Issue with Debian package signature
Hi all, I am trying to install spot on Ubuntu 20.04 following instructions from: https://spot.lrde.epita.fr/install.html But apt update complains about the signature: W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://www.lrde.epita.fr/repo/debian stable/ InRelease: The following signatures were invalid: EXPKEYSIG 03D99E7444F2A84A LRDE Repository <admin@lrde.epita.fr> W: Failed to fetch http://www.lrde.epita.fr/repo/debian/stable/InRelease The following signatures were invalid: EXPKEYSIG 03D99E7444F2A84A LRDE Repository <admin@lrde.epita.fr> Could the signature be expired? I can actually install spot from source but Debian packages are useful for preparing artifact submissions. Thanks, Ocan
Ocan Sankur <ocan.sankur@irisa.fr> writes:
http://www.lrde.epita.fr/repo/debian/stable/InRelease The following signatures were invalid: EXPKEYSIG 03D99E7444F2A84A LRDE Repository <admin@lrde.epita.fr>
Could the signature be expired?
Indeed. Thanks for the report, I'll forward it to our admin. % gpg --show-keys /etc/apt/trusted.gpg.d/debian-lrde.gpg pub rsa2048 2017-09-18 [SC] [expired: 2022-09-18] 209B7362CFD6FECFB41D717F03D99E7444F2A84A uid LRDE Repository <admin@lrde.epita.fr> sub rsa2048 2017-09-18 [E] [expired: 2022-09-18]
I can actually install spot from source but Debian packages are useful for preparing artifact submissions.
That's my main use-case as well :-)
Alexandre Duret-Lutz <adl@lrde.epita.fr> writes:
Ocan Sankur <ocan.sankur@irisa.fr> writes:
I can actually install spot from source but Debian packages are useful for preparing artifact submissions.
That's my main use-case as well :-)
As a workaround, I was able to install Spot on ubuntu:20.04 by declaring our repository as trusted and without installing the expired gpg key. % sudo docker run --rm=true -ti ubuntu:20.04 root@30ad600e6df0:/# echo 'deb [trusted=true] http://www.lrde.epita.fr/repo/debian/ stable/' >> /etc/apt/sources.list root@30ad600e6df0:/# apt-get update [...] W: GPG error: http://www.lrde.epita.fr/repo/debian stable/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 03D99E7444F2A84A root@30ad600e6df0:/# apt-get install spot python3-spot [...]
Alexandre Duret-Lutz <adl@lrde.epita.fr> writes:
Alexandre Duret-Lutz <adl@lrde.epita.fr> writes:
Ocan Sankur <ocan.sankur@irisa.fr> writes:
I can actually install spot from source but Debian packages are useful for preparing artifact submissions.
That's my main use-case as well :-)
As a workaround, I was able to install Spot on ubuntu:20.04 by declaring our repository as trusted and without installing the expired gpg key.
If you redownload the key from https://www.lrde.epita.fr/repo/debian.gpg that should be fixed know. The fingerprint hasn't changed.
Thanks a lot! Ocan On 06/10/2022 22:50, Alexandre Duret-Lutz wrote:
Alexandre Duret-Lutz <adl@lrde.epita.fr> writes:
Ocan Sankur <ocan.sankur@irisa.fr> writes:
I can actually install spot from source but Debian packages are useful for preparing artifact submissions. That's my main use-case as well :-) As a workaround, I was able to install Spot on ubuntu:20.04 by declaring our repository as trusted and without installing the expired gpg key. If you redownload the key from https://www.lrde.epita.fr/repo/debian.gpg
Alexandre Duret-Lutz <adl@lrde.epita.fr> writes: that should be fixed know. The fingerprint hasn't changed.
participants (2)
-
Alexandre Duret-Lutz -
Ocan Sankur