zsh-autosuggestions: Key for zsh-autosuggestions packages in OBS has expired
Describe the bug
INSTALL.md lists the zsh-autosuggestions OBS repository as a way to install it in Ubuntu. However, the release key expired on the 14th of October:
$ apt-key adv --list-key 767B5F350F20116F
Executing: /tmp/apt-key-gpghome.jKWbDodOp0/gpg.1.sh --list-key 767B5F350F20116F
pub rsa2048 2017-08-05 [SC] [expired: 2019-10-14]
4919522E6859A90747C6D97A767B5F350F20116F
uid [ expired] shells:zsh-users OBS Project <shells:zsh-users@build.opensuse.org>
I’m not sure if github is the correct place to raise this bug, but I hope that if it isn’t, someone can tell where is the right place.
To Reproduce
Steps to reproduce the behavior:
In an Ubuntu 18.04 system, following the instructions linked in the INSTALL.md:
$ wget -nv https://download.opensuse.org/repositories/shells:zsh-users:zsh-autosuggestions/xUbuntu_18.04/Release.key -O Release.key
2019-10-16 09:21:17 URL:https://download.opensuse.org/repositories/shells:/zsh-users:/zsh-autosuggestions/xUbuntu_18.04/Release.key [1110/1110] -> "Release.key" [1]
$ sudo apt-key add Release.key
OK
$ sudo apt-get update
[...]
Ign:8 http://download.opensuse.org/repositories/shells:/zsh-users:/zsh-autosuggestions/xUbuntu_18.04 InRelease
Hit:9 http://download.opensuse.org/repositories/shells:/zsh-users:/zsh-autosuggestions/xUbuntu_18.04 Release
[...]
Err:13 http://download.opensuse.org/repositories/shells:/zsh-users:/zsh-autosuggestions/xUbuntu_18.04 Release.gpg
The following signatures were invalid: EXPKEYSIG 767B5F350F20116F shells:zsh-users OBS Project <shells:zsh-users@build.opensuse.org>
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/shells:/zsh-users:/zsh-autosuggestions/xUbuntu_18.04 Release: The following signatures were invalid: EXPKEYSIG 767B5F350F20116F shells:zsh-users OBS Project <shells:zsh-users@build.opensuse.org>
W: Failed to fetch http://download.opensuse.org/repositories/shells:/zsh-users:/zsh-autosuggestions/xUbuntu_18.04/Release.gpg The following signatures were invalid: EXPKEYSIG 767B5F350F20116F shells:zsh-users OBS Project <shells:zsh-users@build.opensuse.org>
Expected behavior
The certificate should expire in the future.
Desktop
- OS + distribution: Ubuntu 18.04
- Zsh version: 5.4.2
- Plugin version: 0.5.0+1.1
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 17
- Comments: 22 (5 by maintainers)
The key in the Ubuntu 18.04 repo expired as mentioned above.
Whereas the key in the 19.10 repo is still valid.
It is the same key in both repos, but with different expiration dates. Thus, one can simply import the key of the 19.10 repo and use it with the 18.04.
For me, this works. Maybe, someone can update the Release.key in the 18.04 repo, e.g. replace it with the one from the 19.10 repo.
Same issue again
Still experiencing this also.
I have refreshed the key, updated the package to 0.7.0, enabled repos for newer distros and dropped older ones. Hopefully all issues should be solved.
For the record, this is where the packaging happens: https://build.opensuse.org/package/show/shells:zsh-users:zsh-autosuggestions/zsh-autosuggestions (feel free to get in touch if you want to get involved)
I was still experiencing this issue until I used the keys from 19.10 as @KarlScheibelhofer recommended.
sorry but on ubuntu 18.04 the gpg verification failed see:
btw using the 19th key works fine
My experience has been that this is still an issue, as of just now. Does anyone know if there are any further developments? Many thanks!