The following signatures were invalid: EXPKEYSIG F8F2C31744774B28 Mattermost Build <dev-ops@mattermost.com>

deemon · May 7, 2024, 11:45am

can’t sudo apt update mattermost.

Get:5 https://deb.packages.mattermost.com jammy InRelease [3956 B]
Err:5 https://deb.packages.mattermost.com jammy InRelease
  The following signatures were invalid: EXPKEYSIG F8F2C31744774B28 Mattermost Build <dev-ops@mattermost.com>
Fetched 3956 B in 2s (2469 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://deb.packages.mattermost.com jammy InRelease: The following signatures were invalid: EXPKEYSIG F8F2C31744774B28 Mattermost Build <dev-ops@mattermost.com>
W: Failed to fetch https://deb.packages.mattermost.com/dists/jammy/InRelease  The following signatures were invalid: EXPKEYSIG F8F2C31744774B28 Mattermost Build <dev-ops@mattermost.com>
W: Some index files failed to download. They have been ignored, or old ones used instead.

How to fix this please?

john.oliver · May 7, 2024, 1:08pm

I just went through this. I found two different documents. Here are the steps I did from my history:

sudo rm /usr/share/keyrings/mattermost-archive-keyring.gpg

curl -o- https://deb.packages.mattermost.com/repo-setup.sh | sudo bash -s mattermost

sudo rm /etc/apt/sources.list.d/mattermost_stable.list
sudo rm /etc/apt/trusted.gpg.d/mattermost.gpg

(as root) sudo curl -s https://deb.packages.mattermost.com/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/mattermost-archive-keyring.gpg

(as root) echo "deb [signed-by=/usr/share/keyrings/mattermost-archive-keyring.gpg] https://deb.packages.mattermost.com stable main" > /etc/apt/sources.list.d/mattermost.list```

deemon · May 7, 2024, 1:17pm

however.

why does mattermostmost keep this key in /usr/share/keyrings/mattermost-archive-keyring.gpg instead of /etc/apt/trusted.gpg.d/ folder?
does anything else besides apt use this keyring? (as for apt the gpg --dearmor is totally unnecessary step there. apt can use ascii key files for repo signatures just as well.)
But why not just use deb https://deb.packages.mattermost.com jammy main in mattermost.list? seems to work fine… for sudo apt update at least.

anyway, thanks for help and inspired by this, on my case just as normal, non-root user…

curl -s https://deb.packages.mattermost.com/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/mattermost-archive-keyring.gpg

…was enough, to fix this. To overwrite original, old, already existing expired key. Repos and everything else was already in place.

Topic		Replies	Views
Issue updating Mattermost-omnibus on digitalocean Upgrade	1	25	October 11, 2024
[Solved] Expired GPG signing key for .deb packages Troubleshooting	1	2995	April 6, 2022
mattermost upgrade issue from 9.6.1-0	1	25	October 22, 2024
Failed apt upgrade to mattermost-omnibus 5.38.2-0 Troubleshooting	1	912	September 20, 2021
[Solved] Running Ubuntu 22.04 on 64 bit computer, Software Updater fails due to Repositories problem. (Issue #25483) Troubleshooting	5	1860	December 6, 2023

The following signatures were invalid: EXPKEYSIG F8F2C31744774B28 Mattermost Build <dev-ops@mattermost.com>

Related topics