Announcements

Help Wizard

Step 1

NEXT STEP

Expired Key Signature

Solved!
Go to solution

Expired Key Signature

user-removed
Not applicable
2018-07-25 08:01 PM

 

I am a Spotify for Linux user. Ever since I got up this morning I have been getting an error from my update manager that Spotify's repo signing keys are expired. Anyone know what's going on? The error message I am getting is as follows:

 

"An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repository.spotify.com stable InRelease: The following signatures were invalid: EXPKEYSIG EFDC8610341D9410 Spotify Public Repository Signing Key <tux@spotify.com>Failed to fetch http://repository.spotify.com/dists/stable/InRelease  The following signatures were invalid: EXPKEYSIG EFDC8610341D9410 Spotify Public Repository Signing Key <tux@spotify.com>Some index files failed to download. They have been ignored, or old ones used instead."

Reply

Accepted Solutions
Marked as solution

Avatar of bjoerntw
Newbie
2018-07-25 09:53 PM

The repository is not signed with the key, that you've been told on https://www.spotify.com/de/download/linux/

At the moment, the repository is signed with 0x341d9410, you can see that on http://repository.spotify.com/dists/stable/InRelease

As you can see here: https://keyserver.ubuntu.com/pks/lookup?search=0x341D9410&op=vindex
the key expired today, thats why the key is no longer trusted.

  As a user, you can deactivate the repository temporarily to avoid any error messages. To solve this problem, spotify has to change the signature key for the repository.

View solution in original post

8 Replies
Marked as solution

Avatar of bjoerntw
Newbie
2018-07-25 09:53 PM

The repository is not signed with the key, that you've been told on https://www.spotify.com/de/download/linux/

At the moment, the repository is signed with 0x341d9410, you can see that on http://repository.spotify.com/dists/stable/InRelease

As you can see here: https://keyserver.ubuntu.com/pks/lookup?search=0x341D9410&op=vindex
the key expired today, thats why the key is no longer trusted.

  As a user, you can deactivate the repository temporarily to avoid any error messages. To solve this problem, spotify has to change the signature key for the repository.

Avatar of paladin1971
Newbie
2018-07-26 01:13 AM

I'm getting the same issue and I'm a paid subscriber. I hope Spotify fixes this soon and lets us know they've fixed it by telling subscribers about the new key we will have to import.

user-removed
Not applicable
2018-07-26 03:06 AM

Thank you for clarifying the issue. I assumed something like this was the matter, but I was unsure. I appreciate your help!

Avatar of FlatronEZ
Casual Listener
2018-07-26 09:25 AM

I saw this yesterday too. Not a dealbreaker though. It'll get fixed soon I assume.

 

I am still so happy that the Spotify team cares and releases a proper Linux client! ❤️

Avatar of Bboije
Newbie
2018-07-26 11:26 AM

Noticed this issue this morning as well. Started with checking the local keys for the repository and found that I already had a valid key. The spotify repository is signed signed with the older key.

 

These are the keys I have for spotify:

$ apt-key adv --fingerprint spotify
Executing: /tmp/tmp.pQCKQOMsEw/gpg.1.sh --fingerprint
spotify
pub   4096R/341D9410 2017-07-25 [expired: 2018-07-25]
      Key fingerprint = 0DF7 31E4 5CE2 4F27 EEEB  1450 EFDC 8610 341D 9410
uid                  Spotify Public Repository Signing Key <tux@spotify.com>

pub   4096R/48BF1C90 2018-05-23 [expires: 2019-08-16]
      Key fingerprint = 931F F8E7 9F08 7613 4EDD  BDCC A87F F9DF 48BF 1C90
uid                  Spotify Public Repository Signing Key <tux@spotify.com>

 

Avatar of mnezmah
Visitor
2019-09-03 01:26 PM

How can I deactivate repo?

0 Likes

Avatar of tolgacesur
Visitor
2019-09-12 10:27 AM 
sudo rm /etc/apt/sources.list.d/spotify.list

 

 

0 Likes

Avatar of ArtGravity
Composer
2019-09-26 07:49 PM
@mnezmah wrote:

How can I deactivate repo?

Open /etc/apt/sources.list.d/spotify.list with root privileges in your preferred text editor. (e.g. sudo vim /etc/apt/sources.list.d/spotify.list)

Place "# " at the beginning of the line that contains:

deb http://repository.spotify.com stable non-free

It will now look like this:

# deb http://repository.spotify.com stable non-free

Save and exit.

Reactivating the repository is as simple as removing the "# " from the beginning of the line. Don't forget that you will need root privileges in order to save any changes to that file.

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 2 years ago in Social & Random
Read more