[Bug 1920640] Re: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>

Brian Murray 1920640 at bugs.launchpad.net
Tue Mar 30 19:20:38 UTC 2021 

Setting to verification-done for Focal.

(focal-amd64)root at impulse:/home/bdmurray/source-trees/error-tracker-deployment/trunk# apt-get update
...
Reading package lists... Done
W: GPG error: http://ddebs.ubuntu.com focal Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol A
rchive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>
E: The repository 'http://ddebs.ubuntu.com focal Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ddebs.ubuntu.com focal-updates Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug 
Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>
E: The repository 'http://ddebs.ubuntu.com focal-updates Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ddebs.ubuntu.com focal-proposed Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug
 Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>
E: The repository 'http://ddebs.ubuntu.com focal-proposed Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.  
(focal-amd64)root at impulse:/home/bdmurray/source-trees/error-tracker-deployment/trunk# apt-get install ubuntu-dbgsym-keyring
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
  ubuntu-dbgsym-keyring
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/6956 B of archives.
After this operation, 0 B of additional disk space will be used.
(Reading database ... 10155 files and directories currently installed.)
Preparing to unpack .../ubuntu-dbgsym-keyring_2020.02.11.4_all.deb ...
Unpacking ubuntu-dbgsym-keyring (2020.02.11.4) over (2020.02.11.2) ...
Setting up ubuntu-dbgsym-keyring (2020.02.11.4) ...
(focal-amd64)root at impulse:/home/bdmurray/source-trees/error-tracker-deployment/trunk# apt-get update
...
Get:20 http://ddebs.ubuntu.com focal-proposed/universe amd64 Packages [41.3 kB]
Fetched 5486 kB in 9s (623 kB/s)
Reading package lists... Done


** Tags removed: verification-needed verification-needed-focal
** Tags added: verification-done verification-done-focal

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1920640

Title:
  EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic
  Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>

Status in ubuntu-keyring package in Ubuntu:
  Fix Released
Status in ubuntu-keyring source package in Bionic:
  Fix Committed
Status in ubuntu-keyring source package in Focal:
  Fix Committed
Status in ubuntu-keyring source package in Groovy:
  Fix Committed
Status in ubuntu-keyring source package in Hirsute:
  Fix Released

Bug description:
  [Impact]

   * Cannot update apt metadata from ddebs.ubuntu.com whilst using
  ubuntu-dbgsym-keyring package

  [Test Plan]

   * Install ubuntu-dbgsym-keyring package
   * Add ddebs.ubuntu.com repository for your release
   * sudo apt update must be successful

   * Install ubuntu-dbgsym-keyring package
   * Install and use `apt-key list` and check that there is no expiry on the dbgsym key

  I.e. bad output
  /etc/apt/trusted.gpg.d/ubuntu-keyring-2016-dbgsym.gpg
  -----------------------------------------------------
  pub   rsa4096 2016-03-21 [SC] [expired: 2021-03-20]
        F2ED C64D C5AE E1F6 B9C6  21F0 C8CA B659 5FDF F622
  uid           [ expired] Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>

  
  Good output has no [date] in the pub line.

  [Where problems could occur]

   * At the moment the signature was bumped by one year
   * Meaning this issue will occur again in 2022
   * Instead the key must be set to not expire & new round of SRUs issued

  [Other Info]

   * Original bug report

  The public key used by the debugging symbols repository
  /usr/share/keyrings/ubuntu-dbgsym-keyring.gpg from the package ubuntu-
  dbgsym-keyring expired.

  $ apt policy ubuntu-dbgsym-keyring
  ubuntu-dbgsym-keyring:
    Installed: 2020.02.11.2
    Candidate: 2020.02.11.2
    Version table:
   *** 2020.02.11.2 500
          500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
          500 http://archive.ubuntu.com/ubuntu focal/main i386 Packages
          100 /var/lib/dpkg/status
  $ gpg --no-default-keyring --keyring /usr/share/keyrings/ubuntu-dbgsym-keyring.gpg --list-keys
  /usr/share/keyrings/ubuntu-dbgsym-keyring.gpg
  ---------------------------------------------
  pub   rsa4096 2016-03-21 [SC] [expired: 2021-03-20]
        F2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622
  uid           [ expired] Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>

  Error message on "apt update":

  E: The repository 'http://ddebs.ubuntu.com bionic-updates Release' is not signed.
  N: Updating from such a repository can't be done securely, and is therefore disabled by default.
  N: See apt-secure(8) manpage for repository creation and user configuration details.
  W: GPG error: http://ddebs.ubuntu.com bionic Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>
  E: The repository 'http://ddebs.ubuntu.com bionic Release' is not signed.
  N: Updating from such a repository can't be done securely, and is therefore disabled by default.
  N: See apt-secure(8) manpage for repository creation and user configuration details.
  W: GPG error: http://ddebs.ubuntu.com bionic-proposed Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive at lists.ubuntu.com>
  E: The repository 'http://ddebs.ubuntu.com bionic-proposed Release' is not signed.
  N: Updating from such a repository can't be done securely, and is therefore disabled by default.
  N: See apt-secure(8) manpage for repository creation and user configuration details.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1920640/+subscriptions

More information about the foundations-bugs mailing list