Hi Imre,

I also ran into this issue. Following the current instructions [1] and adding a signed-by in sources.list fixed this for me:

deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <DISTRIBUTION> main

Looks like the expiration date on the key was changed and the package deb.torproject.org-keyring only updates that key in /usr/share/keyrings/. I can't but wonder if everyone that doesn't have a signed-by is affected, which must be quite a few.

Regards,

Peter

[1]: https://support.torproject.org/apt/

On 6/13/22 19:11, Imre Jonk wrote:

Hi tor-relays,

I'm getting this error when running 'apt update':

Err:4 https://deb.torproject.org/torproject.org bullseye InRelease The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key

The signing key in /etc/apt/trusted.gpg.d/deb.torproject.org-keyring.gpg does not appear to be expired, so I guess some repository metadata signature has expired. Does anyone else encounter this issue?

Thanks,

Imre

---

tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Hi,

same here on 2 VPS with Ubuntu 22.04 (jammy).

Err:5 https://deb.torproject.org/torproject.org jammy InRelease The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key

I followed [1] and executed the following command:

# wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88... | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg

/dev/null

I thought that the package deb.torproject.org-keyring should keep the signing key up-to-date, however the package was installed and is the newest version (unattended-upgrades activated for TorProject repository).

# apt install deb.torproject.org-keyring Reading package lists... Done Building dependency tree... Done Reading state information... Done deb.torproject.org-keyring is already the newest version (2022.04.27.1). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

[1] https://support.torproject.org/apt/tor-deb-repo/

Regards,

wurstsemmel

-------- Ursprüngliche Nachricht -------- Von: Imre Jonk imre@imrejonk.nl Antwort an: tor-relays@lists.torproject.org An: tor-relays@lists.torproject.org Betreff: [tor-relays] EXPKEYSIG when running 'apt update' Datum: Mon, 13 Jun 2022 19:11:32 +0200

Hi tor-relays,

I'm getting this error when running 'apt update':

Err:4 https://deb.torproject.org/torproject.org%C2%A0bullseye InRelease   The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key

The signing key in /etc/apt/trusted.gpg.d/deb.torproject.org-keyring.gpg does not appear to be expired, so I guess some repository metadata signature has expired. Does anyone else encounter this issue?

Thanks,

Imre _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays