Ubuntu
ubuntu-keyring package

The repository 'http://ddebs.ubuntu.com groovy Release' is not signed

Bug #1920610 reported by Mark Fraser
304
This bug affects 12 people
Affects Status Importance Assigned to Milestone
ubuntu-keyring (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Did an update this morning and it looks like the key has expired.
W: GPG error: http://ddebs.ubuntu.com groovy Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <email address hidden>
E: The repository 'http://ddebs.ubuntu.com groovy Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ddebs.ubuntu.com groovy-updates Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <email address hidden>
E: The repository 'http://ddebs.ubuntu.com groovy-updates Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ddebs.ubuntu.com groovy-proposed Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <email address hidden>
E: The repository 'http://ddebs.ubuntu.com groovy-proposed Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Mark Fraser (launchpad-mfraz)
information type: Private Security → Public Security
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubuntu-keyring (Ubuntu):
status: New → Confirmed
Revision history for this message
David Hunt (da-cra-hunt) wrote :

Focal as well:
Err:19 http://ddebs.ubuntu.com focal Release.gpg
  The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <email address hidden>

Revision history for this message
Dimitry Andric (dimitry-andric) wrote :

The GPG key has simply expired, as of 2021-03-20:

$ wget -q http://ddebs.ubuntu.com/dists/focal-proposed/Release http://ddebs.ubuntu.com/dists/focal-proposed/Release.gpg

$ gpg --verify Release.gpg Release
gpg: Signature made Fri 19 Mar 2021 04:52:53 AM CET
gpg: using RSA key 0xC8CAB6595FDFF622
gpg: Good signature from "Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <email address hidden>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: F2ED C64D C5AE E1F6 B9C6 21F0 C8CA B659 5FDF F622

$ gpg --list-key 0xC8CAB6595FDFF622
pub rsa4096/0xC8CAB6595FDFF622 2016-03-21 [SC] [expired: 2021-03-20]
      Key fingerprint = F2ED C64D C5AE E1F6 B9C6 21F0 C8CA B659 5FDF F622
uid [ expired] Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <email address hidden>

Time to generate a new key and distribute it, I guess. :-)

Revision history for this message
Dimitry Andric (dimitry-andric) wrote :

Note: a duplicate bug #1920640 was added a few hours after this one.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.