Ошибка gpg keyexpired

None of these worked for me:

$ sudo apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 5072E1F5

or

$ sudo apt-key adv --keyserver pgp.mit.edu --recv-keys 5072E1F5

or

$ sudo apt-key adv --keyserver pgp.mit.edu --recv-keys A4A9406876FCBD3C456770C88C718D3B5072E1F5

The sources for those are:
https://bugs.mysql.com/bug.php?id=85029 and https://bugs.mysql.com/bug.php?id=94378

I performed one suspect operation in desperation (saying ‘y’ instead of ‘N’ below) which I think wasn’t required at all:

$ sudo apt-get install mysql-apt-config

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be upgraded:
  mysql-apt-config
1 upgraded, 0 newly installed, 0 to remove and 294 not upgraded.
Need to get 35.6 kB of archives.
After this operation, 0 B of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  mysql-apt-config
Install these packages without verification? [y/N] y
Get:1 http://repo.mysql.com/apt/ubuntu/ trusty/mysql-apt-config mysql-apt-config all 0.8.13-1 [35.6 kB]
Fetched 35.6 kB in 0s (229 kB/s)      
Preconfiguring packages ...
dpkg-deb: error: archive '/var/cache/apt/archives/mysql-apt-config_0.8.13-1_all.deb' has premature member 'control.tar.xz' before 'contro
l.tar.gz', giving up
dpkg: error processing archive /var/cache/apt/archives/mysql-apt-config_0.8.13-1_all.deb (--unpack):
 subprocess dpkg-deb --control returned error exit status 2
Errors were encountered while processing:
 /var/cache/apt/archives/mysql-apt-config_0.8.13-1_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

And followed it with:

$ sudo apt-get update

which did not help.

I still got the same error.

Finally, the following worked: 

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 5072E1F5

I’m speculating (blindly) that maybe pgp.mit.edu has changed their structure or maybe «MySQL Release Engineering» (run apt-key list) has moved their keys to the ubuntu key server or some such thing (I have no idea of how keys are maintained).

This comment on the duplicate thread says the same thing.

Hope this saves someone some time and effort.

Источник

Sep 29, 2016 22:36
· 310 words
· 2 minute read

ubuntu


Обновление программного обеспечения и управление пакетами в Debian-based операционных системах обычно не вызывает вопросов, однако вы можете столкнуться с сообщением KEYEXPIRED. Давайте разберемся, как обновить просроченные ключи!

Симптомы примерно следующие:

apt-get update
Hit http://packages.dotdeb.org jessie InRelease
Ign http://ftp.debian.org jessie InRelease
Hit http://security.debian.org jessie/updates InRelease
Ign http://nginx.org jessie InRelease
Get:1 http://nginx.org jessie Release.gpg [287 B]
Hit http://ftp.debian.org jessie Release.gpg
Get:2 http://nginx.org jessie Release [2,331 B]
Hit http://ftp.debian.org jessie Release
Get:3 http://packages.dotdeb.org jessie/all amd64 Packages [86.5 kB]
Err http://nginx.org jessie Release

Hit http://security.debian.org jessie/updates/main amd64 Packages
Hit http://security.debian.org jessie/updates/main Translation-en
Ign http://packages.dotdeb.org jessie/all Translation-en_US
Ign http://packages.dotdeb.org jessie/all Translation-en
Hit http://ftp.debian.org jessie/main amd64 Packages
Hit http://ftp.debian.org jessie/main Translation-en
Fetched 89.1 kB in 1s (67.2 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://nginx.org jessie Release: The following signatures were invalid: KEYEXPIRED 1471427554

W: Failed to fetch http://nginx.org/packages/mainline/debian/dists/jessie/Release

W: Some index files failed to download. They have been ignored, or old ones used instead.

Как видим, устарел ключ для репозитория nginx — нужно его обновить. Проверить все имеющиеся ключи в системе можно командой:

apt-key list
...

pub   2048R/7BD9BF62 2011-08-19 [expired: 2016-08-17]
uid                  nginx signing key < signing-key@nginx.com >

...

