Expired Keys

ChloeMcLean 2025-08-26 18:29:55 UTC #1

It appears that the release keys stored on the opensuse servers have expired (for example: https://download.opensuse.org/repositories/server:/eGroupWare/xUbuntu_24.04/Release.key)

This makes following the docker installation instructions (from Github) impossible as you can’t add expired keys to the keyring.

*User ID: server:eGroupWare OBS Project server:eGroupWare@build.opensuse.org
*Name: server:eGroupWare OBS Project
*Email: server:eGroupWare@build.opensuse.org
*Comment: -
*Created: Wed, 02 Nov 2016 14:26:36 GMT
*Expires: Fri, 22 Aug 2025 14:46:34 GMT
*Fingerprint: E967 FA40 D019 9F03 B360 E653 3545 DFD6 8B5C 64E0
*Key ID: 3545DFD68B5C64E0
*Algorithm: RSA (Encrypt or Sign)

itwo 2025-08-28 09:18:54 UTC #2

Same issue here on our Debian 12 system.
@RalfBecker

itwo 2025-08-28 10:18:00 UTC #3

jon 2025-08-29 14:58:04 UTC #4

Same issue here with xUbuntu24.04 Release.key when launching apt update :

Get:5 http://download.opensuse.org/repositories/server:/eGroupWare/xUbuntu_24.04 InRelease [1544 B]
Err:5 http://download.opensuse.org/repositories/server:/eGroupWare/xUbuntu_24.04 InRelease
The following signatures were invalid: EXPKEYSIG 3545DFD68B5C64E0 server:eGroupWare OBS Project server:eGroupWare@build.opensuse.org
Reading package lists… Done
W: GPG error: http://download.opensuse.org/repositories/server:/eGroupWare/xUbuntu_24.04 InRelease: The following signatures were invalid: EXPKEYSIG 3545DFD68B5C64E0 server:eGroupWare OBS Project server:eGroupWare@build.opensuse.org
E: The repository ‘http://download.opensuse.org/repositories/server:/eGroupWare/xUbuntu_24.04 InRelease’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

-> Temporary solution: i bypass this by adding [trusted=yes] in /etc/apt/sources.list.d/server:eGroupWare.list :

deb [trusted=yes] http://download.opensuse.org/repositories/server:/eGroupWare/xUbuntu_24.04/ /

StefanU 2025-09-01 16:37:26 UTC #5

The key has now been extended (until 2027-11-10) and all (current) packages have been rebuilt/signed.

In other words, you now only need to download the key again:

wget -nv https://download.opensuse.org/repositories/server:eGroupWare/xUbuntu_24.04/Release.key -O - | sudo tee /etc/apt/trusted.gpg.d/server:eGroupWare.asc

Stefan

ChloeMcLean 2025-09-03 14:58:50 UTC #6

Thanks everyone.

daflores63 2025-09-07 16:36:16 UTC #7

Operating System: Debian GNU/Linux 12 (bookworm)
Kernel: Linux 6.1.0-18-amd64
Architecture: x86-64
Hardware Vendor: Microsoft Corporation
Hardware Model: Virtual Machine
Firmware Version: Hyper-V UEFI Release v1.0

Receiving the following error on apt update:

Err:5 http://download.opensuse.org/repositories/server:/eGroupWare/Debian_12  InRelease
The following signatures were invalid: EXPKEYSIG 3545DFD68B5C64E0 server:eGroupWare OBS Project <server:eGroupWare@build.opensuse.org>
Fetched 1,528 B in 1s (1,544 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/server:/eGroupWare/Debian_12  InRelease: The following signatures were invalid: EXPKEYSIG 3545DFD68B5C64E0 server:eGroupWare OBS Project <server:eGroupWare@build.opensuse.org>

RalfBecker 2025-09-08 06:45:35 UTC #8

Have you imported the renewed key (again)?

wget -nv https://download.opensuse.org/repositories/server:eGroupWare/xUbuntu_24.04/Release.key -O - | sudo tee /etc/apt/trusted.gpg.d/server:eGroupWare.asc
apt update

Ralf

daflores63 2025-09-10 01:49:20 UTC #9

Mr. Becker, thank you for your reply. I tried the commands you send but continue to receive an error. Screenshot attached.

RalfBecker 2025-09-10 07:22:15 UTC #10

Looks like Debian still uses the old key added with apt-key add, thought it complains not to use these keys anymore

You have now two possiblities:
a) better remove the existing key, see for example https://askubuntu.com/questions/107177/how-can-i-remove-gpg-key-that-i-added-using-apt-key-add
b) add an | apt-key add - to the command I gave and the key will also be placed in the deprecated store

Ralf

daflores63 2025-10-14 16:13:35 UTC #11

Here’s what finally fixed the problem for me:

Since the key is expired, apt refuses to trust and update from that repository. To fix this, you just need to download the repository’s new key and tell your system to use it.

Add the New Repository Key
This command will download the new GPG key from the openSUSE server, convert it to the correct format, and save it where your system can use it.

Bash

curl -fsSL http://download.opensuse.org/repositories/server:/eGroupWare/Debian_12/Release.key | sudo gpg --dearmor -o /usr/share/keyrings/egroupware-obs.gpg

Update Your Repository Source File
Next, you need to edit the source file for the eGroupWare repository to point to the new key you just added.

Find the relevant file in /etc/apt/sources.list.d/. It’s likely named egroupware.list or something similar. Open it with a text editor like nano:

Bash

sudo nano /etc/apt/sources.list.d/egroupware.list
Your existing line will look something like this:
deb http://download.opensuse.org/repositories/server:/eGroupWare/Debian_12/ ./

Modify it by adding [signed-by=/usr/share/keyrings/egroupware-obs.gpg] right after deb, like so:

Diff

#deb http://download.opensuse.org/repositories/server:/eGroupWare/Debian_12/ ./
deb [signed-by=/usr/share/keyrings/egroupware-obs.gpg] http://download.opensuse.org/repositories/server:/eGroupWare/Debian_12/ ./
Save the file and exit the editor (in nano, press Ctrl+X, then Y, then Enter).

Refresh Your Package Lists
Finally, run the update command again. The error should now be gone.

Bash

sudo apt update