.deb package signing key at ubuntu keyserver expired.

Reply

.deb package signing key at ubuntu keyserver expired.

decafbad
Casual Listener

that's all.

19 Replies

Re: .deb package signing key at ubuntu keyserver expired.

steveyh19
Regular

Is this why I'm getting:

 

W: GPG error: http://repository.spotify.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EFDC8610341D9410
E: The repository 'http://repository.spotify.com stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

 

 

I'm just trying to run "apt update" after following instructions from the website. Can't even install it

Re: .deb package signing key at ubuntu keyserver expired.

decafbad
Casual Listener

This should work:

 

apt-get install -oAcquire::AllowInsecureRepositories=true update

apt-get -y install -oAcquire::AllowInsecureRepositories=true install spotify-client

Re: .deb package signing key at ubuntu keyserver expired.

steveyh19
Regular

Yeah, no thanks

Highlighted

Re: .deb package signing key at ubuntu keyserver expired.

andlun
Newbie

indeed there no way to install spotify deb package securely so no spotify...

pls update you key!

Re: .deb package signing key at ubuntu keyserver expired.

surjray
Newbie

I am having the same issue in Ubuntu. Not being able to install the Spotify client. Please update the .deb signing keys. Thanking you.

Re: .deb package signing key at ubuntu keyserver expired.

e7d
Casual Listener

Hey there,

 

Had the same problem, today but it just looks like the GPG key has changed, and the documentation for Ubuntu is not up-to-date with the good one.

 

Just try this key retrieval command instead:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EFDC8610341D9410

You will see the legit GPG be fetched from repository:

Executing: /tmp/apt-key-gpghome.AFmyKQEN5f/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys EFDC8610341D9410
gpg: key EFDC8610341D9410: public key "Spotify Public Repository Signing Key <tux@spotify.com>" imported
gpg: Total number processed: 1
gpg: imported: 1

Then Spotify would be installable with the normal commands:

sudo apt-get update
sudo apt-get install spotify-client

 

Hope this helps!

Re: .deb package signing key at ubuntu keyserver expired.

lephoenix73
Casual Listener

I just tried what you suggested but apt still complains

 

Err:9 http://repository.spotify.com stable InRelease                          
  The following signatures were invalid: KEYEXPIRED 1532522191
....
Reading package lists... Done                      
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repository.spotify.com stable InRelease: The following signatures were invalid: KEYEXPIRED 1532522191
W: Failed to fetch http://repository.spotify.com/dists/stable/InRelease  The following signatures were invalid: KEYEXPIRED 1532522191
W: Some index files failed to download. They have been ignored, or old ones used instead.

Re: .deb package signing key at ubuntu keyserver expired.

Voziv
Newbie

I tried redownloading the key, however it seems the "new" key expired today.

 

I removed the old key and updating gives me this:

Err:12 http://repository.spotify.com stable InRelease                                                
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EFDC8610341D9410

I then tried getting the new key with

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EFDC8610341D9410
Executing: /tmp/tmp.UF3PpeJZvk/gpg.1.sh --keyserver
keyserver.ubuntu.com
--recv-keys
EFDC8610341D9410
gpg: requesting key 341D9410 from hkp server keyserver.ubuntu.com
gpg: key 341D9410: public key "Spotify Public Repository Signing Key <tux@spotify.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

Updating with the new key gives me this error

sudo apt update
Err:7 http://repository.spotify.com stable InRelease 
 The following signatures were invalid: KEYEXPIRED 1532522191

And finally checking the expired keys I see this

sudo apt-key list | grep expired
pub   4096R/341D9410 2017-07-25 [expired: 2018-07-25]

 

 

 

Re: .deb package signing key at ubuntu keyserver expired.

sconetto
Newbie

Still getting an error when trying to solve this:

W: Erro GPG: http://repository.spotify.com stable InRelease: As seguintes assinaturas eram inválidas: KEYEXPIRED 1532522191
W: The repository 'http://repository.spotify.com stable InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.


When I run `sudo apt-key list` it shows both of the keys:

 

 

pub   4096R/48BF1C90 2018-05-23 [expira: 2019-08-16]
uid                  Spotify Public Repository Signing Key <tux@spotify.com>

pub   4096R/341D9410 2017-07-25 [expirado: 2018-07-25]
uid                  Spotify Public Repository Signing Key <tux@spotify.com>

If I remove the expired key and then run `sudo apt-get update` the console says NO_PUBKEY 341D9410, it doesn't use the "good" key.

 

 

Any idea?

P.S.: Apologies for my rusty English, I'm actually from Brasil.

SUGGESTED POSTS