Вывести только просроченные ключи:

apt-key list | grep expired:
pub   2048R/7BD9BF62 2011-08-19 [expired: 2016-08-17]

Теперь обновим ключ, полученный на предыдущем этапе:

apt-key adv --recv-keys --keyserver keys.gnupg.net 7BD9BF62
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.Y4AY2GAbZO --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --recv-keys --keyserver keys.gnupg.net 7BD9BF62
gpg: requesting key 7BD9BF62 from hkp server keys.gnupg.net
gpg: key 7BD9BF62: "nginx signing key < signing-key@nginx.com >" 6 new signatures
gpg: Total number processed: 1
gpg:         new signatures: 6

Теперь можно вернуться к обновлению пакетов в системе — ошибка должна исчезнуть:

apt-get update && apt-get upgrade

tweet

Share

Источник

I’ve got the problem, that the «apt-get update» produced a KEYEXPIRED 1587841717 error:

# apt-get update
...
W: GPG error: http://archive.debian.org jessie Release: The following signatures were invalid: KEYEXPIRED 1587841717

Here my sources.list:

# cat /etc/apt/sources.list.d/sources.list
deb http://http.debian.net/debian jessie main
deb http://http.debian.net/debian jessie contrib
deb http://archive.debian.org/debian jessie main
deb http://archive.debian.org/debian jessie contrib

Here the expired keys found by apt-key (it seems that the key 46925553 expired on 2020-04-25):

apt-key list | grep expired -A1
pub   4096R/46925553 2012-04-27 [expired: 2020-04-25]
uid                  Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
--
pub   4096R/65FFB764 2012-05-08 [expired: 2019-05-07]
uid                  Wheezy Stable Release Key <debian-release@lists.debian.org>
--
pub   4096R/B98321F9 2010-08-07 [expired: 2017-08-05]
uid                  Squeeze Stable Release Key <debian-release@lists.debian.org>
--
pub   4096R/473041FA 2010-08-27 [expired: 2018-03-05]
uid                  Debian Archive Automatic Signing Key (6.0/squeeze) <ftpmaster@debian.org>
--
pub   4096R/65FFB764 2012-05-08 [expired: 2019-05-07]
uid                  Wheezy Stable Release Key <debian-release@lists.debian.org>
--
pub   4096R/46925553 2012-04-27 [expired: 2020-04-25]
uid                  Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>

Now i tried to renew the keys:

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 46925553
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 65FFB764
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys B98321F9
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 473041FA

But the keys are not changed:

# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 46925553
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.Ue8AFETZOi --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian.gpg --keyring /etc/apt/trusted.gpg.d/php.gpg --keyring /etc/apt/trusted.gpg.d/turnkey.gpg --keyring /etc/apt/trusted.gpg.d/ubuntuzilla.firefox.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 46925553
gpg: requesting key 46925553 from hkp server keyserver.ubuntu.com
gpg: key 46925553: "Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

A new «apt-get update» get the same error like above.

Can anybody help to solve the problem?

Источник

Since 19 november 2022 apt-get update on Debian 8 Jessie gives the follwowing error/warning when running apt-get update:

W: GPG error: http://archive.debian.org jessie Release: 
The following signatures were invalid: KEYEXPIRED 1587841717

The contents of my /etc/apt/sources.list:

deb http://archive.debian.org/debian/ jessie main contrib non-free
deb http://deb.freexian.com/extended-lts jessie-lts main contrib non-free

The expired keys:
apt-key list

/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
pub   4096R/2B90D010 2014-11-21 [expired: 2022-11-19]
uid   Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
pub   4096R/C857C906 2014-11-21 [expired: 2022-11-19]
uid   Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

I have the debian-archive-keyring package installed.

I tried to update the keys, using:

gpg --keyserver keyring.debian.org --recv-key 2B90D010
gpg --keyserver keyring.debian.org --recv-key C857C906

But these keys do not seem to be known on keyring.debian.org:

gpg: requesting key 2B90D010 from hkp server keyring.debian.org
gpgkeys: key 2B90D010 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

gpg: requesting key C857C906 from hkp server keyring.debian.org
gpgkeys: key C857C906 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0`

So I suppose my questions are:

All keys on the archive.debian.org site are expired.

  1. Am I trying to update the keys against the correct keyserver (keyring.debian.org)?
  2. If that is not the issue, then will somebody at Debian fix this (update and publish keys)?
  3. If no, then is there a way to get rid of the warnings when apt-get update and apt-get install are run?
Источник

While updating my packages on a debian based system by a 

sudo apt-get update

I’ve got that error message :

Reading package lists... Done
W: GPG error: ftp://ftp.fr.debian.org stable/non-US Release: 
The following signatures were invalid: KEYEXPIRED 1138684904

What should I do to fix this ?

Zoredache's user avatar

Zoredache

130k41 gold badges275 silver badges417 bronze badges

asked May 11, 2009 at 19:58

paulgreg's user avatar

To find any expired repository keys and their IDs, use apt-key as follows:

LANG=C apt-key list | grep expired

You will get a result similar to the following:

pub   4096R/BE1DB1F1 2011-03-29 [expired: 2014-03-28]

The key ID is the bit after the / i.e. BE1DB1F1 in this case.

