Steve's GPG signature for Ubuntu Repository invalid... again... ?!

For contributed third party builds not necessarily configured like the main product.
e.g. AVX builds, SSE builds, Pandora builds.
nero355
Apollo supporter
Apollo supporter
Posts: 37
Joined: 2018-01-15, 18:20

Steve's GPG signature for Ubuntu Repository invalid... again... ?!

Unread post by nero355 » 2023-04-01, 17:47

This has happened before : viewtopic.php?f=40&t=26115&p=208103#p208103

Now I could fix this, but what worries me is why this keeps happening every time ?!
How can I or perhaps Steve prevent this from happening ??

User avatar
seriousness
Hobby Astronomer
Hobby Astronomer
Posts: 23
Joined: 2021-05-15, 11:44

Re: Steve's GPG signature for Ubuntu Repository invalid... again... ?!

Unread post by seriousness » 2023-04-01, 20:30

I also get this when doing 'apt update':

Code: Select all

W: Während der Überprüfung der Signatur trat ein Fehler auf. Das Depot wurde nicht aktualisiert und die vorherigen Indexdateien werden verwendet. GPG-Fehler: http://download.opensuse.org/repositories/home:/stevenpusser:/palemoon-GTK3/xUbuntu_22.04  InRelease: Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Fehlschlag beim Holen von http://download.opensuse.org/repositories/home:/stevenpusser:/palemoon-GTK3/xUbuntu_22.04/InRelease Die folgenden Signaturen waren ungültig: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>
W: Einige Indexdateien konnten nicht heruntergeladen werden. Sie wurden ignoriert oder alte an ihrer Stelle benutzt.

User avatar
seriousness
Hobby Astronomer
Hobby Astronomer
Posts: 23
Joined: 2021-05-15, 11:44

Re: Steve's GPG signature for Ubuntu Repository invalid... again... ?!

Unread post by seriousness » 2023-04-02, 08:12

Yep, renewing the key file fixed it.

When I tried to do this as in the thread nero355 linked, 'apt-key list' gives a warning:

Code: Select all

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
I renamed the old key file to 'home_stevenpusser_palemoon-GTK3.gpg.bak' and it worked.

BenFenner
Astronaut
Astronaut
Posts: 588
Joined: 2015-06-01, 12:52
Location: US Southeast

Re: Steve's GPG signature for Ubuntu Repository invalid... again... ?!

Unread post by BenFenner » 2023-04-03, 13:35

I was about to post about this in another thread.
I'm running into this as well.

Code: Select all

An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_22.04  InRelease: The following signatures were invalid: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>Failed to fetch http://download.opensuse.org/repositories/home:/stevenpusser/xUbuntu_22.04/InRelease  The following signatures were invalid: EXPKEYSIG 0FAD31CA8719FCE4 home:stevenpusser OBS Project <home:stevenpusser@build.opensuse.org>Some index files failed to download. They have been ignored, or old ones used instead.
I'll see if I can apply the changes suggested above.

Edit:
I think I fixed things by following the advice to delete the current key described in this post: viewtopic.php?f=40&t=26115&p=208103#p207876
Then running these two commands:

Code: Select all

curl -fsSL https://download.opensuse.org/repositories/home:stevenpusser/xUbuntu_22.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_stevenpusser.gpg > /dev/null
sudo apt update

Locked