[Bug 1920640] Re: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>
Trent Lloyd
1920640 at bugs.launchpad.net
Sun Mar 21 08:35:38 UTC 2021
Just to make the current status clear from what I can gather:
- The GPG key was extended by 1 year to 2022-03-21
- On Ubuntu Bionic (18.04) and newer the GPG key is normally installed
by the ubuntu-dbgsym-keyring package (on 18.04 Bionic onwards). This
package is not yet updated. An update to this package is required and
still pending.
- On Ubuntu Xenial (16.04) users typically imported the key from
keyserver.ubuntu.com. As that is not yet updated, you will need to
import the key from HTTP using the workaround below which will work as a
temporary workaround on all Ubuntu releases. Once keyserver.ubuntu.com
is updated, you could also use "sudo apt-key adv --keyserver
keyserver.ubuntu.com --recv-keys
F2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622"
- The updated GPG key is not currently published to keyserver.ubuntu.com
- The updated GPG key is available at http://ddebs.ubuntu.com/dbgsym-
release-key.asc
- As a workaround you can import that key to apt using "wget -O -
http://ddebs.ubuntu.com/dbgsym-release-key.asc | sudo apt-key add -"
(note: you need a space between the -O and -, contrary to the previously
pasted comment)
- I believe that the key likely needs to be extended longer and
published to all resources including the ubuntu-dbgsym-keyring package
and keyserver.ubuntu.com
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1920640
Title:
EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic
Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>
Status in ubuntu-keyring package in Ubuntu:
Confirmed
Bug description:
The public key used by the debugging symbols repository
/usr/share/keyrings/ubuntu-dbgsym-keyring.gpg from the package ubuntu-
dbgsym-keyring expired.
$ apt policy ubuntu-dbgsym-keyring
ubuntu-dbgsym-keyring:
Installed: 2020.02.11.2
Candidate: 2020.02.11.2
Version table:
*** 2020.02.11.2 500
500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
500 http://archive.ubuntu.com/ubuntu focal/main i386 Packages
100 /var/lib/dpkg/status
$ gpg --no-default-keyring --keyring /usr/share/keyrings/ubuntu-dbgsym-keyring.gpg --list-keys
/usr/share/keyrings/ubuntu-dbgsym-keyring.gpg
---------------------------------------------
pub rsa4096 2016-03-21 [SC] [expired: 2021-03-20]
F2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622
uid [ expired] Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>
Error message on "apt update":
E: The repository 'http://ddebs.ubuntu.com bionic-updates Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ddebs.ubuntu.com bionic Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>
E: The repository 'http://ddebs.ubuntu.com bionic Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ddebs.ubuntu.com bionic-proposed Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>
E: The repository 'http://ddebs.ubuntu.com bionic-proposed Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1920640/+subscriptions
More information about the foundations-bugs
mailing list