To update the key, run

sudo apt-key adv --recv-keys --keyserver YOUR_GPGKEY_HOST_DOMAIN BE1DB1F1

Note:

  • Updating the key will obviously not work if the package maintainer has not (yet) uploaded a new key. In that case there is little you can do other than contacting the maintainer, filing a bug against your distribution etc.
  • YOUR_GPGKEY_HOST_DOMAIN indicates domain name of any available GPG key server, such as
    • keyserver.ubuntu.com
    • keys.openpgp.org
    • pgp.mit.edu
  • (update 2023.2.22) The SKS key server keys.gnupg.net is deprecated and gone.

One liner to update all expired keys: (thanks to @ryanpcmcquen)

for K in $(apt-key list | grep expired | cut -d'/' -f2 | cut -d' ' -f1); do sudo apt-key adv --recv-keys --keyserver keys.gnupg.net $K; done

Ham's user avatar

answered Jul 24, 2014 at 23:44

kynan's user avatar

kynankynan

1,7451 gold badge11 silver badges8 bronze badges

12

You need to get the newer key and add it, at which point apt will detect it and not complain. This shouldn’t normally happen, but it sometimes does. What you really need is to know the hex code of the key you need to add; once you have that, it’s pretty much downhill from there.

Some examples:

  • adding keys for backports: the first few lines are what you’re after, although you’ll need to have the key it wants.

  • adding keys ala Ubuntu

answered May 11, 2009 at 20:09

Avery Payne's user avatar

Avery PayneAvery Payne

14.5k1 gold badge51 silver badges88 bronze badges

It might also happen when the date is not correct.

Check the date with

date

If it’s misconfigured, do the following to set your timezone and date auto synchronization.

apt-get install ntp ntpdate && service ntp stop
dpkg-reconfigure tzdata
ntpdate-debian
service ntp start

answered Mar 24, 2016 at 14:43

Aley's user avatar

AleyAley

2092 gold badges4 silver badges16 bronze badges

On the Debian Wiki about SecureAPT, I’ve found that I should remove the line containing non-us from /etc/apt/sources.list.

I actually did that and it worked.

answered May 12, 2009 at 20:12

paulgreg's user avatar

paulgregpaulgreg

4,1346 gold badges33 silver badges32 bronze badges

1

I had similar error, but problem was in system time. The year was 1961 :)

I corrected system date/time and after that could update without a pro

answered Apr 3, 2013 at 16:25

Svenv's user avatar

SvenvSvenv

1711 silver badge5 bronze badges

One highly unlikely, but occasionally possible, cause for this error is if having added the same key twice with different expiry dates. You would likely know having done so for this answer to be relevant to you.

This can happen, as it did for me, when hosting your own repository with your own keys. If you, when the key is about to expire, simply extend its lifetime rather than change it, and if you installed the original key using preseeding but the updated key using a deb package, then the old key will be in /etc/apt/trusted.gpg, while the new one ends up as a separate file under /etc/apt/trusted.gpg.d/. The old key will shadow the new one, which will be completely ignored by apt-key. Remove the old key by running gpg --keyring /etc/apt/trusted.gpg --delete-keys <keyid>, and your new key will become detected.

This is a bit of a non-standard corner configuration, but I hope my answer can save some confusion in case anyone else encounters this issue due to the same reason as I did.

answered Jan 11, 2018 at 20:45

sampi's user avatar

sampisampi

1585 bronze badges

A more simple oneliner:

for key in $(sudo apt-key list | awk -v FS='[ /:]+' '/expire[sd]/ {print $3}'); do sudo apt-key adv --recv-keys --keyserver keys.gnupg.net $key; done

I just feel that if you are doing things like using cut more than once, there is a better tool. (Also, I created this based on a different question.)

answered Apr 24, 2018 at 18:37

Bruno Bronosky's user avatar

Bruno BronoskyBruno Bronosky

4,4993 gold badges26 silver badges33 bronze badges

You don’t have to do anything. It is just a warning, you can see that from the W: prefix.

answered Jun 3, 2015 at 11:53

Michael Franzl's user avatar

1

Источник

Понравилась статья? Поделить с друзьями:
  • Ошибка gpg astra linux
  • Ошибка google services framework на xiaomi
  • Ошибка google reg id
  • Ошибка google recaptcha что это значит
  • Ошибка google recaptcha на iherb