I can add maintainer script to check and remove expired copies of 0xC8CAB6595FDFF622 and then like print a message that one needs to install ubuntu-dbgsym-keyring
Unfortunately, I cannot automatically ask apt to install ubuntu-dbgsym- keyring if expired dbgsym key is detected on disk =/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu. https://bugs.launchpad.net/bugs/1920640 Title: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-arch...@lists.ubuntu.com> Status in ubuntu-keyring package in Ubuntu: Fix Released Status in ubuntu-keyring source package in Bionic: Fix Released Status in ubuntu-keyring source package in Focal: Fix Released Status in ubuntu-keyring source package in Groovy: Fix Released Status in ubuntu-keyring source package in Hirsute: Fix Released Bug description: [Impact] * Cannot update apt metadata from ddebs.ubuntu.com whilst using ubuntu-dbgsym-keyring package [Test Plan] * Install ubuntu-dbgsym-keyring package * Add ddebs.ubuntu.com repository for your release * sudo apt update must be successful * Install ubuntu-dbgsym-keyring package * Install and use `apt-key list` and check that there is no expiry on the dbgsym key I.e. bad output /etc/apt/trusted.gpg.d/ubuntu-keyring-2016-dbgsym.gpg ----------------------------------------------------- pub rsa4096 2016-03-21 [SC] [expired: 2021-03-20] F2ED C64D C5AE E1F6 B9C6 21F0 C8CA B659 5FDF F622 uid [ expired] Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-arch...@lists.ubuntu.com> Good output has no [date] in the pub line. [Where problems could occur] * At the moment the signature was bumped by one year * Meaning this issue will occur again in 2022 * Instead the key must be set to not expire & new round of SRUs issued [Other Info] * Original bug report The public key used by the debugging symbols repository /usr/share/keyrings/ubuntu-dbgsym-keyring.gpg from the package ubuntu- dbgsym-keyring expired. $ apt policy ubuntu-dbgsym-keyring ubuntu-dbgsym-keyring: Installed: 2020.02.11.2 Candidate: 2020.02.11.2 Version table: *** 2020.02.11.2 500 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu focal/main i386 Packages 100 /var/lib/dpkg/status $ gpg --no-default-keyring --keyring /usr/share/keyrings/ubuntu-dbgsym-keyring.gpg --list-keys /usr/share/keyrings/ubuntu-dbgsym-keyring.gpg --------------------------------------------- pub rsa4096 2016-03-21 [SC] [expired: 2021-03-20] F2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622 uid [ expired] Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-arch...@lists.ubuntu.com> Error message on "apt update": E: The repository 'http://ddebs.ubuntu.com bionic-updates Release' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. W: GPG error: http://ddebs.ubuntu.com bionic Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-arch...@lists.ubuntu.com> E: The repository 'http://ddebs.ubuntu.com bionic Release' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. W: GPG error: http://ddebs.ubuntu.com bionic-proposed Release: The following signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-arch...@lists.ubuntu.com> E: The repository 'http://ddebs.ubuntu.com bionic-proposed Release' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1920640/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
