Expired Key Signature

Solved!
Reply

Expired Key Signature

user-removed
Not applicable

 

I am a Spotify for Linux user. Ever since I got up this morning I have been getting an error from my update manager that Spotify's repo signing keys are expired. Anyone know what's going on? The error message I am getting is as follows:

 

"An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repository.spotify.com stable InRelease: The following signatures were invalid: EXPKEYSIG EFDC8610341D9410 Spotify Public Repository Signing Key <tux@spotify.com>Failed to fetch http://repository.spotify.com/dists/stable/InRelease  The following signatures were invalid: EXPKEYSIG EFDC8610341D9410 Spotify Public Repository Signing Key <tux@spotify.com>Some index files failed to download. They have been ignored, or old ones used instead."

1 ACCEPTED SOLUTION

Accepted Solutions
Solution!

Re: Expired Key Signature

bjoerntw
Newbie

The repository is not signed with the key, that you've been told on https://www.spotify.com/de/download/linux/

At the moment, the repository is signed with 0x341d9410, you can see that on http://repository.spotify.com/dists/stable/InRelease

As you can see here: https://keyserver.ubuntu.com/pks/lookup?search=0x341D9410&op=vindex
the key expired today, thats why the key is no longer trusted.

  As a user, you can deactivate the repository temporarily to avoid any error messages. To solve this problem, spotify has to change the signature key for the repository.

7 Replies
Solution!

Re: Expired Key Signature

bjoerntw
Newbie

The repository is not signed with the key, that you've been told on https://www.spotify.com/de/download/linux/

At the moment, the repository is signed with 0x341d9410, you can see that on http://repository.spotify.com/dists/stable/InRelease

As you can see here: https://keyserver.ubuntu.com/pks/lookup?search=0x341D9410&op=vindex
the key expired today, thats why the key is no longer trusted.

  As a user, you can deactivate the repository temporarily to avoid any error messages. To solve this problem, spotify has to change the signature key for the repository.

Re: Expired Key Signature

paladin1971
Newbie

I'm getting the same issue and I'm a paid subscriber. I hope Spotify fixes this soon and lets us know they've fixed it by telling subscribers about the new key we will have to import.

Re: Expired Key Signature

user-removed
Not applicable

Thank you for clarifying the issue. I assumed something like this was the matter, but I was unsure. I appreciate your help!

Re: Expired Key Signature

FlatronEZ
Casual Listener

I saw this yesterday too. Not a dealbreaker though. It'll get fixed soon I assume.

 

I am still so happy that the Spotify team cares and releases a proper Linux client! <3

Re: Expired Key Signature

Bboije
Newbie

Noticed this issue this morning as well. Started with checking the local keys for the repository and found that I already had a valid key. The spotify repository is signed signed with the older key.

 

These are the keys I have for spotify:

$ apt-key adv --fingerprint spotify
Executing: /tmp/tmp.pQCKQOMsEw/gpg.1.sh --fingerprint
spotify
pub   4096R/341D9410 2017-07-25 [expired: 2018-07-25]
      Key fingerprint = 0DF7 31E4 5CE2 4F27 EEEB  1450 EFDC 8610 341D 9410
uid                  Spotify Public Repository Signing Key <tux@spotify.com>

pub   4096R/48BF1C90 2018-05-23 [expires: 2019-08-16]
      Key fingerprint = 931F F8E7 9F08 7613 4EDD  BDCC A87F F9DF 48BF 1C90
uid                  Spotify Public Repository Signing Key <tux@spotify.com>

 

Re: Expired Key Signature

mnezmah
Visitor

How can I deactivate repo?

Re: Expired Key Signature

tolgacesur
Visitor
sudo rm /etc/apt/sources.list.d/spotify.list

 

 

SUGGESTED POSTS