yacreader icon indicating copy to clipboard operation
yacreader copied to clipboard
verified publisher icon YACReader

invalid signature in ubuntu repository

Open brainchild0 opened this issue 3 years ago • 6 comments

A routine system update on my Linux Mint system revealed an issue reported by the following error message:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/selmf/xUbuntu_20.04  InRelease: The following signatures were invalid: EXPKEYSIG 3F3411BE43F8BC1F home:selmf OBS Project <home:[email protected]>
W: Failed to fetch http://download.opensuse.org/repositories/home:/selmf/xUbuntu_20.04/InRelease  The following signatures were invalid: EXPKEYSIG 3F3411BE43F8BC1F home:selmf OBS Project <home:[email protected]>
W: Some index files failed to download. They have been ignored, or old ones used instead.

The message had not appeared as recently as a few days ago.

The key in the Debian repository for Ubuntu 20.04 appears to be expired or otherwise invalid.

brainchild0 avatar Jan 26 '22 00:01 brainchild0

Yes, this was reported on the YACReader forums. The repo key was expired. I've already extended the key and did a repo rebuild, so it should be fixed now. If you still have issues, you probably need to update the repo key on your side. If that does not solve it, please let me know.

Am 26. Januar 2022 01:55:26 MEZ schrieb brainchild0 @.***>:

A routine system update on my Linux Mint system revealed an issue reported by the following error message:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/selmf/xUbuntu_20.04  InRelease: The following signatures were invalid: EXPKEYSIG 3F3411BE43F8BC1F home:selmf OBS Project ***@***.***>
W: Failed to fetch http://download.opensuse.org/repositories/home:/selmf/xUbuntu_20.04/InRelease  The following signatures were invalid: EXPKEYSIG 3F3411BE43F8BC1F home:selmf OBS Project ***@***.***>
W: Some index files failed to download. They have been ignored, or old ones used instead.

The message had not appeared as recently as a few days ago.

The key in the Debian repository for Ubuntu 20.04 appears to be expired or otherwise invalid.

-- Reply to this email directly or view it on GitHub: https://github.com/YACReader/yacreader/issues/295 You are receiving this because you are subscribed to this thread.

Message ID: @.***>

selmf avatar Jan 26 '22 06:01 selmf

I still see the issue.

brainchild0 avatar Jan 26 '22 07:01 brainchild0

Issue seems resolved after more recent test.

I will report if further problems.

brainchild0 avatar Jan 27 '22 20:01 brainchild0

I'm sorry, it's not resolved.

brainchild0 avatar Jan 27 '22 20:01 brainchild0

I just rechecked this and the key was properly updated. You can check this by running

wget -nv http://download.opensuse.org/repositories/home:/selmf/xUbuntu_20.04/Release.key -O - |gpg My guess is that you still have the old expired key cached on your system.

selmf avatar Jan 27 '22 20:01 selmf

I didn't realize a manual step was required.

It works with with the following command:

wget -nv http://download.opensuse.org/repositories/home:/selmf/xUbuntu_20.04/Release.key -O - | sudo apt-key add

brainchild0 avatar Jan 27 '22 22:01 brainchild0

Still an issue

Get:1 http://download.opensuse.org/repositories/home:/selmf/xUbuntu_22.04  yacreader 9.8.1-1 [1,683 kB]
Err:1 http://download.opensuse.org/repositories/home:/selmf/xUbuntu_22.04  yacreader 9.8.1-1
  Hash Sum mismatch
  Hashes of expected file:
   - SHA256:2453464439951f61d8cbac251fc1ee46969a9d5418aabfa4bcd5763d4bf7f1d6
   - SHA1:02066885621168f59efa90438f67daf30cc04c4b [weak]
   - MD5Sum:53c9bd338acb55031cb2c774249b6a93 [weak]
   - Filesize:1682822 [weak]
  Hashes of received file:
   - SHA256:a5772cfc134018eb2d71d32544c6cce34c0807431287a107b6ba17ec801b2607
   - SHA1:2c55a80b2e5e9b1ebcab66e1506bcfd959012a41 [weak]
   - MD5Sum:e4d73eb5a54c03f41dbf53316cf5f164 [weak]
   - Filesize:1682822 [weak]
  Last modification reported: Sun, 01 May 2022 10:12:34 +0000
Fetched 1,683 kB in 0s (3,539 kB/s) 
E: Failed to fetch http://mirror.aardsoft.fi/opensuse/repositories/home:/selmf/xUbuntu_22.04/amd64/yacreader_9.8.1-1_amd64.deb  Hash Sum mismatch
   Hashes of expected file:
    - SHA256:2453464439951f61d8cbac251fc1ee46969a9d5418aabfa4bcd5763d4bf7f1d6
    - SHA1:02066885621168f59efa90438f67daf30cc04c4b [weak]
    - MD5Sum:53c9bd338acb55031cb2c774249b6a93 [weak]
    - Filesize:1682822 [weak]
   Hashes of received file:
    - SHA256:a5772cfc134018eb2d71d32544c6cce34c0807431287a107b6ba17ec801b2607
    - SHA1:2c55a80b2e5e9b1ebcab66e1506bcfd959012a41 [weak]
    - MD5Sum:e4d73eb5a54c03f41dbf53316cf5f164 [weak]
    - Filesize:1682822 [weak]
   Last modification reported: Sun, 01 May 2022 10:12:34 +0000
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

VictorVolovik avatar Aug 27 '22 17:08 VictorVolovik

@VictorVolovik No, this is a different issue. This is a hash sum mismatch, not a PGP signature problem.

selmf avatar Sep 03 '22 16:09 selmf