Hi all,
I am trying to install spot on Ubuntu 20.04 following instructions from: https://spot.lrde.epita.fr/install.html
But apt update complains about the signature:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://www.lrde.epita.fr/repo/debian stable/ InRelease: The following signatures were invalid: EXPKEYSIG 03D99E7444F2A84A LRDE Repository admin@lrde.epita.fr W: Failed to fetch http://www.lrde.epita.fr/repo/debian/stable/InRelease%C2%A0 The following signatures were invalid: EXPKEYSIG 03D99E7444F2A84A LRDE Repository admin@lrde.epita.fr
Could the signature be expired?
I can actually install spot from source but Debian packages are useful for preparing artifact submissions.
Thanks,
Ocan
Ocan Sankur ocan.sankur@irisa.fr writes:
http://www.lrde.epita.fr/repo/debian/stable/InRelease%C2%A0 The following signatures were invalid: EXPKEYSIG 03D99E7444F2A84A LRDE Repository admin@lrde.epita.fr
Could the signature be expired?
Indeed. Thanks for the report, I'll forward it to our admin.
% gpg --show-keys /etc/apt/trusted.gpg.d/debian-lrde.gpg pub rsa2048 2017-09-18 [SC] [expired: 2022-09-18] 209B7362CFD6FECFB41D717F03D99E7444F2A84A uid LRDE Repository admin@lrde.epita.fr sub rsa2048 2017-09-18 [E] [expired: 2022-09-18]
I can actually install spot from source but Debian packages are useful for preparing artifact submissions.
That's my main use-case as well :-)
Alexandre Duret-Lutz adl@lrde.epita.fr writes:
Ocan Sankur ocan.sankur@irisa.fr writes:
I can actually install spot from source but Debian packages are useful for preparing artifact submissions.
That's my main use-case as well :-)
As a workaround, I was able to install Spot on ubuntu:20.04 by declaring our repository as trusted and without installing the expired gpg key.
% sudo docker run --rm=true -ti ubuntu:20.04 root@30ad600e6df0:/# echo 'deb [trusted=true] http://www.lrde.epita.fr/repo/debian/ stable/' >> /etc/apt/sources.list root@30ad600e6df0:/# apt-get update [...] W: GPG error: http://www.lrde.epita.fr/repo/debian stable/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 03D99E7444F2A84A root@30ad600e6df0:/# apt-get install spot python3-spot [...]
Alexandre Duret-Lutz adl@lrde.epita.fr writes:
Alexandre Duret-Lutz adl@lrde.epita.fr writes:
Ocan Sankur ocan.sankur@irisa.fr writes:
I can actually install spot from source but Debian packages are useful for preparing artifact submissions.
That's my main use-case as well :-)
As a workaround, I was able to install Spot on ubuntu:20.04 by declaring our repository as trusted and without installing the expired gpg key.
If you redownload the key from https://www.lrde.epita.fr/repo/debian.gpg that should be fixed know. The fingerprint hasn't changed.
Thanks a lot!
Ocan
On 06/10/2022 22:50, Alexandre Duret-Lutz wrote:
Alexandre Duret-Lutz adl@lrde.epita.fr writes:
Alexandre Duret-Lutz adl@lrde.epita.fr writes:
Ocan Sankur ocan.sankur@irisa.fr writes:
I can actually install spot from source but Debian packages are useful for preparing artifact submissions.
That's my main use-case as well :-)
As a workaround, I was able to install Spot on ubuntu:20.04 by declaring our repository as trusted and without installing the expired gpg key.
If you redownload the key from https://www.lrde.epita.fr/repo/debian.gpg that should be fixed know. The fingerprint hasn't changed.
-
Alexandre Duret-Lutz -
Ocan Sankur