Invalid GPG key for apt repo

Hello Zymbit team,

Looks like GPG key for apt repo is expired or invalid.
I have got an error during run of install_zk_sw.sh scirpt:

W: GPG error: zk-sw-repo.s3******/apt-repo-bookworm-aarch64 bookworm InRelease: The following signatures were invalid: EXPKEYSIG CAA5E9C8755D21A0 scott@zymbit.com
E: The repository ‘zk-sw-repo.s3.**/apt-repo-bookworm-aarch64 bookworm InRelease’ is not signed.

Can you take a look and maybe re-new the key to let this script work as expected?

Thank you in advance.

Hi @ptaag

Thanks for pointing this out! We will get right on this and let you know as soon as it’s resolved.

Best Regards,
dg

@ptaag Thank you. The expiration date for the key was Sept 30, 2024. We’ve updated the key with a new expiration date of 2028. All new installations will use the new public key.

If you are doing an apt update or re-install, your local key will need updating. You can get the new key with:

curl -L https://zk-sw-repo.s3.amazonaws.com/apt-zymkey-pubkey.gpg | sudo gpg --dearmor --yes -o /usr/share/keyrings/zymbit.gpg

For those of you that are on older installations, make sure the signed-by option is included in the /etc/apt/sources.list.d/zymbit.list,

This parameter - [signed-by=/usr/share/keyrings/zymbit.gpg]

The following will check and fix for you,

sudo sed -i 's/^deb https/deb [signed-by=\/usr\/share\/keyrings\/zymbit.gpg] https/' /etc/apt/sources.list.d/zymbit.list

Awesome, thank you for such quick resolution of this issue.

If you want to be aware of such cases in future, maybe you can consider some monitoring/alerting tool to check date for GPG keys/SSL certs and re-new them couple of days before they will expire?