+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: PinePhone Software (https://forum.pine64.org/forumdisplay.php?fid=121)
+---- Forum: Mobian on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=139)
+---- Thread: apt-get update "The following signatures were invalid..." (/showthread.php?tid=16856)
Pages:
1
2
apt-get update "The following signatures were invalid..." - grump_fiddle_reinstall - 06-18-2022
From the terminal
"The following signatures were invalid: EXPKEYSIG 951D61F2BC232697 Mobian Project <admin@mobian-project.org>
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repo.mobian-project.org bookworm InRelease: The following signatures were invalid: EXPKEYSIG 951D61F2BC232697 Mobian Project <admin@mobian-project.org>
W: Failed to fetch http://repo.mobian-project.org/dists/bookworm/InRelease The following signatures were invalid: EXPKEYSIG 951D61F2BC232697 Mobian Project <admin@mobian-project.org>
W: Some index files failed to download. They have been ignored, or old ones used instead."
I remember having similar problems with other repos but cannot find the fix. Where can I find the new key?
RE: apt-get update "The following signatures were invalid..." - jsch - 06-18-2022
According to the chats, the easiest way is
Code:
curl -s https://repo.mobian.org/mobian.gpg | sudo tee /etc/apt/trusted.gpg.d/mobian.gpgRE: apt-get update "The following signatures were invalid..." - Fish - 06-18-2022
Quick fix that worked for me:
curl -s https://repo.mobian.org/mobian.gpg | sudo tee /etc/apt/trusted.gpg.d/mobian.gpg
Source: Matrix Mobian chat.
edit: to slow
RE: apt-get update "The following signatures were invalid..." - dante404 - 06-18-2022
Strange, this command doesn't solve the problem here.
And it also looks like the key is pasted as text in the terminal (not into the file?).
I just copied the complete command from here multiple times and tried it multiple times.
Does anybody have an idea what could be the difference?
Best Regards,
Dante
RE: apt-get update "The following signatures were invalid..." - jsch - 06-18-2022
tee is splitter. The data read from stdin (in our case curl) is sent to a file and to stdout. Since tee is started as root (hence sudo tee), the file is written as root.
A cleaner way is:
Code:
curl -s https://repo.mobian.org/mobian.gpg | sudo tee /etc/apt/trusted.gpg.d/mobian.gpg > /dev/nullCan you please check if the timestamp of the file /etc/apt/trusted.gpg.d/mobian.gpg matches the time when you ran the command from above (w/ or w/o >/dev/null).
RE: apt-get update "The following signatures were invalid..." - dante404 - 06-18-2022
Ah, thank you!
The last change date of the file changes in both cases.
But I just noticed that the error message talks about repo.mobian-project.org, but the command gets it gpg key from repo.mobian.org
Seem to be different domain names for the same server, but I guess apt does not accept such differences.
Did the mobian team change something?
RE: apt-get update "The following signatures were invalid..." - grump_fiddle_reinstall - 06-18-2022
(06-18-2022, 09:54 AM)jsch Wrote: tee is splitter. The data read from stdin (in our case curl) is sent to a file and to stdout. Since tee is started as root (hence sudo tee), the file is written as root.
A cleaner way is:
By sending the stdout to /dev/null, it is simply not displayed.Code:curl -s https://repo.mobian.org/mobian.gpg | sudo tee /etc/apt/trusted.gpg.d/mobian.gpg > /dev/null
Can you please check if the timestamp of the file /etc/apt/trusted.gpg.d/mobian.gpg matches the time when you ran the command from above (w/ or w/o >/dev/null).
After installing curl the above command did the trick for my PP and PPP. Ta very muchly!
RE: apt-get update "The following signatures were invalid..." - dante404 - 06-18-2022
This finally worked for me
:Code:
curl -s https://repo.mobian.org/mobian.gpg.key | sudo tee /var/lib/extrepo/keys/mobian.ascsource: https://fosstodon.org/@mobian
RE: apt-get update "The following signatures were invalid..." - vusra - 06-23-2022
Some don't have curl and need wget
Code:
wget -O - repo.mobian.org/mobian.gpg.key | sudo apt-key add -Professional tip, use tor
Code:
sudo apt install torwith curl
Code:
torify curl -s https://repo.mobian.org/mobian.gpg | sudo tee /etc/apt/trusted.gpg.d/mobian.gpgor wget
Code:
torify wget -O - repo.mobian.org/mobian.gpg.key | sudo apt-key add -RE: apt-get update "The following signatures were invalid..." - ljones - 07-23-2022
Can't update here as well. I can't install curl (I get 404 Not found) so I tried using wget above but it makes no difference. I still get:
Code:
Err:1 http://repo.mobian-project.org bookworm InRelease
The following signatures were invalid: EXPKEYSIG 951D61F2BC232697 Mobian Project <admin@mobian-project.org>
Fetched 32.4 kB in 2s (20.5 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repo.mobian-project.org bookworm InRelease: The following signatures were invalid: EXPKEYSIG 951D61F2BC232697 Mobian Project <admin@mobian-project.org>
W: Failed to fetch http://repo.mobian-project.org/dists/bookworm/InRelease The following signatures were invalid: EXPKEYSIG 951D61F2BC232697 Mobian Project <admin@mobian-project.org>
W: Some index files failed to download. They have been ignored, or old ones used instead.this page suggests to do:
Code:
$ apt-key --keyring=/etc/apt/trusted.gpg.d/mobian.gpg mobian.gpgBut that dosen't work either and complains of an unknown option.
I tried to delete the key "951D61F2BC232697" with apt-key del . I then ran apt update but no success .
Even tried copying the mobian.gpg file into /etc/apt/ and /etc/apt/trusted.gpg.d/ . Ran apt update but no success :-( .
I did also try the command apt-key update but got:
Code:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Warning: 'apt-key update' is deprecated and should not be used anymore!
Note: In your distribution this command is a no-op and can therefore be removed safely.The /etc/apt/sources.list just shows
Code:
deb http://deb.debian.org/debian bookworm mainInternet connection on my pinephone mobian is ok btw.
UPDATE: Since I don't have curl I found I had to manually download and copy a file in /var/lib/extrepo/keys as someone did above.
Code:
$ wget repo.mobian.org/mobian.gpg.key
$ cp $HOME/mobian.gpg.key /var/lib/extrepo/keys/mobian.asc
$ apt updateThat worked for me to fix that error
*but*
Now apt seems to have many missing files:
Code:
$ apt-get dist-upgrade
..
..
..
Err:1 http://deb.debian.org/debian bookworm/main arm64 libgnome-bg-4-1 arm64 42.0-2
404 Not Found [IP: 199.232.142.132 80]
Err:2 http://deb.debian.org/debian bookworm/main arm64 libgnome-bluetooth-ui-3.0-13 arm64 42.0-5
404 Not Found [IP: 199.232.142.132 80]
Err:3 http://deb.debian.org/debian bookworm/main arm64 libgnome-rr-4-1 arm64 42.0-2
404 Not Found [IP: 199.232.142.132 80]
Err:4 http://deb.debian.org/debian bookworm/main arm64 libnma-gtk4-0 arm64 1.8.38-1
404 Not Found [IP: 199.232.142.132 80]
Err:5 http://deb.debian.org/debian bookworm/main arm64 libsnapd-glib1 arm64 1.59-3
..
..
..No matter how many times I try apt update I get these errors :-( .
ljones