element-web: Debian repo key expired

Solution

https://github.com/vector-im/element-web/issues/16960#issuecomment-820177356

Original description

# apt update
Hit:1 http://security.ubuntu.com/ubuntu focal-security InRelease
Hit:2 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Get:5 https://packages.riot.im/debian default InRelease [2892 B]
Err:5 https://packages.riot.im/debian default InRelease
  The following signatures were invalid: EXPKEYSIG C2850B265AC085BD riot.im packages <packages@riot.im>
Reading package lists... Done
W: GPG error: https://packages.riot.im/debian default InRelease: The following signatures were invalid: EXPKEYSIG C2850B265AC085BD riot.im packages <packages@riot.im>
E: The repository 'https://packages.riot.im/debian default InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 7
Comments: 15 (6 by maintainers)

Most upvoted comments

@ashed

You missed an URL on your 4th step (sudo wget…), here is the corrected and complete procedure :

#### Remove old key first : ###
sudo ls -la /usr/share/keyrings/                           # check for key existence
sudo rm /usr/share/keyrings/riot-im-archive-keyring.gpg    # remove

### Now get back the updated one : ###
sudo apt install -y wget apt-transport-https               # should already be OK.

sudo wget -O /usr/share/keyrings/riot-im-archive-keyring.gpg https://packages.riot.im/debian/riot-im-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/riot-im-archive-keyring.gpg] https://packages.riot.im/debian/ default main" | sudo tee /etc/apt/sources.list.d/riot-im.list

sudo apt update                                     # should probably find an element-desktop upgrade

+19

DanieLoche on Apr 19, 2021

Repo should be fixed now. There’s an updated key that will have to be acquired: see the steps on https://element.io/get-started under the Linux link for details.

If people run into problems, please visit https://matrix.to/#/#element-web:matrix.org for support

+16

turt2live on Apr 15, 2021

sudo ls -la /usr/share/keyrings/ sudo rm /usr/share/keyrings/riot-im-archive-keyring.gpg

Then update keyring

https://element.io/get-started

Debian / Ubuntu (64-bit)

sudo apt install -y wget apt-transport-https

sudo wget -O /usr/share/keyrings/riot-im-archive-keyring.gpg

echo “deb [signed-by=/usr/share/keyrings/riot-im-archive-keyring.gpg] https://packages.riot.im/debian/ default main” | sudo tee /etc/apt/sources.list.d/riot-im.list

sudo apt update

sudo apt install element-desktop

ashed on Apr 16, 2021

#### Remove old key first : ###
sudo ls -la /usr/share/keyrings/                           # check for key existence
sudo rm /usr/share/keyrings/riot-im-archive-keyring.gpg    # remove

### Now get back the updated one : ###
sudo apt install -y wget apt-transport-https               # should already be OK.

sudo wget -O /usr/share/keyrings/riot-im-archive-keyring.gpg https://packages.riot.im/debian/riot-im-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/riot-im-archive-keyring.gpg] https://packages.riot.im/debian/ default main" | sudo tee /etc/apt/sources.list.d/riot-im.list

sudo apt update                                     # should probably find an element-desktop upgrade

I am so sorry. Thank you for fix.

ashed on Apr 26, 2021

AFAICT, the new key isn’t signed by anyone.

Can someone confirm for me that this is the fingerprint of the new key?

12D4CD600C2240A9F4A82071D7B0B66941D01538

In the future, before changing keys, can you have the old key sign the new key?

Rspigler on Apr 29, 2021