Invalid signatures Topic is solved

[alerce]

Please repair:

Fehl:2 http://download.opensuse.org/repositori ... /Debian_10 InRelease
Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Während der Überprüfung der Signatur trat ein Fehler auf. Das Depot wurde nicht aktualisiert und die vorherigen Indexdateien werden verwendet. GPG-Fehler: http://download.opensuse.org/repositori ... /Debian_10 InRelease: Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Fehlschlag beim Holen von http://download.opensuse.org/repositori ... /InRelease Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Einige Indexdateien konnten nicht heruntergeladen werden. Sie wurden ignoriert oder alte an ihrer Stelle benutzt.

[Pentium4User]

Please run

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/Debian_10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null

and post the output of it.

[Moonchild]

Please post in English only in the main boards.

[juliosoft]

Please run

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/Debian_10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null

and post the output of it.

I have the same issue that alerce have.
Get:6 http://download.opensuse.org/repositori ... /Debian_10 InRelease [1,547 B]
Err:6 http://download.opensuse.org/repositori ... /Debian_10 InRelease
The following signatures were invalid: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
Reading package lists... Done
W: GPG error: http://download.opensuse.org/repositori ... /Debian_10 InRelease: The following signatures were invalid: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
E: The repository 'http://download.opensuse.org/repositori ... /Debian_10 InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

I did it what you say in terminal, but I didnt get any output.

[Pentium4User]

The Key provided in the repo is expired:

Code: Select all

/etc/apt/trusted.gpg.d/home_stevenpusser.gpg
--------------------------------------------
pub   rsa2048 2016-09-28 [SC] [verfallen (expired): 2021-02-01]
      F961 1EC6 ADCF DD30 3362  217A 0FAD 31CA 8719 FCE4
uid        [ verfallen (expired)] home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>

Confirmed.
I've added it via the command in the instructions, they key provided there expired today (1st February 2021).
They need to provide a new key.

Tested with the Key for Ubuntu 20.10 an Debian 10.

[alerce]

@juliosoft "I did it what you say in terminal, but I didnt get any output."
The same here.

[stevenpusser]

Can you try again? It looks like the keys were just updated: https://download.opensuse.org/repositor ... mirrorlist

[jobbautista9]

It works now, thanks steve!

Off-topic:
Btw, are your builds in gtk2 or gtk3? I haven't upgraded my browser yet.

[New Tobin Paradigm]

As I have often said the past year it is the position of the Project that system packagers should favor the GTK version predominate for the target distro. However, Steve has been doing this before such a directive was decided upon. My guess is until he says different whatever it was yesterday will be what it is today.

But it is our wish for the directive to be implemented eventually for current package maintainers and done accordingly for any new ones that join the fold.

[Pentium4User]

Found a solution.
New key is available

Delete old key

Code: Select all

sudo apt-key del "F961 1EC6 ADCF DD30 3362  217A 0FAD 31CA 8719 FCE4"

Install new key

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_20.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null

Then it should work fine (works on my Ubuntu machine).

[alerce]

@stevepusser "Can you try again? It looks like the keys were just updated:"

I tried it again, but it still doesn't work:

Fehl:4 http://download.opensuse.org/repositori ... /Debian_10 InRelease
Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Während der Überprüfung der Signatur trat ein Fehler auf. Das Depot wurde nicht aktualisiert und die vorherigen Indexdateien werden verwendet. GPG-Fehler: http://download.opensuse.org/repositori ... /Debian_10 InRelease: Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Fehlschlag beim Holen von http://download.opensuse.org/repositori ... /InRelease Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Einige Indexdateien konnten nicht heruntergeladen werden. Sie wurden ignoriert oder alte an ihrer Stelle benutzt.

[Python54]

I've downloaded the new key so I'm not getting the invalid signatures error any more. However, Update Manager is not finding Palemoon v29 update.

I notice my file /etc/apt/sources.list.d/home:stevenpusser.list referenced http://download.opensuse.org/repositori ... untu_20.04
which doesn't contain Palemoon v29 files.

However, https://download.opensuse.org/repositor ... untu_20.04 does contain them. So I edited /etc/apt/sources.list.d/home:stevenpusser.list to reference the latter, but still no joy with Update Manager.

The 'Packages' file on https://download.opensuse.org/repositor ... untu_20.04 contains:
Package: palemoon
Version: 28.17.0-1
Architecture: amd64

Just guessing, but could that be the problem?

