/i3

KEYEXPIRED: stable Ubuntu repo #1450

Closed
nbensa opened this Issue Feb 7, 2015 · 11 comments

Comments

Assignees
No one assigned
Labels
4.8 missing-log
Projects
None yet
Milestone
No milestone
8 participants
@nbensa @i3bot @astynax @MrSchism @bsmr @sur5r @stapelberg @cpuguy83
@nbensa

nbensa commented Feb 7, 2015

Hello,

apt-get update, complains:

W: GPG error: http://debian.sur5r.net trusty InRelease: The following signatures were invalid: KEYEXPIRED 1423263902

Regards,
Norberto

@i3bot i3bot added the missing-log label Feb 7, 2015

@i3bot

i3bot commented Feb 7, 2015

I don’t see a link to logs.i3wm.org. Did you follow http://i3wm.org/docs/debugging.html? (In case you actually provided a link to a logfile, please ignore me.)
@i3bot

i3bot commented Feb 7, 2015

I don’t see a version number. Could you please copy & paste the output of i3 --version into this issue?

@i3bot i3bot added the missing-version label Feb 7, 2015

@nbensa

nbensa commented Feb 7, 2015

i3 version 4.8 (2014-06-15, branch "4.8") © 2009-2014 Michael Stapelberg and contributors

@i3bot i3bot added 4.8 and removed missing-version labels Feb 7, 2015

@astynax

astynax commented Feb 8, 2015

I have the same problem (KEYEXPIRED)

$ i3 --version
i3 version 4.8 (2014-06-15, branch "4.8") © 2009-2014 Michael Stapelberg and contributors
$ uname -a
Linux ... 3.13.0-45-generic #74~precise1-Ubuntu SMP ... x86_64 GNU/Linux
@MrSchism

MrSchism commented Feb 8, 2015

Same across the board.
@bsmr

bsmr commented Feb 8, 2015

I just wanted to install i3 with the instructions from http://i3wm.org/docs/repositories.html when I got the same errror... about 5~10 Minutes ago.

I also had to force apt-get to install it (sorry, I didn't change LANG, so the output is in German):

# apt-get install i3
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.       
Statusinformationen werden eingelesen.... Fertig
Die folgenden zusätzlichen Pakete werden installiert:
  dunst i3-wm i3lock i3status libanyevent-i3-perl libanyevent-perl
  libasync-interrupt-perl libcommon-sense-perl libconfuse-common libconfuse0
  libev-perl libev4 libguard-perl libjson-xs-perl libxcb-cursor0 libxcb-dpms0
  libxcb-xinerama0 libxdg-basedir1 suckless-tools
Vorgeschlagene Pakete:
  libevent-perl libio-async-perl libpoe-perl libtask-weaken-perl dwm stterm
  surf
Die folgenden NEUEN Pakete werden installiert:
  dunst i3 i3-wm i3lock i3status libanyevent-i3-perl libanyevent-perl
  libasync-interrupt-perl libcommon-sense-perl libconfuse-common libconfuse0
  libev-perl libev4 libguard-perl libjson-xs-perl libxcb-cursor0 libxcb-dpms0
  libxcb-xinerama0 libxdg-basedir1 suckless-tools
0 aktualisiert, 20 neu installiert, 0 zu entfernen und 0 nicht aktualisiert.
Es müssen 1.721 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 4.809 kB Plattenplatz zusätzlich benutzt.
Möchten Sie fortfahren? [J/n] 
WARNUNG: Die folgenden Pakete können nicht authentifiziert werden!
  i3lock libanyevent-i3-perl i3-wm i3
Diese Pakete ohne Überprüfung installieren? [j/N] j
[...]

The system in question is a Ubuntu 14.04.1 desktop setup:

# lsb_release --all ; uname -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:   trusty
Linux Precision-M90 3.13.0-45-generic #74-Ubuntu SMP Tue Jan 13 19:36:28 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
@sur5r
Contributor

sur5r commented Feb 8, 2015

Sorry for breaking this again, I prepared a new keyring but forgot to actually upload it to my repository.

The easiest way to fix this is by manually installing the new keyring package from this URL:

http://debian.sur5r.net/i3/pool/main/s/sur5r-keyring/sur5r-keyring_2015.02.08_all.deb

MD5: 6f12c58ee9c4ea2291f2e65650b34023
SHA1: f7a9888bee73eca367243f396c1245e93d89e03d
SHA256: 37fb5653d3f05ab6654f7e16eb186973cb900a1eec8dadfaed233b0f8b7a7184

The new debian.sur5r.net repo key has the following fingerprint

BFD9 0F4D AAEF A72B 67BB AF48 E3CA 1A89 941C 42E6

and is in turn signed my personal key

7BF5 F6AC 3643 1F5D 40DC 137A 4CF2 B218 F54D AE3D

Sorry for the inconvenience.
@stapelberg
Owner

stapelberg commented Feb 8, 2015

Thanks, @sur5r!

@stapelberg stapelberg closed this Feb 8, 2015

@Airblader Airblader referenced this issue Apr 3, 2015

Closed

i3wm ubuntu repository for utopic refers to non-existent file #1633

@cpuguy83

cpuguy83 commented Apr 22, 2016

Really ought to add the key import to the install docs page, otherwise people just install the package without checking keys.
@sur5r
Contributor

sur5r commented Apr 23, 2016

@cpuguy83 I'm sorry, but right now, this makes no sense. Neither are the commits signed nor is i3wm.org served via https. Putting the fingerprint there would be no real improvement over the current situation which is more or less TOFU.

There is however a trust path from @stapelberg s key (4E7160ED4AC8EE1D) via my personal key (4CF2B218F54DAE3D) to the key used for signing the repository (E3CA1A89941C42E6).
@stapelberg
Owner

stapelberg commented Apr 23, 2016

Actually, i3wm.org is served via https, and we do sign the release tags. We already list the fingerprint on https://i3wm.org/downloads/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment