repo-public.gpg expired today
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Jul 25, 2020 5:01 pm
repo-public.gpg expired today
Just ran into an issue when trying to update:
An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://build.openvpn.net/debian/openvpn/release/2.4 jessie InRelease: The following signatures were invalid: EXPKEYSIG 8E6DA8B4E158C569 Samuli Seppänen (OpenVPN Technologies, Inc) <samuli@openvpn.net>
Looks like the key expired today:
apt-key list | grep -A 1 expired
Warning: apt-key output should not be parsed (stdout is not a terminal)
pub rsa2048 2011-08-03 [SC] [expired: 2020-07-25]
30EB F4E7 3CCE 63EE E124 DD27 8E6D A8B4 E158 C569
uid [ expired] Samuli Seppänen (OpenVPN Technologies, Inc) <samuli@openvpn.net>
Is there an updated pgp key yet?
I did follow the steps here but it pulls the same key:
https://community.openvpn.net/openvpn/w ... twareRepos
An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://build.openvpn.net/debian/openvpn/release/2.4 jessie InRelease: The following signatures were invalid: EXPKEYSIG 8E6DA8B4E158C569 Samuli Seppänen (OpenVPN Technologies, Inc) <samuli@openvpn.net>
Looks like the key expired today:
apt-key list | grep -A 1 expired
Warning: apt-key output should not be parsed (stdout is not a terminal)
pub rsa2048 2011-08-03 [SC] [expired: 2020-07-25]
30EB F4E7 3CCE 63EE E124 DD27 8E6D A8B4 E158 C569
uid [ expired] Samuli Seppänen (OpenVPN Technologies, Inc) <samuli@openvpn.net>
Is there an updated pgp key yet?
I did follow the steps here but it pulls the same key:
https://community.openvpn.net/openvpn/w ... twareRepos
Last edited by Pippin on Sat Jul 25, 2020 5:26 pm, edited 1 time in total.
Reason: Fix anti spam url
Reason: Fix anti spam url
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: repo-public.gpg expired today
Thanks for the heads-up.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Jul 26, 2020 5:12 am
OpenVPN repo keys expired
The keys on my ubuntu server expired. The openvpn repo can't be updated:
pub 2048R/E158C569 2011-08-03 [expired: 2020-07-25]
uid Samuli Seppänen (OpenVPN Technologies, Inc) <samuli@openvpn.net>
I tried to follow the community guide to update the keys but it still says it's expired:Failed to fetch https://build.openvpn.net/debian/openvp ... /InRelease The following signatures were invalid: KEYEXPIRED 1595684909 KEYEXPIRED 1595684909 KEYEXPIRED 1595684909
sudo apt-key adv --keyserver keys.gnupg.net --recv-keys E158C569
wget -O - https://swupdate.openvpn.net/repos/repo ... pg|apt-key add -
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sun Jul 26, 2020 9:01 pm
debian repo key expired
hi. Key was expired. Fix this please
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Jul 27, 2020 6:53 am
Expired Key
Hi,
My key for the OpenVPN Ubuntu repository has expired.
I have followed the instructions in this page: https://community.openvpn.net/openvpn/w ... b_wGZb8dtA and added the key successfully.
However, when I run, I receive the following error:
Thanks!
My key for the OpenVPN Ubuntu repository has expired.
I have followed the instructions in this page: https://community.openvpn.net/openvpn/w ... b_wGZb8dtA and added the key successfully.
However, when I run
Code: Select all
apt-get update
W: Failed to fetch http://build.openvpn.net/debian/openvpn ... /InRelease The following signatures were invalid: EXPKEYSIG 8E6DA8B4E158C569 Samuli Seppänen (OpenVPN Technologies, Inc) <samuli@openvpn.net>
Thanks!
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Jul 26, 2020 5:12 am
Re: Expired Key
Same, there are already 2 topics opened about this. Mine got merged with another one without notice...
Also, it's a bit worrying to see that keys always expires, it happened a few years ago.
Isn't there a way to automate renewal ?
Also, it's a bit worrying to see that keys always expires, it happened a few years ago.
Isn't there a way to automate renewal ?
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Jul 26, 2020 5:12 am
Re: repo-public.gpg expired today
Already 4 topics opened about this, the others are in Forum & Website Support section.
I'm not sure why this is still no addressed... it's a pretty big deal since we won't get any update, unattended or not, until the keys are updated.
Isn't it a security issue ?
I'm not sure why this is still no addressed... it's a pretty big deal since we won't get any update, unattended or not, until the keys are updated.
Isn't it a security issue ?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: repo-public.gpg expired today
It will be fixed when Samuli can fix it. Until then .....
-
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Jul 27, 2020 4:28 pm
EXPKEYSIG
Hi. I have run the following commands and still get invalid signatures.My request has been rightly added to "repo-public.gpg expired today" thread.
Debian 10.4
4.19.0-9-amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64 GNU/Linux
Code: Select all
apt-key del 30EBF4E73CCE63EEE124DD278E6DA8B4E158C569
apt-key del 8E6DA8B4E158C569
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add -
root@pi:~# apt update
Err:6 http://build.openvpn.net/debian/openvpn/stable buster InRelease
The following signatures were invalid: EXPKEYSIG 8E6DA8B4E158C569 Samuli Seppänen (OpenVPN Technologies, Inc) <samuli@openvpn.net>
Code: Select all
root@pi:~# openvpn --version
OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 30 2019
library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Jul 28, 2020 12:39 am
GPG Key Expired
I believe the GPG key is expired and may need to be updated. I already tried deleting the key via as indicated in https://community.openvpn.net/openvpn/w ... twareRepos to no avail. For reference, I'm on Ubuntu 16.04.
Code: Select all
apt-key del E158C569 && wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add -
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Jul 26, 2020 5:12 am
Re: repo-public.gpg expired today
Fair enough, and he probably have other things to do.TinCanTech wrote: ↑Mon Jul 27, 2020 11:15 amIt will be fixed when Samuli can fix it. Until then .....
But I'm just curious to know why this isn't automated and/or why this isn't a priority. Case might be that there is a vulnerability in a version of openvpn and we wouldn't be able to update through apt or to have a proper unattended server because of the key expiry.
It might not be the case today but it might become a security issue one day...
And because there is no announcement, people keep on creating topics: in off-topic (actually I don't see why it's off topic), in Forum & Website Support.
I don't see why it's not in Server Administration.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: repo-public.gpg expired today
Keys are updated:
viewtopic.php?f=20&t=30710
viewtopic.php?f=20&t=30710
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Jul 28, 2020 2:01 pm
Expired Key
I cannon update OpenVPN from the Debian/Ubuntu repo (https://community.openvpn.net/openvpn/w ... twareRepos):
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://build.openvpn.net/debian/openvpn/stable bionic InRelease: The following signatures were invalid: EXPKEYSIG 8E6DA8B4E158C569 Samuli Seppänen (OpenVPN Technologies, Inc) <samuli@openvpn.net>
The signature was expired on 2020-07-25.
Please advise
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://build.openvpn.net/debian/openvpn/stable bionic InRelease: The following signatures were invalid: EXPKEYSIG 8E6DA8B4E158C569 Samuli Seppänen (OpenVPN Technologies, Inc) <samuli@openvpn.net>
The signature was expired on 2020-07-25.
Please advise
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Jul 28, 2020 2:01 pm
Re: Expired Key
Found the solution viewtopic.php?f=20&t=30710