Core: apt key expired for Debian 9

Created on 25 Aug 2018 · 9Comments · Source: owncloud/core

Steps to reproduce

wget -nv https://download.owncloud.org/download/repositories/production/Debian_9.0/Release.key -O Release.key apt-key add - < Release.key
apt-get update
apt-key del 47AE7F72479BC94B
wget -nv https://download.owncloud.org/download/repositories/production/Debian_9.0/Release.key -O Release.key && apt-key add - < Release.key
apt-key list | grep -i owncloud -B 5 -A 2
See https://download.owncloud.org/download/repositories/stable/owncloud/ as of Fri, 24 Aug 2018 22:39:16 -0400

Expected behaviour

Owncloud should update

Actual behaviour

```apt-get update
Reading package lists... Done
W: GPG error: https://download.owncloud.org/download/repositories/stable/Debian_9.0 Release: The following signatures were invalid: EXPKEYSIG 47AE7F72479BC94B ownCloud build servic e
W: The repository 'https://download.owncloud.org/download/repositories/stable/Debian_9.0 Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.

### Server configuration
**Operating system**:
Debian 4.9.65-3+deb9u2 
**Web server:**
nginx

### Issue
The key expired 2018-08-25
```/etc/apt/trusted.gpg
--------------------
pub   rsa2048 2013-08-26 [SC] [expired: 2018-08-25]
      DDA2 C105 C4B7 3A66 49AD  2BBD 47AE 7F72 479B C94B
uid           [ expired] ownCloud build service <obsrun@localhost>

Source

chollinger93

👍5

Most helpful comment

Have you used the apt-key add command from https://download.owncloud.org/download/repositories/stable/owncloud/index.html (→ Debian) to update the key in your apt key database?

wget -nv https://download.owncloud.org/download/repositories/production/Debian_9.0/Release.key -O Release.key
apt-key add - < Release.key

joker234 on 29 Aug 2018

👍6 🎉2

All 9 comments

GitMate.io thinks possibly related issues are https://github.com/owncloud/core/issues/19392 (Signing key expired), https://github.com/owncloud/core/issues/28808 (OwnCloud not in Debian 9 repo), https://github.com/owncloud/core/issues/27547 (Encryption Recovery Key not working in 9.1.4), https://github.com/owncloud/core/issues/23878 (Installation owncloud 9 on debian 8 fails), and https://github.com/owncloud/core/issues/8367 (Debian Repository Key outdated).

ownclouders on 25 Aug 2018

I have the same pubkey problem using the following distributions:

[RaspberryPI hardware]
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 9.4 (stretch)
Release: 9.4
Codename: stretch

[Odroid hardware]
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.5 LTS
Release: 16.04
Codename: xenial

I cleaned the owncloud key and I obtain

Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 47AE7F72479BC94B

From your page
https://download.owncloud.org/download/repositories/stable/owncloud/index.html

I copy on my terminal the following instructions (you see the command and the results)

Date:Sat Aug 25 Time:10:05:32
User:root Computer:fileserver Base:tmp Current:~/tmp
Command 2029 of 34 #wget -nv https://download.owncloud.org/download/repositories/production/Ubuntu_16.04/Release.key -O Release.key
2018-08-25 10:10:08 URL:https://download.owncloud.org/download/repositories/production/Ubuntu_16.04/Release.key [4502/4502] -> "Release.key" [1]

Date:Sat Aug 25 Time:10:10:08
User:root Computer:fileserver Base:tmp Current:~/tmp
Command 2030 of 35 #apt-key add - < Release.key
OK

Date:Sat Aug 25 Time:10:10:11
User:root Computer:fileserver Base:tmp Current:~/tmp
Command 2031 of 36 #apt-get update

[OMISSIS]
Ign:1 https://attic.owncloud.com/org/download/repositories/production/Ubuntu_16.04 InRelease
Hit:4 http://download.owncloud.org/download/repositories/production/Ubuntu_16.04 Release
Err:5 http://download.owncloud.org/download/repositories/production/Ubuntu_16.04 Release.gpg
The following signatures were invalid: EXPKEYSIG 47AE7F72479BC94B ownCloud build service
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.owncloud.org/download/repositories/production/Ubuntu_16.04 Release: The following signatures were invalid: EXPKEYSIG 47AE7F72479BC94B ownCloud build service
W: Failed to fetch http://download.owncloud.org/download/repositories/production/Ubuntu_16.04/Release.gpg The following signatures were invalid: EXPKEYSIG 47AE7F72479BC94B ownCloud build service
W: Some index files failed to download. They have been ignored, or old ones used instead.

checking the key list the problem is evident:

pub rsa2048 2013-08-26 [SC] [expired: 2018-08-25]
DDA2 C105 C4B7 3A66 49AD 2BBD 47AE 7F72 479B C94B
uid [ expired] ownCloud build service

Please can you update the pgp key and assure us that your code is not violated?

