It is kind of critical and I am not sure if this is the right place to ask. Accessing https://downloads.mender.io/repos/debian/ is currently not possible (access denied error) and when trying to access the repo with the previously always working GPG key I get now the error that the repo is not signed. Can anyone help me out?
yes, the old gpg key recently expired. You can renew it in the same way you installed the old one:
curl -fsSL https://downloads.mender.io/repos/debian/gpg | sudo tee /etc/apt/trusted.gpg.d/mender.asc
You can then verify it with:
gpg --show-keys --with-fingerprint /etc/apt/trusted.gpg.d/mender.asc
reference: Downloads | Mender documentation
About the https://downloads.mender.io/repos/debian access, it’s expected that you cannot browse it, but still, it’s accessible by the package managers.
I’m experiencing the same problem as @danielbisar. Followed your instructions and verified the key (expires 2024-10-23). But when performing apt update I get the following error:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://downloads.mender.io/repos/debian ubuntu/focal/stable InRelease: The following signatures were invd: EXPKEYSIG xxxxx Mender Team email@example.com
Maybe it’s related to ubuntu 20 (focal)?
Any help is very appreciated. Thanks
then you should rebuild your local repository index: can you try following steps?
sudo apt-get clean sudo mv /var/lib/apt/lists /tmp sudo apt-get clean sudo apt-get update
Hi @robgio ,
I tried your instructions but unfortunately it did not resolve the problem.
Still getting errors:
W: GPG error: https://downloads.mender.io/repos/debian ubuntu/focal/stable InRelease: The following signatures were invalid: EXPKEYSIG xxxxx Mender Team firstname.lastname@example.org
E: The repository ‘https://downloads.mender.io/repos/debian ubuntu/focal/stable InRelease’ is not signed.
I also noticed the not signed error. Could this be the cause?
Hi @Dave ,
the repository is actually signed, here’s my local test
root@646c7a45d1b3:/# apt-get update Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease Hit:2 http://security.ubuntu.com/ubuntu focal-security InRelease Hit:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease Hit:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease Get:5 https://downloads.mender.io/repos/debian ubuntu/focal/stable InRelease [3722 B] Get:6 https://downloads.mender.io/repos/debian ubuntu/focal/stable/main amd64 Packages [1730 B] Fetched 5452 B in 1s (4379 B/s) Reading package lists... Done root@646c7a45d1b3:/# cat /etc/os-release NAME="Ubuntu" VERSION="20.04.5 LTS (Focal Fossa)"
Can you list all your imported keys and verify if the new one is present? You should see at least one Mender key:
$ apt-key list /etc/apt/trusted.gpg.d/mender.asc --------------------------------- pub rsa3072 2020-11-13 [SC] [expires: 2024-10-23] E6C8 5734 5575 F921 8396 5662 2407 2B80 A1B2 9B00 uid [ unknown] Mender Team <email@example.com> sub rsa3072 2020-11-13 [E] [expires: 2024-10-23]
If you see the old one, please remove it and import the new one again:
$ apt-key del /etc/apt/trusted.gpg.d/mender.asc OK $ curl -fsSL https://downloads.mender.io/repos/debian/gpg | sudo tee /etc/apt/trusted.gpg.d/mender.asc
And verify if it matches
E6C8 5734 5575 F921 8396 5662 2407 2B80 A1B2 9B00 with the following command:
$ gpg --show-keys --with-fingerprint /etc/apt/trusted.gpg.d/mender.asc
I found the root cause of the problem. Besides mender.asc there was also an expired Mender key in /etc/apt/trusted.gpg. Removed the expired one from trusted.gpg and importing the new one resolved the issue.
Thanks for all the support.