I’m using Whonix on KVM/QEMU on a Debian 13 host. In the Gateway VM, I followed the instructions on the documentation page linked above. I was able to download the new derivative.asc, verify its fingerprint, and put it in /usr/share/keyrings. Now, instead of the EXPKEYSIG errors, sudo apt update says ‘Unknown error executing apt-key’.
1 Like
Could you share the full logs from sudo apt update? It will likely be necessary to see all lines of output in order to start diagnosing the issue.
2 Likes
I figured it out. The curl command to the onion site gave me a ‘curl: (97) Can’t complete SOCKS5 connection…’ error, and I think the TLS curl command failed for some reason too, though it’s working for me now. I used wget without sudo to download derivative.asc to the home directory, where I checked its fingerprint, and then used mv to move it to /usr/share/keyrings. That caused it to be owned by user:user and have permissions 640, which is what caused the error. When I changed derivative.asc to root:root ownership and 644 permissions, it worked.
2 Likes
The reason why this might fix itself is a dom0 update.
vmupdate: update expired whonix/kicksecure key by marmarek · Pull Request #206 · QubesOS/qubes-core-admin-linux · GitHub
gpg: WARNING: no command supplied. Trying to guess what you mean …
→ Qubes Updater Warning - Whonix 17 - gpg: WARNING: no command supplied. Trying to guess what you mean
3 Likes