Alan Homobono <alanhomob...@prodap.ap.gov.br> wrote on 13/05/2023 at 05:56:45+0200:
> Trying to upgrade Debian 8.3 Jessie to Debian 10.13 Buster, I continue > getting "KEYEXPIRED" error message after run apt-get update, even renewing > expired keys: > > # apt-key list | grep -A 1 expired > pub 1024D/5072E1F5 2003-02-03 [expired: 2022-02-16] > uid MySQL Release Engineering > <mysql-bu...@oss.oracle.com> > -- > pub 4096R/518E17E1 2013-08-17 [expired: 2021-08-15] > uid Jessie Stable Release Key > <debian-release@lists.debian.org> > -- > pub 4096R/65FFB764 2012-05-08 [expired: 2019-05-07] > uid Wheezy Stable Release Key > <debian-release@lists.debian.org> > > > # apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 5072E1F5 > ; apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 518E17E1 > ; apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 65FFB764 > Executing: gpg --ignore-time-conflict --no-options --no-default-keyring > --homedir /tmp/tmp.dux8x5wGCC --no-auto-check-trustdb --trust-model always > --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg > --keyring /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg > --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver > hkp://keyserver.ubuntu.com:80 --recv-keys 5072E1F5 > gpg: requesting key 5072E1F5 from hkp server keyserver.ubuntu.com > gpg: key 5072E1F5: "MySQL Release Engineering > <mysql-bu...@oss.oracle.com>" not changed > gpg: Número total processado: 1 > gpg: não modificados: 1 > Executing: gpg --ignore-time-conflict --no-options --no-default-keyring > --homedir /tmp/tmp.4zdbdTUejR --no-auto-check-trustdb --trust-model always > --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg > --keyring /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg > --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver > hkp://keyserver.ubuntu.com:80 --recv-keys 518E17E1 > gpg: requesting key 518E17E1 from hkp server keyserver.ubuntu.com > gpg: key 518E17E1: "Jessie Stable Release Key > <debian-release@lists.debian.org>" not changed > gpg: Número total processado: 1 > gpg: não modificados: 1 > Executing: gpg --ignore-time-conflict --no-options --no-default-keyring > --homedir /tmp/tmp.SxFd1nEp2W --no-auto-check-trustdb --trust-model always > --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg > --keyring /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg > --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver > hkp://keyserver.ubuntu.com:80 --recv-keys 65FFB764 > gpg: requesting key 65FFB764 from hkp server keyserver.ubuntu.com > gpg: key 65FFB764: "Wheezy Stable Release Key > <debian-release@lists.debian.org>" not changed > gpg: Número total processado: 1 > gpg: não modificados: 1 > > > # apt-get update > ... > Lendo listas de pacotes... Pronto > W: Ocorreu um erro durante a verificação da assinatura. O repositório não > está actualizado e serão utilizados os ficheiros anteriores de índice. Erro > do GPG: http://repo.mysql.com jessie InRelease: As seguintes assinaturas eram > inválidas: KEYEXPIRED 1645052400 KEYEXPIRED 1645052400 KEYEXPIRED 1645052400 > ... > > My /etc/apt/sources.list: > > deb http://security.debian.org/ jessie/updates main contrib non-free > deb-src http://security.debian.org/ jessie/updates main contrib non-free > deb http://ftp.br.debian.org/debian/ jessie main contrib non-free > deb-src http://ftp.br.debian.org/debian/ jessie main contrib non-free > > How can I solve it? Jessie's key is, as stated by apt and gnupg, expired, and its release key won't be refreshed anymore. Therefore you can't make things work as if it was not, except with "faketime", but it's not a proper idea. As you intend to upgrade to Debian 10, just add the buster repository in your sources.list, install debian-archive-keyring from there and the do an update/dist-upgrade, and things will work. The main issue you'll have is that you'll have to upgrade debian-archive-keyring without being able to check buster's release signature (as far as I can remember, buster's key isn't in jessie's version of debian-archive-keyring). The only way to avoid that would be to first add stretch to your sources.list, update, install debian-archive-keyring, and then add buster to your sources.list. Regards, -- PEB
signature.asc
Description: PGP signature
