update manager:
Code: Select all
An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_16.04 InRelease: The following signatures were invalid: KEYEXPIRED 1612202234Failed to fetch http://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_16.04/InRelease The following signatures were invalid: KEYEXPIRED 1612202234Some index files failed to download. They have been ignored, or old ones used instead.
Seems like there should be a way to fix this without purging my PM installation. Any help would be greatly appreciated.
Re: Invalid signatures
Posted: 2021-02-03, 18:56
by stevenpusser
29.0.0 is not building for amd64 for 20.04, for reasons I don't really know yet. It builds for ARM 64, armhf (32-bit like on the Pi), and for x86 32-bit systems, and has no issues building on 18.04 and 20.10. Perhaps it's some new problem with gcc-9 on that architecture, AFAIK, that's the only distro now that my PM's building against with that version.
This is going to take time and effort to diagnose. Right now I'm trying a build in an sbuild 20.04 schroot on my laptop to see if that fails.
About gtk2 and gtk3 versions: I know it's possible to do two different builds from the same source, but I'll have to see if I can figure out how it's done in the debian/rules folder. It's pretty much build the gtk2 binary, then switch out the mozconfig and build the gtk3 binary, and then install the two binaries in different package folders, and then install whatever extra files manually instead of relying on PM's install scripts. That also will take time and effort.
Re: Invalid signatures
Posted: 2021-02-03, 18:59
by stevenpusser
If you still have the original Release.key file sitting in the same place as you try and download a new one, curl will give it a different name. Always run "rm -f Release.key" before downloading a new one.
If that doesn't work, please give us the terminal output of the repo setup commands.