This bug was fixed in the package ubuntu-keyring - 2020.02.11.4
---------------
ubuntu-keyring (2020.02.11.4) focal; urgency=medium
* Remove expiry of the ddebs.ubuntu.com key. LP: #1920640
-- Dimitri John Ledkov <x...@ubuntu.com> Mon, 29 Mar 2021 15:29:33
+0100
** Changed in: ubuntu-keyring (Ubuntu Focal)
Status: Fix Committed => Fix Released
** Changed in: ubuntu-keyring (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1920640
Title:
EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic
Signing Key (2016) <ubuntu-arch...@lists.ubuntu.com>
Status in ubuntu-keyring package in Ubuntu:
Fix Released
Status in ubuntu-keyring source package in Bionic:
Fix Released
Status in ubuntu-keyring source package in Focal:
Fix Released
Status in ubuntu-keyring source package in Groovy:
Fix Released
Status in ubuntu-keyring source package in Hirsute:
Fix Released
Bug description:
[Impact]
* Cannot update apt metadata from ddebs.ubuntu.com whilst using
ubuntu-dbgsym-keyring package
[Test Plan]
* Install ubuntu-dbgsym-keyring package
* Add ddebs.ubuntu.com repository for your release
* sudo apt update must be successful
* Install ubuntu-dbgsym-keyring package
* Install and use `apt-key list` and check that there is no expiry on the
dbgsym key
I.e. bad output
/etc/apt/trusted.gpg.d/ubuntu-keyring-2016-dbgsym.gpg
-----------------------------------------------------
pub rsa4096 2016-03-21 [SC] [expired: 2021-03-20]
F2ED C64D C5AE E1F6 B9C6 21F0 C8CA B659 5FDF F622
uid [ expired] Ubuntu Debug Symbol Archive Automatic Signing Key
(2016) <ubuntu-arch...@lists.ubuntu.com>
Good output has no [date] in the pub line.
[Where problems could occur]
* At the moment the signature was bumped by one year
* Meaning this issue will occur again in 2022
* Instead the key must be set to not expire & new round of SRUs issued
[Other Info]
* Original bug report
The public key used by the debugging symbols repository
/usr/share/keyrings/ubuntu-dbgsym-keyring.gpg from the package ubuntu-
dbgsym-keyring expired.
$ apt policy ubuntu-dbgsym-keyring
ubuntu-dbgsym-keyring:
Installed: 2020.02.11.2
Candidate: 2020.02.11.2
Version table:
*** 2020.02.11.2 500
500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
500 http://archive.ubuntu.com/ubuntu focal/main i386 Packages
100 /var/lib/dpkg/status
$ gpg --no-default-keyring --keyring
/usr/share/keyrings/ubuntu-dbgsym-keyring.gpg --list-keys
/usr/share/keyrings/ubuntu-dbgsym-keyring.gpg
---------------------------------------------
pub rsa4096 2016-03-21 [SC] [expired: 2021-03-20]
F2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622
uid [ expired] Ubuntu Debug Symbol Archive Automatic Signing Key
(2016) <ubuntu-arch...@lists.ubuntu.com>
Error message on "apt update":
E: The repository 'http://ddebs.ubuntu.com bionic-updates Release' is not
signed.
N: Updating from such a repository can't be done securely, and is therefore
disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration
details.
W: GPG error: http://ddebs.ubuntu.com bionic Release: The following
signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive
Automatic Signing Key (2016) <ubuntu-arch...@lists.ubuntu.com>
E: The repository 'http://ddebs.ubuntu.com bionic Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore
disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration
details.
W: GPG error: http://ddebs.ubuntu.com bionic-proposed Release: The following
signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive
Automatic Signing Key (2016) <ubuntu-arch...@lists.ubuntu.com>
E: The repository 'http://ddebs.ubuntu.com bionic-proposed Release' is not
signed.
N: Updating from such a repository can't be done securely, and is therefore
disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration
details.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1920640/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
