BADSIG B188E2B695BD4743 for /php on Debian GNU/Linux 12 (bookworm)

[netravnen]

Using the wrong signature key for the PHP repo for Bookworm?

Updated GPG signature

Signature updated to latest available from the authoritative URI using the debsuryorg-archive-keyring.deb package available.

Error code

Running into this error code

Err:11 http://mirrors.dotsrc.org/deb.sury.org/php bookworm InRelease                            
  The following signatures were invalid: BADSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key <[email protected]>

Sources file

Copy of the sources file I use

# cat /etc/apt/sources.list.d/deb.sury.org.list | grep --perl-regexp --invert-match '^#'
deb [arch=amd64 signed-by=/usr/share/keyrings/deb.sury.org-apache2.gpg] http://mirrors.dotsrc.org/deb.sury.org/apache2/ bookworm main
deb [arch=amd64 signed-by=/usr/share/keyrings/deb.sury.org-nginx-mainline.gpg] http://mirrors.dotsrc.org/deb.sury.org/nginx-mainline/ bookworm main
deb [arch=amd64 signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] http://mirrors.dotsrc.org/deb.sury.org/php/ bookworm main

Observation

This is only happening with the /php repo. For /apache2 and /nginx-mainline there is no issues.

[oerdnj]

Don’t do both. Remove the old key and just install the package. That should be enough.

[netravnen]

@oerdnj the keys located at /usr/share/keyrings/deb.sury.org-*.gpg are the keys installed by debsuryorg-archive-keyring.deb.

I have had tried to remove the signed-by= line from the source file. Did not make a difference if I explicitly set the key per repo. Or let the OS decide which key to use. :(

Edit: Scratch that. Thought I already tried without using signed-by=. Tried just now. Now it worked for all the prior mentioned repo'es. 🙄