Expired Key Signature

Solved!
Reply

Expired Key Signature

user-removed
Not applicable

 

I am a Spotify for Linux user. Ever since I got up this morning I have been getting an error from my update manager that Spotify's repo signing keys are expired. Anyone know what's going on? The error message I am getting is as follows:

 

"An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repository.spotify.com stable InRelease: The following signatures were invalid: EXPKEYSIG EFDC8610341D9410 Spotify Public Repository Signing Key <tux@spotify.com>Failed to fetch http://repository.spotify.com/dists/stable/InRelease  The following signatures were invalid: EXPKEYSIG EFDC8610341D9410 Spotify Public Repository Signing Key <tux@spotify.com>Some index files failed to download. They have been ignored, or old ones used instead."

1 ACCEPTED SOLUTION

Accepted Solutions
Solution!

Re: Expired Key Signature

bjoerntw
Newbie

The repository is not signed with the key, that you've been told on https://www.spotify.com/de/download/linux/

At the moment, the repository is signed with 0x341d9410, you can see that on http://repository.spotify.com/dists/stable/InRelease

As you can see here: https://keyserver.ubuntu.com/pks/lookup?search=0x341D9410&op=vindex
the key expired today, thats why the key is no longer trusted.

  As a user, you can deactivate the repository temporarily to avoid any error messages. To solve this problem, spotify has to change the signature key for the repository.

8 Replies
Solution!

Re: Expired Key Signature

bjoerntw
Newbie

The repository is not signed with the key, that you've been told on https://www.spotify.com/de/download/linux/

At the moment, the repository is signed with 0x341d9410, you can see that on http://repository.spotify.com/dists/stable/InRelease

As you can see here: https://keyserver.ubuntu.com/pks/lookup?search=0x341D9410&op=vindex
the key expired today, thats why the key is no longer trusted.

  As a user, you can deactivate the repository temporarily to avoid any error messages. To solve this problem, spotify has to change the signature key for the repository.

Re: Expired Key Signature

paladin1971
Newbie

I'm getting the same issue and I'm a paid subscriber. I hope Spotify fixes this soon and lets us know they've fixed it by telling subscribers about the new key we will have to import.

Re: Expired Key Signature

user-removed
Not applicable

Thank you for clarifying the issue. I assumed something like this was the matter, but I was unsure. I appreciate your help!

Re: Expired Key Signature

FlatronEZ
Casual Listener

I saw this yesterday too. Not a dealbreaker though. It'll get fixed soon I assume.

 

I am still so happy that the Spotify team cares and releases a proper Linux client! <3

Re: Expired Key Signature

Bboije
Newbie

Noticed this issue this morning as well. Started with checking the local keys for the repository and found that I already had a valid key. The spotify repository is signed signed with the older key.

 

These are the keys I have for spotify:

$ apt-key adv --fingerprint spotify
Executing: /tmp/tmp.pQCKQOMsEw/gpg.1.sh --fingerprint
spotify
pub   4096R/341D9410 2017-07-25 [expired: 2018-07-25]
      Key fingerprint = 0DF7 31E4 5CE2 4F27 EEEB  1450 EFDC 8610 341D 9410
uid                  Spotify Public Repository Signing Key <tux@spotify.com>

pub   4096R/48BF1C90 2018-05-23 [expires: 2019-08-16]
      Key fingerprint = 931F F8E7 9F08 7613 4EDD  BDCC A87F F9DF 48BF 1C90
uid                  Spotify Public Repository Signing Key <tux@spotify.com>

 

Re: Expired Key Signature

mnezmah
Visitor

How can I deactivate repo?

Re: Expired Key Signature

tolgacesur
Visitor
sudo rm /etc/apt/sources.list.d/spotify.list

 

 

Highlighted

Re: Expired Key Signature

Rising Star 13 ArtGravity
Rising Star 13

@mnezmah wrote:

How can I deactivate repo?


Open /etc/apt/sources.list.d/spotify.list with root privileges in your preferred text editor. (e.g. sudo vim /etc/apt/sources.list.d/spotify.list)

Place "# " at the beginning of the line that contains:

deb http://repository.spotify.com stable non-free

It will now look like this:

# deb http://repository.spotify.com stable non-free

Save and exit.

Reactivating the repository is as simple as removing the "# " from the beginning of the line. Don't forget that you will need root privileges in order to save any changes to that file.

ArtGravityRising Star 13
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.
SUGGESTED POSTS