Yesterday I ran into this funny problem and thought it’s good to write this down. I was updating a Heroku shiny app, which uses a fantastic Docker Image. And it throws a cute error:
GPG error: https://cloud.r-project.org/bin/linux/ubuntu focal-cran40/ InRelease: The following signatures were invalid: EXPKEYSIG 51716619E084DAB9 Michael Rutter <email@example.com>
Sure sounded like the GPG key expired! I then ran into exact same problem in my virtual machine created in Cyverse’s Atmosphere.
The GPG key expired on 2020-10-16, how lucky was I?! Because the Docker image was created, and the key was added pre 2020-10-16, the key is no longer valid! But what should the “new key” be? It turns out that the same key now has a new expiry date in 2027, but I needed to remove the key and re-add the same key. For the Docker image, it has been re-built and pushed into the Dockerhub. All good now.
To check your GPG key:
sudo apt-key list
This is the “offending” GPG key:
/etc/apt/trusted.gpg -------------------- pub rsa2048 2010-10-19 [SCA] [expired: 2020-10-16] E298 A3A8 25C0 D65D FD57 CBB6 5171 6619 E084 DAB9 uid [ expired] Michael Rutter <firstname.lastname@example.org>
To remove the key:
sudo apt-key del "E298 A3A8 25C0 D65D FD57 CBB6 5171 6619 E084 DAB9"
And then to add it back:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E298A3A825C0D65DFD57CBB651716619E084DAB9
Checking the GPG again and this key now expires in 2027-09-30:
/etc/apt/trusted.gpg -------------------- pub rsa2048 2010-10-19 [SCA] [expires: 2027-09-30] E298 A3A8 25C0 D65D FD57 CBB6 5171 6619 E084 DAB9 uid [ unknown] Michael Rutter <email@example.com> sub rsa2048 2010-10-19 [E] [expires: 2027-09-30]
Something something don’t take anything for granted :D