Expired GPG key on ubuntu 20.04

Steps to reproduce

  1. sudo apt update

Expected behaviour

Tell us what should happen
Owncloud should not present errors but should update (if available)

Actual behaviour

Tell us what happens instead
I get this error:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: Index of /repositories/isv:/ownCloud:/server:/10/Ubuntu_20.04 InRelease: The following signatures were invalid: EXPKEYSIG 4ABE1AC7557BEFF9 isv:ownCloud OBS Project isv:ownCloud@build.opensuse.org
W: Failed to fetch http://download.opensuse.org/repositories/isv:/ownCloud:/server:/10/Ubuntu_20.04/InRelease The following signatures were invalid: EXPKEYSIG 4ABE1AC7557BEFF9 isv:ownCloud OBS Project isv:ownCloud@build.opensuse.org
W: Some index files failed to download. They have been ignored, or old ones used instead.

Server configuration

Operating system: ubuntu 20.04

Web server: apache

Database: mysql

PHP version: 7.4.3

ownCloud version: (see ownCloud admin page) 10.9.1

Updated from an older ownCloud or fresh install: fresh install over a year ago

Where did you install ownCloud from: owncloud.org

Signing status (ownCloud 9.0 and above): ?

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

“No errors have been found.”

The content of config/config.php:

<?php $CONFIG = array ( 'updatechecker' => false, 'instanceid' => 'oc5ptlfyemj8', 'passwordsalt' => 'DTZOHs62Wk6n99K+yu1lvV66sjFdEm', 'secret' => 'A9wDYkYShSG1xVLaF/bJN5ZWpp1IMFBSNhJlIN/O4Lczd+In', 'trusted_domains' => array ( 0 => 'localhost', 1 => 'main', 2 => '192.168.1.2', 3 => 'scottbomb.dyndns.org:1540', ), 'datadirectory' => '/media/Earth/owncloud', 'overwrite.cli.url' => 'http://localhost/owncloud', 'dbtype' => 'mysql', 'version' => '10.9.1.2', 'dbname' => 'owncloud', 'dbhost' => 'localhost', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'oc_scottbomb', 'dbpassword' => 'uJgZuTgGM6EPr7VV+B+H0huKB8BMee', 'logtimezone' => 'UTC', 'apps_paths' => array ( 0 => array ( 'path' => '/var/www/owncloud/apps', 'url' => '/apps', 'writable' => false, ), 1 => array ( 'path' => '/var/www/owncloud/apps-external', 'url' => '/apps-external', 'writable' => true, ), ), 'installed' => true, 'maintenance' => false, 'theme' => '', 'loglevel' => 2, 'allow_user_to_change_mail_address' => '', 'mail_domain' => 'scottbomb.com', 'mail_from_address' => 'owncloud', 'mail_smtpmode' => 'smtp', 'mail_smtpauth' => 1, 'mail_smtpauthtype' => 'LOGIN', 'mail_smtphost' => 'mail.scottbomb.com', 'mail_smtpport' => '25', 'mail_smtpname' => 'scottbomb', 'mail_smtppassword' => 'RETRACTED', ); ``` Log in to the web-UI with an administrator account and click on 'admin' -> 'Generate Config Report' -> 'Download ownCloud config report' This report includes the config.php settings, the list of activated apps and other details in a well sanitized form. or If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your ownCloud installation folder *ATTENTION:* Do not post your config.php file in public as is. Please use one of the above methods whenever possible. Both, the generated reports from the web-ui and from occ config:list consistently remove sensitive data. You still may want to review the report before sending. If done manually then it is critical for your own privacy to dilligently remove *all* host names, passwords, usernames, salts and other credentials before posting. You should assume that attackers find such information and will use them against your systems. ``` **List of activated apps:** ``` If you have access to your command line run e.g.: sudo -u www-data php occ app:list from within your ownCloud installation folder. ``` **Are you using external storage, if yes which one:** local/smb/sftp/... **Are you using encryption:** yes/no **Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/... #### LDAP configuration (delete this part if not used) ``` With access to your command line run e.g.: sudo -u www-data php occ ldap:show-config from within your ownCloud installation folder Without access to your command line download the data/owncloud.db to your local computer or access your SQL server remotely and run the select query: SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap'; Eventually replace sensitive data as the name/IP-address of your LDAP server or groups. ``` ### Client configuration **Browser:** **Operating system:** ### Logs #### Web server error log ``` Insert your webserver log here ``` #### ownCloud log (data/owncloud.log) ``` Insert your ownCloud log here ``` #### Browser log ``` Insert your browser log here, this could for example include: a) The javascript console log b) The network log c) ... ```

Shouldn’t this be a simple fix? If OwnCloud sets the key to expire annually, why can’t I find anything about it on the website? Shouldn’t the server update this automatically? Does anyone have a fix for this?

running apt-key list shows this entry:

pub rsa2048 2016-09-25 [SC] [expired: 2022-04-02]
1B07 204C D71B 690D 409F 57D2 4ABE 1AC7 557B EFF9
uid [ expired] isv:ownCloud OBS Project isv:ownCloud@build.opensuse.org

How is this updated?

I also see this one:
pub rsa2048 2013-08-26 [SC] [expires: 2023-08-23]
DDA2 C105 C4B7 3A66 49AD 2BBD 47AE 7F72 479B C94B
uid [ unknown] ownCloud build service obsrun@localhost
sub rsa2048 2013-08-26 [E] [expires: 2023-08-23]
sub dsa2048 2013-08-26 [S] [expires: 2023-08-23]

Can I safely delete the first one and rely on the second? I have both the server and client installed on the same PC so I don’t want to delete something the client needs.

Ah, I guess I understand what happened to you:
You had registered the repository, and you had installed the repo-key then.
Now, the repository is still valid, but the key had expired and got auto-extended in the repository.

Locally, you still have a copy of the not-updated key - that us unfortunate. I am a bit puzzled, if apt update should have pulled the key automatically.

In any case, please pull the key manually. This command should fix the situation for you:

wget -q http://download.opensuse.org/repositories/isv:/ownCloud:/server:/10/Ubuntu_20.04/Release.key -O - | sudo apt-key add -
sudo apt update

If the error persists, then we indeed have a problem with the repo, but I currently cannot see anything wrong there.

Maybe simply had outdated an key on the keyserver used by Ubuntu?

I’ve checked, which keyserver my Ubuntu would use, and pushed a fresh copy there:

gpg --keyserver https://keys.openpgp.org:443 --send-keys 1B07204CD71B690D409F57D24ABE1AC7557BEFF9

That worked, thanks! Adding it to my notes.

1 Like