Invalid signatures with Software Delivery Repository on Ubuntu 22.04

geschnei · ‎02-07-2023

While trying to update packages on an Ubuntu 22.04 system I receive errors about invalid signatures regarding the HPE SDR repo.

user@host:~$ sudo apt update
Ign:11 http://downloads.linux.hpe.com/SDR/repo/mcp jammy/current InRelease
Get:13 http://downloads.linux.hpe.com/SDR/repo/mcp jammy/current Release [6,050 B]
Get:14 http://downloads.linux.hpe.com/SDR/repo/mcp jammy/current Release.gpg [523 B]
Err:14 http://downloads.linux.hpe.com/SDR/repo/mcp jammy/current Release.gpg
  The following signatures were invalid: BADSIG C208ADDE26C2B797 Hewlett Packard Enterprise Company RSA-2048-25 <signhp@hpe.com>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://downloads.linux.hpe.com/SDR/repo/mcp jammy/current Release: The following signatures were invalid: BADSIG C208ADDE26C2B797 Hewlett Packard Enterprise Company RSA-2048-25 <signhp@hpe.com>
W: Failed to fetch http://downloads.linux.hpe.com/SDR/repo/mcp/dists/jammy/current/Release.gpg  The following signatures were invalid: BADSIG C208ADDE26C2B797 Hewlett Packard Enterprise Company RSA-2048-25 <signhp@hpe.com>
W: Some index files failed to download. They have been ignored, or old ones used instead.

APT source:

user@host:~$ cat /etc/apt/sources.list.d/HPE-mcp.list
# auto-generated by
#   http://downloads.linux.hpe.com/SDR/repo/./add_repo.sh mcp
deb http://downloads.linux.hpe.com/SDR/repo/mcp jammy/current non-free

I installed all keys from https://downloads.linux.hpe.com/SDR/keys.html:

user@host:~$ apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg.d/hpePublicKey2048_key1.gpg
------------------------------------------------
pub   rsa2048 2015-12-10 [SCEA] [expires: 2025-12-07]
      5744 6EFD E098 E5C9 34B6  9C7D C208 ADDE 26C2 B797
uid           [ unknown] Hewlett Packard Enterprise Company RSA-2048-25 <signhp@hpe.com>

/etc/apt/trusted.gpg.d/hpPublicKey2048.gpg
------------------------------------------
pub   rsa2048 2012-12-04 [SC] [expired: 2022-12-02]
      476D ADAC 9E64 7EE2 7453  F2A3 B070 680A 5CE2 D476
uid           [ expired] Hewlett-Packard Company RSA (HP Codesigning Service)

/etc/apt/trusted.gpg.d/hpPublicKey2048_key1.gpg
-----------------------------------------------
pub   rsa2048 2014-11-19 [SC] [expires: 2024-11-16]
      882F 7199 B20F 94BD 7E3E  690E FADD 8D64 B127 5EA3
uid           [ unknown] Hewlett-Packard Company RSA (HP Codesigning Service) - 1

Yet the problem persists. Where can I find the needed PGP keys?

avd437 · ‎02-08-2023

might be repository portal issue, log a ticket with hpe

I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Invalid signatures with Software Delivery Repository on Ubuntu 22.04

Invalid signatures with Software Delivery Repository on Ubuntu 22.04

Re: Invalid signatures with Software Delivery Repository on Ubuntu 22.04