11

The MySQL repository key has suddenly expired again, so I get a GPG error in Ubuntu when running apt-get update

The error is W: GPG error: http://repo.mysql.com/apt/ubuntu xenial InRelease: The following signatures were invalid: KEYEXPIRED 1550412832 KEYEXPIRED 1550412832 KEYEXPIRED 1550412832

bodgit
  • 4,661
  • 13
  • 26
Stuggi
  • 3,366
  • 4
  • 17
  • 34

2 Answers2

12

TLDR; The one-liner that fixes this is the following:

sudo apt-key adv --recv-keys --keyserver ha.pool.sks-keyservers.net 5072E1F5

Which basically fetches the new key and installs it into the keyring.

A bit more detail:

You can find the expired key by executing the following command:

LANG=C apt-key list | grep expired

Which outputs something like this: pub 1024D/5072E1F5 2003-02-03 [expired: 2019-02-17] 5072E1F5 is the key ID, which we used in the command above.

Another one-liner that's recommended in the bug report below is this one:

sudo apt-key adv --recv-keys --keyserver pgp.mit.edu 5072E1F5

But I couldn't get it to work.

More reading from when this happened the last time.

https://bugs.mysql.com/bug.php?id=85029

Stuggi
  • 3,366
  • 4
  • 17
  • 34
  • The `apt-key` manual explicitly warns that it is easy to break the security of apt by carelessly downloading keys. Identifying keys using **just 32 bits of hash** usually does qualify as careless. – anx Mar 29 '19 at 17:46
  • What would you recommend then? – Stuggi Apr 07 '19 at 08:51
  • 3
    I [believe using `--refresh-keys` instead of `--recv-keys`](https://security.stackexchange.com/q/206405/88348) is sufficient, since the key is already known. If you wanted to download a new key, you would best specify a full fingerprint (typically SHA1). – anx Apr 07 '19 at 15:34
  • 1
    Recent versions of MySQL use a different key. One should then use `sudo apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29` – jcaron Mar 01 '22 at 16:22
3

This issue has been raised to MySQL already Bug#94378.

Workaround which helped me on Ubuntu 16.04, installed latest Ubuntu / Debian (Architecture Independent), DEB Package mysql-apt-config_0.8.12-1_all.deb

You can try this workaround.

teehee
  • 41
  • 2