gpg: 1 signature not checked due to a missing key
Can't sudo apt-get update
:
Ign:8 http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04 Release.gpg
Reading package lists... Done
W: GPG error: http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04 Release: The following signatures were invalid: EXPKEYSIG 5A7D1D38BEB6D886 home:Horst3180 OBS Project <home:[email protected]>
E: The repository 'http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04 Release' is not signed.
From numerous tries, I get
1 signature not checked due to a missing key
My attempt is:
sudo apt-key adv --keyserver hkp://keys.gnupg.net:80 --recv-keys 5A7D1D38BEB6D886
Executing: /tmp/apt-key-gpghome.f5yVraTkTa/gpg.1.sh --keyserver hkp://keys.gnupg.net:80 --recv-keys 5A7D1D38BEB6D886
gpg: key 5A7D1D38BEB6D886: 1 signature not checked due to a missing key
gpg: key 5A7D1D38BEB6D886: "home:Horst3180 OBS Project <home:[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
Am I getting closer? Other unfruitful attempts include:
-
This command
wget -nv http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04/Release.key -O Release.key sudo apt-key add - < Release.key
-
software.opensuse.org
sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04/ /' > /etc/apt/sources.list.d/home:Horst3180.list" wget -nv https://download.opensuse.org/repositories/home:Horst3180/xUbuntu_16.04/Release.key -O Release.key sudo apt-key add - < Release.key
-
This command
sudo rm /var/lib/apt/lists/* -vf
-
This command
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5A7D1D38BEB6D886
returns
Executing: /tmp/apt-key-gpghome.9tPKjtyC1E/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 5A7D1D38BEB6D886 gpg: keyserver receive failed: No keyserver available
Note that at Horst3180's Home Project, the GPG key 5A7D1D38BEB6D886
has the expiration date of 2019-10-02
, so the key is no longer valid it seems.
In general, if the gpg key is expired there is nothing much you can do when you're not the owner of the repo, except trying to contact the administrator.
If you trust this repo, or really need something from it and don't care much about this security feature, you may also skip the gpg check by adding the --allow-unauthenticated
option to apt-get.
Example: sudo apt-get --allow-unauthenticated update
, sudo apt-get -y --allow-unauthenticated install foo
.
You can also make this option permanent by using your own config file at /etc/apt/apt.conf.d/
directory.
In your conf file simply add APT::Get::AllowUnauthenticated "true";
stanza.
Note: if choosing the permanent option, you should carefully add your options so this will take effect only on this specific repo and not every other repo, as it is considered a security risk.