[juliosoft]

Found a solution.
New key is available

Delete old key

Code: Select all

sudo apt-key del "F961 1EC6 ADCF DD30 3362  217A 0FAD 31CA 8719 FCE4"

Install new key

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_20.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null

Then it should work fine (works on my Ubuntu machine).

I did this:
sudo apt-key del "F961 1EC6 ADCF DD30 3362 217A 0FAD 31CA 8719 FCE4"

And after that I did

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_20.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg >

I used Synaptic to find palemoon package but it only showed palemoon arm64.

I did all this process again:

echo 'deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_10/ /' | sudo tee /etc/apt/sources.list.d/home:stevenpusser.list
curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/Debian_10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
sudo apt update
sudo apt install palemoon

And palemoon installed correctly. And it is shown in synaptic.

So It is solved. Thanks.

[Pentium4User]

It worked at my side, I updated 2 computers via the repo today, both amd64.
Please try again, maybe the author made changes to the repo.

[alerce]

This worked for Debian 10:

I saved profile .moonchild productions

sudo apt remove palemoon

I deleted /etc/apt/sources.list.d/home:stevenpusser

sudo apt-key del "F961 1EC6 ADCF DD30 3362 217A 0FAD 31CA 8719 FCE4"

echo 'deb http://download.opensuse.org/repositori ... Debian_10/ /' | sudo tee /etc/apt/sources.list.d/home:stevenpusser.list

curl -fsSL https://download.opensuse.org/repositor ... elease.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null

sudo apt update

sudo apt install palemoon

Thanks for help!

[Pentium4User]

You don't need to backup you profile, apt does not remove the user's PM profile when using --purge, if you only use remove it doesn't remove any configuration files.

You also don't need to remove the repo itself from you system.

Deleting the old key and importing the new one should be enough.

[alerce]

You're right. Thanks for explanation. But I wanted a fresh installation to play safe.

[Ez-waker]

Found a solution.
New key is available

Delete old key

Code: Select all

sudo apt-key del "F961 1EC6 ADCF DD30 3362  217A 0FAD 31CA 8719 FCE4"

Install new key

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_20.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null

Then it should work fine (works on my Ubuntu machine).

Tried this, but for Ubuntu 16.04 using

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_16.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null

since I am on Mint 18.3. No success.

I also just tried removing and reinstalling the repo. No success.

Here is my error message when I refresh update manager:

Code: Select all

An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_16.04  InRelease: The following signatures were invalid: KEYEXPIRED 1612202234Failed to fetch http://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_16.04/InRelease  The following signatures were invalid: KEYEXPIRED 1612202234Some index files failed to download. They have been ignored, or old ones used instead.

Seems like there should be a way to fix this without purging my PM installation. Any help would be greatly appreciated.

[stevenpusser]

I've downloaded the new key so I'm not getting the invalid signatures error any more. However, Update Manager is not finding Palemoon v29 update.

I notice my file /etc/apt/sources.list.d/home:stevenpusser.list referenced http://download.opensuse.org/repositori ... untu_20.04
which doesn't contain Palemoon v29 files.

However, https://download.opensuse.org/repositor ... untu_20.04 does contain them. So I edited /etc/apt/sources.list.d/home:stevenpusser.list to reference the latter, but still no joy with Update Manager.

The 'Packages' file on https://download.opensuse.org/repositor ... untu_20.04 contains:
Package: palemoon
Version: 28.17.0-1
Architecture: amd64

Just guessing, but could that be the problem?

29.0.0 is not building for amd64 for 20.04, for reasons I don't really know yet. It builds for ARM 64, armhf (32-bit like on the Pi), and for x86 32-bit systems, and has no issues building on 18.04 and 20.10. Perhaps it's some new problem with gcc-9 on that architecture, AFAIK, that's the only distro now that my PM's building against with that version.

This is going to take time and effort to diagnose. Right now I'm trying a build in an sbuild 20.04 schroot on my laptop to see if that fails.

About gtk2 and gtk3 versions: I know it's possible to do two different builds from the same source, but I'll have to see if I can figure out how it's done in the debian/rules folder. It's pretty much build the gtk2 binary, then switch out the mozconfig and build the gtk3 binary, and then install the two binaries in different package folders, and then install whatever extra files manually instead of relying on PM's install scripts. That also will take time and effort.

[stevenpusser]

If you still have the original Release.key file sitting in the same place as you try and download a new one, curl will give it a different name. Always run "rm -f Release.key" before downloading a new one.

If that doesn't work, please give us the terminal output of the repo setup commands.