Apt GPG error - signature could not be verified

Hi guys !

Waking up this morning, running a whonixcheck as usual, got some packages to update, running an apt-get update, but got an :

W: An error occurred during the signature verification [...] couldn't be verified because the public key is not available : NO_PUBKEY CB8D50BB77BB3C48 W: Failed to fetch http://souceforge[...]whonixdevelopermetafiles[...]dists/stable/InRelease

and the ‘classical’

This last one is ok since I understand what had going on.
But the two first worried me a bit.

Did something happen this night ? I know adrelanos changed is GPG key, is it related ? I guess no.
Am I the only one getting this ?

(Btw, great move on the pseudonimity adrelanos)

Edit : Restored a previous state of the VM, just in case it somehow have been compromised or whatever, having the same issue.

1 Like

Thank you for reporting this. Nothing to worry about. My mistake. Fixed. (Should work again in 10 minutes as usual.)

(Technical background: I refreshed (valid-until) the signature of Whonix’s apt repository. Gpg automatically choose my new gpg key, which hasn’t been added to apt’s keys yet. Made the choice of the key explicit.)

Thank for the clarification Adrelanos, I just added the new keys to apt. I was only waiting for a confirmation of your keys change.

$ gpg --armor --export CB8D50BB77BB3C48 | apt-key add -

I hope this won’t be necessary. I was planing to sign the repository with both keys for a transitional period. And deploying the new key by an upgrade signed by my old key.

So unless you’re at some point in future updating a very old build of Whonix, I hope it won’t be necessary to manually get my key.