PPA GPG Key Expired?

[TaylorAdams]

Hello, I was just attempting to follow the install instructions in the docs for 20.04, and it looks like there may be an issue with the ppa gpg key?

E: The repository 'https://regolith-desktop.org/release-ubuntu-focal-amd64 focal InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

Then checking with apt-key list it looks like perhaps the key expired today, Aug. 15. Not sure if that actually, coincidentally is the case or if I just messed up somewhere along the way. Thanks for any tips/assistance.

[w18g]

Same on 22.04

Err:5 https://regolith-desktop.org/release-ubuntu-jammy-amd64 jammy InRelease
  The following signatures were invalid: EXPKEYSIG BFE717649A5C3D08 Regolith Linux <[email protected]>

[kgilmer]

taking a look...

[kgilmer]

Seems that I need to sign packages with a new key. This may take some time.

[Vosjedev]

any estimation on how long?

[ENate]

Also have same problem. Cannot update with expired key on Ubuntu 22.04

[anlif]

a quick hack is to edit /etc/apt/sources.list.d/regolith.list to something like
[arch=amd64 trusted=yes] http:// ...
see https://unix.stackexchange.com/questions/198000/bypass-gpg-signature-checks-only-for-a-single-repository

[kgilmer]

There will be no updates to packages in the Regolith repository until the key situation is resolved, so you won't miss anything if you simply disable the repository (by adding a # to the front of the line) in the short term, if the errors cause problems:

Example (/etc/apt/sources.list.d/regolith.list):

# deb [arch=amd64 signed-by=/usr/share/keyrings/regolith-archive-keyring.gpg] https://regolith-desktop.org/unstable-ubuntu-lunar-amd64 lunar main

FYI: I will respond in this thread when a new key has been issued against the repository packages.

[ghost]

Hello, I think a new problem is related with this issue

E: The repository 'https://regolith-desktop.org/release-ubuntu-kinetic-amd64 kinetic Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

Can't install any package

[kgilmer]

A, yes. We don't build kinetic anymore. Thanks for reporting @nlopez-backupta.

[ghost]

Can you update the doc in https://regolith-desktop.com/ with the new repo for lunar please ? Is it stable now ?

[kgilmer]

It hasn't been released yet @nlopez-backupta . I am working on releasing beta 4 today.

[kgilmer]

Installing Regolith 2.2 on Ubuntu Kinetic should be back now. CC @nlopez-backupta

[kgilmer]

Thread summary:

The Regolith key used to sign Debian packages expired. A new key was generated and all packages were rebuilt with the new key. The old key was replaced with the new one: https://regolith-desktop.org/regolith.key.

To resolve the "invalid key" error from apt when doing an update, install the new key. This is done by re-running the command listed in the install section of regolith-desktop.com. For example, on Ubuntu Jammy:

wget -qO - https://regolith-desktop.org/regolith.key | \
gpg --dearmor | sudo tee /usr/share/keyrings/regolith-archive-keyring.gpg > /dev/null

[uciharis]

it works for me ( im using regolith iso kinetic version )

[harold]

Also worked great for me - <3 regolith - long may it live. Thank you @kgilmer for everything.

[snspinn]

Only getting this error today on Regolith2 (Ubuntu 22.04).

If you're like me and have a habit of using apt-get update instead of apt update, you'll need to use apt to get around the lines:

E: Repository 'https://regolith-desktop.org/release-ubuntu-jammy-amd64 jammy InRelease' changed its 'Label' value from 'https://regolith-release-ubuntu-jammy-amd64.s3.us-east-2.amazonaws.com' to 'https://regolith-desktop.org/release-ubuntu-jammy-amd64'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

..and then enter "y" to accept this explicitly, when prompted.

[kgilmer]

Hi @snspinn , yeah that prompt is due to an earlier change where some decorative metadata was changed in the repo (for awhile S3 was being used to store packages, but we moved away from this to lower costs). You shouldn't have to deal with it again once you've acknowledged the change.