gpg: 1 signature not checked due to a missing key

apt gnupg keyserver

Can't sudo apt-get update:

Ign:8 http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04  Release.gpg
Reading package lists... Done    
W: GPG error: http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04  Release: The following signatures were invalid: EXPKEYSIG 5A7D1D38BEB6D886 home:Horst3180 OBS Project <home:[email protected]>
E: The repository 'http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04  Release' is not signed.

From numerous tries, I get 

1 signature not checked due to a missing key

My attempt is:

sudo apt-key adv --keyserver hkp://keys.gnupg.net:80 --recv-keys 5A7D1D38BEB6D886
Executing: /tmp/apt-key-gpghome.f5yVraTkTa/gpg.1.sh --keyserver hkp://keys.gnupg.net:80 --recv-keys 5A7D1D38BEB6D886
gpg: key 5A7D1D38BEB6D886: 1 signature not checked due to a missing key
gpg: key 5A7D1D38BEB6D886: "home:Horst3180 OBS Project <home:[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

Am I getting closer? Other unfruitful attempts include:

  1. This command

    wget -nv http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04/Release.key -O Release.key

sudo apt-key add - < Release.key

  2. software.opensuse.org

    sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04/ /' > /etc/apt/sources.list.d/home:Horst3180.list"
wget -nv https://download.opensuse.org/repositories/home:Horst3180/xUbuntu_16.04/Release.key -O Release.key
sudo apt-key add - < Release.key

  3. This command

    sudo rm /var/lib/apt/lists/* -vf

  4. This command

    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5A7D1D38BEB6D886

    returns

    Executing: /tmp/apt-key-gpghome.9tPKjtyC1E/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 5A7D1D38BEB6D886
gpg: keyserver receive failed: No keyserver available

Note that at Horst3180's Home Project, the GPG key 5A7D1D38BEB6D886 has the expiration date of 2019-10-02, so the key is no longer valid it seems.


In general, if the gpg key is expired there is nothing much you can do when you're not the owner of the repo, except trying to contact the administrator.

If you trust this repo, or really need something from it and don't care much about this security feature, you may also skip the gpg check by adding the --allow-unauthenticated option to apt-get.

Example: sudo apt-get --allow-unauthenticated update, sudo apt-get -y --allow-unauthenticated install foo.

You can also make this option permanent by using your own config file at /etc/apt/apt.conf.d/ directory. In your conf file simply add APT::Get::AllowUnauthenticated "true"; stanza.

Note: if choosing the permanent option, you should carefully add your options so this will take effect only on this specific repo and not every other repo, as it is considered a security risk.

Related

How do I access mounted hard drive with a Snap application?
Font showing strange characters in konsole (Kubuntu 20.04)
Ubuntu 20.04.1 LTS problem with 2K resolution on additional screen
Trouble creating library package
What are the must-have apps to customize Ubuntu Look and Feel?
Is there a tablet-centric desktop available for Ubuntu?
Can I override an SD card's write-protect switch?
How can I quickly recompile the kernel after changing the configuration?
Convert Grub entry to Grub2 entry?
Is it safe to resize my swap partition on a production system?
Can virtual terminals (ctrl+alt+f*) use external monitors?
On screen Keyboard with uTouch