goaccess: GoAccess Invalid deb signatures EXPKEYSIG - deb repo
The following command from https://goaccess.io/download#official-repo is failing:
sudo apt-get update
Hit:1 http://za.archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://za.archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:3 http://za.archive.ubuntu.com/ubuntu focal-backports InRelease
Hit:4 http://ppa.launchpad.net/git-core/ppa/ubuntu focal InRelease
Hit:5 http://nginx.org/packages/ubuntu focal InRelease
Hit:6 http://security.ubuntu.com/ubuntu focal-security InRelease
Hit:7 http://ppa.launchpad.net/ondrej/php/ubuntu focal InRelease
Hit:8 https://esm.ubuntu.com/infra/ubuntu focal-infra-security InRelease
Get:9 https://deb.goaccess.io focal InRelease [2,345 B]
Hit:10 https://esm.ubuntu.com/infra/ubuntu focal-infra-updates InRelease
Err:9 https://deb.goaccess.io focal InRelease
The following signatures were invalid: EXPKEYSIG 97BD1A0133449C3D Gerardo Orellana <goaccess@prosoftcorp.com>
Fetched 2,345 B in 4s (532 B/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://deb.goaccess.io focal InRelease: The following signatures were invalid: EXPKEYSIG 97BD1A0133449C3D Gerardo Orellana <goaccess@prosoftcorp.com>
W: Failed to fetch https://deb.goaccess.io/dists/focal/InRelease The following signatures were invalid: EXPKEYSIG 97BD1A0133449C3D Gerardo Orellana <goaccess@prosoftcorp.com>
W: Some index files failed to download. They have been ignored, or old ones used instead.
I downloaded the key again but the same error occurred.
About this issue
- Original URL
- State: open
- Created 2 years ago
- Reactions: 3
- Comments: 33 (18 by maintainers)
Commits related to this issue
- Include arch in ubuntu/debian repo instructions See https://github.com/allinurl/goaccess/issues/2321#issuecomment-1129074851 — committed to ahayes/goaccess by ahayes 2 years ago
Thanks everyone for reporting this. The key has been renewed, please download it again, e.g.,
The key fingerprint is the same:
C03B 4888 7D5E 56B0 4671 5D32 97BD 1A01 3344 9C3DPlease let me know if that solves the issue on your end.
Thanks, however, in addition to the above instructions to avoid the “The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 97BD1A0133449C3D” I had to also do this:
on a recent 20.04 LTS install I took steps from @allinurl and added two lines to it and it worked with the extra two lines, see below:
@ahayes just for reference, here are some great answers on apt-key and the path of keyrings:
https://askubuntu.com/a/1307181 https://unix.stackexchange.com/a/582853
Resolved!
Thank you!
That didn’t quite work for me on an Ubuntu 20.04 LTS x86_64 system, some other steps may help,
...9C3Dshowing up in output):wget -O - https://deb.goaccess.io/gnugpg.key | gpg --show-keys/usr/share/keyrings/goaccess.gpgapt-get updatewas failing with"N: Skipping acquisition of configured file 'main/binary-i386/Packages', as repository 'https://deb.goaccess.io focal InRelease' doesn't support architecture 'i386'"/etc/apt/sources.list.d/goaccess.listto (adding thearchsetting),deb [signed-by=/usr/share/keyrings/goaccess.gpg arch=amd64] https://deb.goaccess.io/ focal mainapt-key add /usr/share/keyrings/goaccess.gpg), in which case I think thatsigned-byoption can be removed.Thank you for creating this issue. I have been trying to find my way around the same problem for the last 30 minutes or so with no success. It looks like this issue comes up for various projects when the repo signing key changes.
On Debian Bullseye, I had to place the gpg key in /etc/apt/trusted.gpg.d instead of /usr/share/keyrings
@ypujante Certificate is fine. Have you run apt update and apt upgrade on your machine? I wonder if you have old cert packages… Then please try:
I installed goaccess via this guide when setting up my server: https://www.howtoforge.com/tutorial/perfect-server-ubuntu-20.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/
In that guide it installs via these commands:
Therefore to correct this issue, I modified the recommendation above slightly to:
Hope this helps anyone with the key in trusted.gpg.d
The official Debian wiki also does not recommend trusted.gpg.d: https://wiki.debian.org/DebianRepository/UseThirdParty
But a non-armored key and a package which should be updated when the signing key could also be two good points which would make things perfect 🙂
I would have thought that when using the deb
signed-bysetting as documented you could put it anywhere. Is that not the case?