Debian-testing/debian-stable public.key has expired

jarrodthebobo · November 24, 2022, 3:50am

Hello, just something I noticed while updating my Rock 5 today. I’m running the Bullseye release provided by Radxa and it appears that I’m getting an error when trying to update from either of the apt repositories (testing/stable), indicating that there is no valid signature (The following signatures were invalid: EXPKEYSIG B99C4BEFEC47E96E Radxa dev@radxa.com)

Further investigation listing the keys with apt-key list, has shown this to be correct:

pub rsa3072 2020-11-24 [SC] [expired: 2022-11-24]
*** 466B 1E7F 6809 6652 1384 8FCA B99C 4BEF EC47 E96E***
uid [ expired] Radxa dev@radxa.com

/etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg

Attempting to manually re-add the public keys from the apt.radxa.com repositories, as well as the github ones, yield the same (expired) key.

Thanks!

-Jarrod

akal · November 24, 2022, 5:56am

Yes, i had the same experience.

jack · November 24, 2022, 10:05am

Updating the gpg key now…

akal · November 24, 2022, 9:25pm

HI Jack,
I’ve got this error:
Err:2 http://apt.radxa.com/bullseye-stable bullseye Release
404 Not Found [IP: 185.199.108.153 80]

Thank you

justahobby · November 25, 2022, 4:00pm

Same problem has occurred on the Ubuntu public key.

akal · November 26, 2022, 6:12am

Hi jack, it seem that public key is not available again

Etienne · November 26, 2022, 5:39pm

same here

Err:5 http://apt.radxa.com/bullseye-stable bullseye InRelease                                                                                                                                              
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9B98116C9AA302C7
Reading package lists... Done                                                                                                                                                                              
W: GPG error: http://apt.radxa.com/bullseye-stable bullseye InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9B98116C9AA302C7
E: The repository 'http://apt.radxa.com/bullseye-stable bullseye InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

had to temporarily skip security check by putting [trusted=yes] in front of the repository to be able to update

JB007 · November 28, 2022, 2:19pm

@jack Any update as to when this might be fixed? Cheers

lurk101 · November 28, 2022, 11:04pm

Been a problem for a few days now. Raxda is not very responsive!

lurk101 · November 29, 2022, 12:06am

on my system I retrieved the new public key with

export DISTRO=bullseye-stable
wget -O - apt.radxa.com/$DISTRO/public.key | sudo apt-key add -

jacobs412 · December 1, 2022, 9:55pm

Any resolution on this issue? I continue to have GPG errors even when attempting to import the key from the Radxa GitHub repo.

sdudule · December 1, 2022, 10:01pm

Hello,
the solution of @lurk101 just UP your post did the job for me.
Thanks @lurk101 !

ed100 · December 1, 2022, 11:00pm

Didn’t work for me:
/home/pi ➜ sudo wget -O - apt.radxa.com/$DISTRO/public.key 2 | sudo apt-key add - [22/12/1| 4:53PM] pi radxa5-1
[sudo] password for pi:
–2022-12-01 16:54:16-- http://apt.radxa.com/bullseye-stable/public.key
Resolving apt.radxa.com (apt.radxa.com)… 185.199.108.153, 185.199.109.153, 185.199.110.153, …
Connecting to apt.radxa.com (apt.radxa.com)|185.199.108.153|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 1290 (1.3K) [application/vnd.apple.keynote]
Saving to: ‘STDOUT’

                                100%[=======================================================================>]   1.26K  --.-KB/s    in 0s

2022-12-01 16:54:17 (82.7 MB/s) - written to stdout [1290/1290]

–2022-12-01 16:54:17-- http://2/
Resolving 2 (2)… 0.0.0.2
Connecting to 2 (2)|0.0.0.2|:80… Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
failed: Connection timed out.
Retrying.

–2022-12-01 16:56:26-- (try: 2) http://2/
Connecting to 2 (2)|0.0.0.2|:80… failed: Connection timed out.
Retrying.

jacy · December 2, 2022, 12:25am

Remove the 2 after the URL. The forum adds the # of clicks to a URL so you accidentally copied that, the proper format should look like,

ed100 · December 2, 2022, 12:41am

That did it, thanks

ac8085 · January 2, 2023, 9:39pm

Yes it works but after that, if you do “apt upgrade” the system won’t boot anymore. I can’t understand why it appens, ubuntu should be an official distro… mah!
Anyone as me?

helloxmoto11 · January 3, 2023, 4:37am

After sitting on my rockpi 5 for over a month I finally tried to get it up and running. Once installing new public.key and sudo apt upgrade after reboot it seems it doesn’t want to connect to monitor. I was still able to ssh though. Anyone else have this problem?

ac8085 · January 3, 2023, 1:35pm

Me too, same problem. Tried several times, same result every time.
I am very disappointed, ubuntu is an official distro… or so it seems to be.

Google_User · January 30, 2023, 7:22pm

Didn’t work for me either all I got was:
wget -o : command not found
I tried with a capital O lower case o and 0 (zero)
man shows it with a O .

Daniel_Rust · May 23, 2023, 12:15am

http://apt.radxa.com/

worked for me -
For Debian Stretch

wget -O -  apt.radxa.com/stretch/public.key | sudo apt-key add -

Edit your /etc/apt/sources.list and add the following:

deb http://apt.radxa.com/stretch/ stretch main