Good work and thank you for your time!

marcorighi on 25 Aug 2018

I can confirm it on my system:

pub rsa2048 2013-08-26 [SC] [verfallen: 2018-08-25]
DDA2 C105 C4B7 3A66 49AD 2BBD 47AE 7F72 479B C94B
uid [ verfallen ] ownCloud build service

rossiniscarface on 25 Aug 2018

I get the same issue on Debian 8:
GPG error: http://download.owncloud.org Release: The following signatures were invalid:
KEYEXPIRED 1535163442

minteral on 25 Aug 2018

Seems that most of the keys has been updated

for distro in CentOS_7 Debian_8.0 Debian_9.0 Fedora_26 Fedora_27 Fedora_28 RHEL_7 SLE_12 SLE_12_SP1 SLE_12_SP2 SLE_15 Ubuntu_16.04 Ubuntu_17.10 Ubuntu_18.04 Univention_4.0 openSUSE_Leap_15.0 openSUSE_Leap_42.3 openSUSE_Tumbleweed owncloud xUbuntu_16.04 xUbuntu_17.10 xUbuntu_18.04; do echo -n "$distro : " ; wget -q https://download.owncloud.org/download/repositories/production/$distro/repodata/repomd.xml.key -O - | gpg - | grep "^pub" || wget -q https://download.owncloud.org/download/repositories/production/$distro/Release.key -O - | gpg - | grep "^pub"; done 2>/dev/null
CentOS_7 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
Debian_8.0 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
Debian_9.0 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
Fedora_26 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
Fedora_27 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
Fedora_28 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
RHEL_7 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
SLE_12 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
SLE_12_SP1 : pub   rsa2048 2013-08-26 [SC] [expired: 2018-08-25]
SLE_12_SP2 : pub   rsa2048 2013-08-26 [SC] [expired: 2018-08-25]
SLE_15 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
Ubuntu_16.04 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
Ubuntu_17.10 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
Ubuntu_18.04 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
Univention_4.0 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
openSUSE_Leap_15.0 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
openSUSE_Leap_42.3 : pub   rsa2048 2013-08-26 [SC] [expired: 2018-08-25]
openSUSE_Tumbleweed : pub   rsa2048 2013-08-26 [SC] [expired: 2018-08-25]
owncloud : xUbuntu_16.04 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
xUbuntu_17.10 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
xUbuntu_18.04 : pub   rsa2048 2013-08-26 [SC] [expires: 2023-08-23]

psycofdj on 27 Aug 2018

👍2

Can confirm it's working now, as of 2018-08-27T21:37:17-0400

Ign:4 https://attic.owncloud.com/org/download/repositories/stable/Debian_9.0 InRelease Hit:7 https://download.owncloud.org/download/repositories/stable/Debian_9.0 Release Get:8 https://download.owncloud.org/download/repositories/stable/Debian_9.0 Release.gpg [481 B] Fetched 481 B in 1s (333 B/s)

chollinger93 on 28 Aug 2018

I still have it today, will it fix itself somehow? Since it does not connect to the server I guess it is not able to download the update.

Linux 4.14.62-v7+ (Raspbian 9.4)
ownCloud 10.0.9 (stable)

gkovacsp on 29 Aug 2018

Have you used the apt-key add command from https://download.owncloud.org/download/repositories/stable/owncloud/index.html (→ Debian) to update the key in your apt key database?

wget -nv https://download.owncloud.org/download/repositories/production/Debian_9.0/Release.key -O Release.key
apt-key add - < Release.key

joker234 on 29 Aug 2018

👍6 🎉2

Yes, that works. Thanks.

gkovacsp on 29 Aug 2018

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Updating to 10.5.0 / OC\RepairException: Upgrade is not possible - some plugin won't update, so I'm blocked..

mattcatt00 · 4Comments

Refactor PHPUnit Test Suite and adjust Recommendations

patrickjahns · 4Comments

Code Integrity Check Error - How To Fix?

fridaynext · 5Comments

[QA] whitespace in filenames disappears

jnweiger · 4Comments

Ubuntu 16.04 packages of 8.2 depend on (unavailable) php5?

emmenlau · 5Comments