4 Oct
2022
4 Oct
'22
5:13 p.m.
Hi all,
I am trying to install spot on Ubuntu 20.04 following instructions from:
https://spot.lrde.epita.fr/install.html
But apt update complains about the signature:
W: An error occurred during the signature verification. The repository
is not updated and the previous index files will be used. GPG error:
http://www.lrde.epita.fr/repo/debian stable/ InRelease: The following
signatures were invalid: EXPKEYSIG 03D99E7444F2A84A LRDE Repository
<admin(a)lrde.epita.fr>
W: Failed to fetch
http://www.lrde.epita.fr/repo/debian/stable/InRelease The following
signatures were invalid: EXPKEYSIG 03D99E7444F2A84A LRDE Repository
<admin(a)lrde.epita.fr>
Could the signature be expired?
I can actually install spot from source but Debian packages are useful
for preparing artifact submissions.
Thanks,
Ocan
5 Oct
5 Oct
2:06 p.m.
Ocan Sankur <ocan.sankur(a)irisa.fr> writes:
http://www.lrde.epita.fr/repo/debian/stable/InRelease
The following
signatures were invalid: EXPKEYSIG 03D99E7444F2A84A LRDE Repository
<admin(a)lrde.epita.fr>
Could the signature be expired?
Indeed. Thanks for the report, I'll forward it to our admin.
% gpg --show-keys /etc/apt/trusted.gpg.d/debian-lrde.gpg
pub rsa2048 2017-09-18 [SC] [expired: 2022-09-18]
209B7362CFD6FECFB41D717F03D99E7444F2A84A
uid LRDE Repository <admin(a)lrde.epita.fr>
sub rsa2048 2017-09-18 [E] [expired: 2022-09-18]
I can actually install spot from source but Debian
packages are useful
for preparing artifact submissions.
That's my main use-case as well :-)
2:19 p.m.
Alexandre Duret-Lutz <adl(a)lrde.epita.fr> writes:
Ocan Sankur <ocan.sankur(a)irisa.fr> writes:
As a workaround, I was able to install Spot on ubuntu:20.04 by declaring
our repository as trusted and without installing the expired gpg key.
% sudo docker run --rm=true -ti ubuntu:20.04
root@30ad600e6df0:/# echo 'deb [trusted=true] http://www.lrde.epita.fr/repo/debian/
stable/' >> /etc/apt/sources.list
root@30ad600e6df0:/# apt-get update
[...]
W: GPG error: http://www.lrde.epita.fr/repo/debian stable/ InRelease: The following
signatures couldn't be verified because the public key is not available: NO_PUBKEY
03D99E7444F2A84A
root@30ad600e6df0:/# apt-get install spot python3-spot
[...]
I can actually install spot from source but
Debian packages are useful
for preparing artifact submissions.
That's my main use-case as well :-)
6 Oct
6 Oct
10:50 p.m.
Alexandre Duret-Lutz <adl(a)lrde.epita.fr> writes:
Alexandre Duret-Lutz <adl(a)lrde.epita.fr>
writes:
If you redownload the key from
https://www.lrde.epita.fr/repo/debian.gpg
that should be fixed know. The fingerprint hasn't changed.
Ocan Sankur <ocan.sankur(a)irisa.fr> writes:
As a workaround, I was able to install Spot on ubuntu:20.04 by declaring
our repository as trusted and without installing the expired gpg key. I can actually install spot from source but
Debian packages are useful
for preparing artifact submissions.
That's my main use-case as well :-)
7 Oct
7 Oct
9:05 a.m.
Thanks a lot!
Ocan
On 06/10/2022 22:50, Alexandre Duret-Lutz wrote:
Alexandre Duret-Lutz <adl(a)lrde.epita.fr>
writes:
Alexandre Duret-Lutz <adl(a)lrde.epita.fr>
writes:
If you
redownload the key from
https://www.lrde.epita.fr/repo/debian.gpg
that should be fixed know. The fingerprint hasn't changed. Ocan Sankur <ocan.sankur(a)irisa.fr> writes:
As a workaround, I was able to install Spot on ubuntu:20.04 by declaring
our repository as trusted and without installing the expired gpg key. I can actually install spot from source but
Debian packages are useful
for preparing artifact submissions.
That's my main use-case as well :-)
852
days inactive
855
days old
4 comments
2 participants
participants (2)
-
Alexandre Duret-Lutz -
Ocan Sankur