GPG Error on apt-update

rriley · January 11, 2019, 1:28am

Hello,

     I keep having problem on the sources list with  GPG  error while  upgrading to   4.3-1

N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://updates.software-univention.de/3.2/maintained/component 3.2-7-errata/all/ Release: The following signatures were invalid: EXPKEYSIG 1DD67AFB2CBDA4B0 Univention Corporate Server 3.x Archive Key packages@univention.de
E: The repository ‘http://updates.software-univention.de/3.2/maintained/component 3.2-7-errata/all/ Release’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://updates.software-univention.de/3.2/maintained/component 3.2-7-errata/amd64/ Release: The following signatures were invalid: EXPKEYSIG 1DD67AFB2CBDA4B0 Univention Corporate Server 3.x Archive Key packages@univention.de
E: The repository ‘http://updates.software-univention.de/3.2/maintained/component 3.2-7-errata/amd64/ Release’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details

            How to resolve this problem or whay it is being generated?

Rolando

damrose · January 11, 2019, 9:08am

Your UCS server is at version 4.3-0, but for some reason a repository from UCS 3.2-7 is still activated. UCS 3.2-7 is out of maintenance for quite some time now, so the gpg key to verify the 3.2-7 repository is expired, which generates the error message.

This particular repository should not be enabled on a UCS 4.x server, to deactivate, it execute the following:
ucr set repository/online/component/3.2-7-errata=false

Now you can restart the update to UCS 4.3-1

Christian_Voelker · January 11, 2019, 10:04am

Hi,

using search helps sometimes.
This issue is described in this article.

Just to mention…

/CV

rriley · January 11, 2019, 6:36pm

Hello,

        After running that command  the problem   persist  with  3.2-5

t:180 http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/all/ Release [610 B]
Get:181 http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/amd64/ Release [612 B]
Hit:182 http://updates.software-univention.de/4.1/maintained/component 4.1-4-errata/all/ Release
Hit:184 http://updates.software-univention.de/4.1/maintained/component 4.1-4-errata/amd64/ Release
Hit:186 http://updates.software-univention.de/4.3/maintained/component 4.3-0-errata/all/ Release
Hit:188 http://updates.software-univention.de/4.3/maintained/component 4.3-0-errata/amd64/ Release
Hit:190 http://updates.software-univention.de/4.0/maintained/component 4.0-4-errata/all/ Release
Hit:192 http://updates.software-univention.de/4.0/maintained/component 4.0-4-errata/amd64/ Release
Get:194 http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/all/ Release.gpg [198 B]
Ign:194 http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/all/ Release.gpg
Get:195 http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/amd64/ Release.gpg [198 B]
Ign:195 http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/amd64/ Release.gpg
Reading package lists… Done
W: GPG error: http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/all/ Release: The following signatures were invalid: EXPKEYSIG 1DD67AFB2CBDA4B0 Univention Corporate Server 3.x Archive Key packages@univention.de
E: The repository ‘http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/all/ Release’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/amd64/ Release: The following signatures were invalid: EXPKEYSIG 1DD67AFB2CBDA4B0 Univention Corporate Server 3.x Archive Key packages@univention.de
E: The repository ‘http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/amd64/ Release’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration detail

safe to remove aswell?

Riley

rriley · January 11, 2019, 6:43pm

Hello Christian,

         Tried those commands and the problem still persisted

root@mail:/etc/apt/sources.list.d# ucr dump | grep transition
repository/online/component/transition: disabled

Hit:186 http://updates.software-univention.de/4.3/maintained/component 4.3-0-errata/all/ Release
Hit:188 http://updates.software-univention.de/4.3/maintained/component 4.3-0-errata/amd64/ Release
Hit:190 http://updates.software-univention.de/4.0/maintained/component 4.0-4-errata/all/ Release
Hit:192 http://updates.software-univention.de/4.0/maintained/component 4.0-4-errata/amd64/ Release
Get:194 http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/all/ Release.gpg [198 B]
Ign:194 http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/all/ Release.gpg
Get:195 http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/amd64/ Release.gpg [198 B]
Ign:195 http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/amd64/ Release.gpg
Reading package lists… Done
W: GPG error: http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/all/ Release: The following signatures were inval id: EXPKEYSIG 1DD67AFB2CBDA4B0 Univention Corporate Server 3.x Archive Key packages@univention.de
E: The repository ‘http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/all/ Release’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/amd64/ Release: The following signatures were inv alid: EXPKEYSIG 1DD67AFB2CBDA4B0 Univention Corporate Server 3.x Archive Key packages@univention.de
E: The repository ‘http://updates.software-univention.de/3.2/maintained/component 3.2-5-errata/amd64/ Release’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Riley

Christian_Voelker · January 14, 2019, 9:21am

@damrose

How about trying to replace the 3.2-7 with the current 3.2-5?

/CV