[SyncEvolution] Invalid signature for SyncEvolution 1.5.3 repo

Patrick Ohly patrick.ohly at intel.com
Thu Feb 28 13:15:15 PST 2019


Graham Cobb <g+syncevolution at cobb.uk.net> writes:
> I wanted to try out syncevolution with the Windows 10 Debian environment.
>
> I tried following the instructions at
> https://syncevolution.org/blogs/pohly/2018/syncevolution-153, including
> using apt-key to import the signing key. That stage went fine, but I got
> the following error from apt-get update:
>
> Err:5 https://download.01.org/syncevolution/apt stable InRelease
>   The following signatures were invalid: EXPKEYSIG 9B911472715D06C6
> SyncEvolution <syncevolution at syncevolution.org>
> Reading package lists... Done
> W: GPG error: https://download.01.org/syncevolution/apt stable
> InRelease: The following signatures were invalid: EXPKEYSIG
> 9B911472715D06C6 SyncEvolution <syncevolution at syncevolution.org>
> E: The repository 'https://download.01.org/syncevolution/apt stable
> InRelease' is not signed.

Consider this my yearly test whether someone is still using the repo ;-}

But seriously, sorry for this. I have a yearly reminder for key renewal,
but managed to not renew the renewal reminder when I updated the keys
last year. I had noticed the issue myself but then didn't have time to
deal with it right away.

This is all a bit complicated and although I have the steps written
down, each year there are new surprises. This year it was that the newly
signed repo was still getting rejected. I had to switch to a newer
hashing algorithm.

Long story short, it should work again. Remember that as users you still
need to renew the signing key with:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 43D03AD9

I am wondering whether the one year time limit for the signing key is
really worth the effort...

Bye, Patrick


More information about the SyncEvolution mailing list