EXPKEYSIG when running 'apt update'
Hi tor-relays, I'm getting this error when running 'apt update': Err:4 https://deb.torproject.org/torproject.org bullseye InRelease The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key The signing key in /etc/apt/trusted.gpg.d/deb.torproject.org-keyring.gpg does not appear to be expired, so I guess some repository metadata signature has expired. Does anyone else encounter this issue? Thanks, Imre
Hi Imre, I also ran into this issue. Following the current instructions [1] and adding a signed-by in sources.list fixed this for me: deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <DISTRIBUTION> main Looks like the expiration date on the key was changed and the package deb.torproject.org-keyring only updates that key in /usr/share/keyrings/. I can't but wonder if everyone that doesn't have a signed-by is affected, which must be quite a few. Regards, Peter [1]: https://support.torproject.org/apt/ On 6/13/22 19:11, Imre Jonk wrote:
Hi tor-relays,
I'm getting this error when running 'apt update':
Err:4 https://deb.torproject.org/torproject.org bullseye InRelease The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
The signing key in /etc/apt/trusted.gpg.d/deb.torproject.org-keyring.gpg does not appear to be expired, so I guess some repository metadata signature has expired. Does anyone else encounter this issue?
Thanks,
Imre
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Tue, 14 Jun 2022 19:19:54 +0200 Peter Gerber <tor-lists@arbitrary.ch> wrote:
Looks like the expiration date on the key was changed and the package deb.torproject.org-keyring only updates that key in /usr/share/keyrings/. I can't but wonder if everyone that doesn't have a signed-by is affected, which must be quite a few.
Yeah I had the public signing key in both /etc/apt/trusted.gpg.d and /usr/share/keyrings. I had to manually update the key in /usr/share/keyrings/tor-archive-keyring.gpg as that file was referenced by my sources.list file. Not sure how it ended up in two places. Thanks for pointing this out!
Hi, same here on 2 VPS with Ubuntu 22.04 (jammy). Err:5 https://deb.torproject.org/torproject.org jammy InRelease The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key I followed [1] and executed the following command: # wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88... | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg
/dev/null
I thought that the package deb.torproject.org-keyring should keep the signing key up-to-date, however the package was installed and is the newest version (unattended-upgrades activated for TorProject repository). # apt install deb.torproject.org-keyring Reading package lists... Done Building dependency tree... Done Reading state information... Done deb.torproject.org-keyring is already the newest version (2022.04.27.1). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. [1] https://support.torproject.org/apt/tor-deb-repo/ Regards, wurstsemmel -------- Ursprüngliche Nachricht -------- Von: Imre Jonk <imre@imrejonk.nl> Antwort an: tor-relays@lists.torproject.org An: tor-relays@lists.torproject.org Betreff: [tor-relays] EXPKEYSIG when running 'apt update' Datum: Mon, 13 Jun 2022 19:11:32 +0200 Hi tor-relays, I'm getting this error when running 'apt update': Err:4 https://deb.torproject.org/torproject.org bullseye InRelease The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key The signing key in /etc/apt/trusted.gpg.d/deb.torproject.org-keyring.gpg does not appear to be expired, so I guess some repository metadata signature has expired. Does anyone else encounter this issue? Thanks, Imre _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Monday, June 13, 2022 7:11:32 PM CEST Imre Jonk wrote:
Hi tor-relays,
I'm getting this error when running 'apt update': mee too ;-) Err:4 https://deb.torproject.org/torproject.org bullseye InRelease The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
The signing key in /etc/apt/trusted.gpg.d/deb.torproject.org-keyring.gpg does not appear to be expired, so I guess some repository metadata signature has expired. Does anyone else encounter this issue?
Had the same thing today and saw that some machines had a newer archive key in: /usr/share/keyrings/tor-archive-keyring.gpg You can get the new one with this one line: wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88... | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
participants (4)
-
Imre Jonk -
lists@for-privacy.net -
Peter Gerber -
wurstsemmel@mailbox.org