Hello.
Recently apt update for Bullseye started to fail with expired GPG key:
...
Err:6 https://zk-sw-repo.s3.amazonaws.com/apt-repo-bullseye bullseye InRelease
The following signatures were invalid: EXPKEYSIG CAA5E9C8755D21A0 scott@zymbit.com
...
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://zk-sw-repo.s3.amazonaws.com/apt-repo-bullseye bullseye InRelease: The following signatures were invalid: EXPKEYSIG CAA5E9C8755D21A0 scott@zymbit.com
W: Failed to fetch https://zk-sw-repo.s3.amazonaws.com/apt-repo-bullseye/dists/bullseye/InRelease The following signatures were invalid: EXPKEYSIG CAA5E9C8755D21A0 scott@zymbit.com
I’ve tried to remove /etc/apt/sources.list.d/zymbit.list file and re-run the latest install_zk_sw.sh.
It actually downloaded /usr/share/keyrings/zymbit.gpg and created /etc/apt/sources.list.d/zymbit.list in the new format.
However apt update still fails:
...
Err:7 https://zk-sw-repo.s3.amazonaws.com/apt-repo-bullseye-aarch64 bullseye InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY CAA5E9C8755D21A0
...
W: GPG error: https://zk-sw-repo.s3.amazonaws.com/apt-repo-bullseye-aarch64 bullseye InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY CAA5E9C8755D21A0
E: The repository 'https://zk-sw-repo.s3.amazonaws.com/apt-repo-bullseye-aarch64 bullseye InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Note: URL changed and it looks like the signature does not match the downloaded key.
A clean install works for me, but I see the same thing with an apt update on an old install. In most cases, /etc/apt/sources.list.d/zymbit.list is already correct and all you need to do is pull the new key:
To get an old install to work, I had to edit my /etc/apt/sources.list.d/zymbit.list. Make sure the signed-by option is included in /etc/apt/sources.list.d/zymbit.list,
This parameter - [signed-by=/usr/share/keyrings/zymbit.gpg]
The following will check and fix for you,
sudo sed -i 's/^deb https/deb [signed-by=\/usr\/share\/keyrings\/zymbit.gpg] https/' /etc/apt/sources.list.d/zymbit.list
Err:7 https://zk-sw-repo.s3.amazonaws.com/apt-repo-bullseye-aarch64 bullseye InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY CAA5E9C8755D21A0
That key matches my working setup. Can you maybe try the deprecated method with apt-key? The new method runs fine with bullseye and later for me, but just in case…
sudo su
curl -L https://zk-sw-repo.s3.amazonaws.com/apt-zymkey-pubkey.gpg | apt-key add -