[DRBD-user] Proxmox repo release.gpg expired

Lars Ellenberg lars.ellenberg at linbit.com
Thu Feb 8 11:43:17 CET 2018 

On Thu, Feb 08, 2018 at 10:06:00AM +0100, Christoph Lechleitner wrote:
> Am 08.02.18 um 09:38 schrieb Yannis Milios:
> > Can you please renew proxmox repo Release.gpg file ?

The signature is fine.
You need to refresh your keyring.
How? See below.

> > W: An error occurred during the signature verification. The repository
> > is not updated and the previous index files will be used. GPG error:
> > http://packages.linbit.com/proxmox proxmox-5 Release: The following
> > signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT Package and
> > Repository Signing Key (2017)
> > W: Failed to fetch
> > http://packages.linbit.com/proxmox/dists/proxmox-5/Release.gpg  The
> > following signatures were invalid: EXPKEYSIG 53B3B037282B6E23 LINBIT
> > Package and Repository Signing Key (2017)
> > W: Some index files failed to download. They have been ignored, or old
> > ones used instead.
> 
> Just in case this might help:
>
> Debian Stretch introduced 2 new requirements for signing keys and
> signatures:

Why would you think it would?
Both requirements are fullfilled, and not being complained about.
(Also someone would have noticed that before,
stretch was not released yesterday).

It complains about an *EXPKEYSIG*
And there is also the "2017" as a hint.
so: key expiry. Which the subject already says as well.

We usually do not create a new key,
but simply extend the validity for an other year,
and also add the "current year" uid.

Your system apparently did not notice the extended validity.
You can help:

apt-key list --verbose LINBIT
| pub   dsa1024 2008-11-13 [SC] [expired: 2018-02-01]
|        32A7 46AD 3ACF B7EB 9A18  8D19 53B3 B037 282B 6E23
| uid           [ expired] LINBIT Package and Repository Signing Key (2017)
| ...
| sub   elg2048 2008-11-13 [E] [expired: 2018-02-01]
| gpg: Note: signature key 53B3B037282B6E23 expired Don 01 Feb 2018 11:49:14 CET


apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x53B3B037282B6E23
(or your keyserver of choice)
| gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key (2018)" 1 new user ID
| gpg: key 53B3B037282B6E23: "LINBIT Package and Repository Signing Key (2018)" 11 new signatures
...

apt-key list --verbose LINBIT
| pub   dsa1024 2008-11-13 [SC] [expires: 2019-02-01]
|       32A7 46AD 3ACF B7EB 9A18  8D19 53B3 B037 282B 6E23
| uid           [ unknown] LINBIT Package and Repository Signing Key (2018)
| ...
| sub   elg2048 2008-11-13 [E] [expires: 2019-02-01]

Yay.

-- 
: Lars Ellenberg
: LINBIT | Keeping the Digital World Running
: DRBD -- Heartbeat -- Corosync -- Pacemaker

DRBD® and LINBIT® are registered trademarks of LINBIT
__
please don't Cc me, but send to list -- I'm subscribed

More information about the drbd-user mailing list