gpg: 1 signature not checked due to a missing key

Can't sudo apt-get update:

Ign:8 http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04  Release.gpg
Reading package lists... Done    
W: GPG error: http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04  Release: The following signatures were invalid: EXPKEYSIG 5A7D1D38BEB6D886 home:Horst3180 OBS Project <home:[email protected]>
E: The repository 'http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04  Release' is not signed.

From numerous tries, I get

1 signature not checked due to a missing key

My attempt is:

sudo apt-key adv --keyserver hkp://keys.gnupg.net:80 --recv-keys 5A7D1D38BEB6D886
Executing: /tmp/apt-key-gpghome.f5yVraTkTa/gpg.1.sh --keyserver hkp://keys.gnupg.net:80 --recv-keys 5A7D1D38BEB6D886
gpg: key 5A7D1D38BEB6D886: 1 signature not checked due to a missing key
gpg: key 5A7D1D38BEB6D886: "home:Horst3180 OBS Project <home:[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

Am I getting closer? Other unfruitful attempts include:

  1. This command

    wget -nv http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04/Release.key -O Release.key
    
    sudo apt-key add - < Release.key
    
  2. software.opensuse.org

    sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04/ /' > /etc/apt/sources.list.d/home:Horst3180.list"
    wget -nv https://download.opensuse.org/repositories/home:Horst3180/xUbuntu_16.04/Release.key -O Release.key
    sudo apt-key add - < Release.key
    
  3. This command

    sudo rm /var/lib/apt/lists/* -vf
    
  4. This command

    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5A7D1D38BEB6D886
    

    returns

    Executing: /tmp/apt-key-gpghome.9tPKjtyC1E/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 5A7D1D38BEB6D886
    gpg: keyserver receive failed: No keyserver available
    

Note that at Horst3180's Home Project, the GPG key 5A7D1D38BEB6D886 has the expiration date of 2019-10-02, so the key is no longer valid it seems.


In general, if the gpg key is expired there is nothing much you can do when you're not the owner of the repo, except trying to contact the administrator.

If you trust this repo, or really need something from it and don't care much about this security feature, you may also skip the gpg check by adding the --allow-unauthenticated option to apt-get.

Example: sudo apt-get --allow-unauthenticated update, sudo apt-get -y --allow-unauthenticated install foo.

You can also make this option permanent by using your own config file at /etc/apt/apt.conf.d/ directory. In your conf file simply add APT::Get::AllowUnauthenticated "true"; stanza.

Note: if choosing the permanent option, you should carefully add your options so this will take effect only on this specific repo and not every other repo, as it is considered a security risk.