Ubuntu – thesql PPA – invalid signature

aptgnupgMySQLppa

I already have mysql-server package installed!!!

I want to make sure I have the most recent MySQL in my Ubuntu. So (long time ago) I added repo.mysql.com/apt/ubuntu PPA. Recently I noticed errors related to this repository when doing apt update. Following this guide I've downloaded and imported public GPG key.

Now when I do sudo apt update I get this error:

Err:8 http://repo.mysql.com/apt/ubuntu cosmic InRelease
  The following signatures were invalid: EXPKEYSIG 8C718D3B5072E1F5 MySQL Release Engineering <mysql-build@oss.oracle.com>

OS information: Ubuntu 18.10

Should I worry about this invalid signature? How to fix the error?

Best Answer

  • The error you are seeing indicates that your key is expired.

    You can list all keys on your system with the command sudo apt-key list if you wish to narrow the output you can always pipe the output through grep expired to obtain just a list of the expired keys.

    For each expired key, issue the command sudo apt-key adv --keyserver keys.gnupg.net --recv-keys [KEY] where [KEY] is related to the number in question or in this case:

    8C718D3B5072E1F5

    sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 8C718D3B5072E1F5

    keys.gnupg.net refers to the SKS keyserver pool, a number of PGP keyservers run by organisations and volunteers.

    You can also search for the key via web interface at keys.gnupg.net

    where you'll get a page like this:

    enter image description here

    Entering the key from the EXPKEYSIG preceded by 0x in the search box and searching should return results similar to this:

    enter image description here

    To the best of my knowledge the 8 hex digits is the short version (public key) you need to obtain an updated key with the command

    sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 5072E1F5

    Sources: