SOLVED: Issue T100: KEYEXPIRED Error upon apt-get update from Whonix Repository

SOLVED: Issue T100: KEYEXPIRED Error upon apt-get update from Whonix Repository

Issue present in versions up to Whonix 9.4 with the Whonix binary update repository enabled.

Forum Discussion:

[hr]

Whonix Qubes Solution

Whonix-Workstation TemplateVM

In Dom0 → Qubes Manager:

  • Connect the TemplateVM to a Whonix-Gateway VM and enable internet connections.

In TemplateVM → Terminal:

fpr="916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA"

gpg --recv-keys "$fpr"

gpg --fingerprint "$fpr" 

gpg --export "$fpr" | sudo apt-key add -

Then a normal update/upgrade should work without the KEYEXPIRED error…

sudo apt-get update
sudo apt-get dist-upgrade

Whonix-Gateway TemplateVM

Method #1

The Whonix-Gateway TemplateVM may not let you connect to the internet, except through the OS update service. So this first method may not work and you may need to try an additional method below.

In Dom0 → Qubes Manager:

  • Connect the TemplateVM to a Whonix-Gateway VM and enable internet connections.

In TemplateVM → Terminal:

fpr="916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA"

gpg --recv-keys "$fpr"

gpg --fingerprint "$fpr" 

gpg --export "$fpr" | sudo apt-key add -

Then a normal update/upgrade should work without the KEYEXPIRED error…

sudo apt-get update
sudo apt-get dist-upgrade

Method #2

The faketime method will probably work for a long time, but it should not be used for a long time, because then we’d ignore the valid-until field for too long.

sudo faketime 2015-01-15 apt-get update

sudo apt-get dist-upgrade

Then a normal update/upgrade should work without the KEYEXPIRED error…

sudo apt-get update
sudo apt-get dist-upgrade

Method #3

In Whonix-Workstation VM → Terminal:

wget https://www.whonix.org/patrick.asc

In Whonix-Workstation VM → Files:

  • Browse to directory containing patrick.asc
  • Right click file patrick.asc
  • Copy to other AppVM
  • Enter the destination domain name as the name of your Whonix-Gateway TemplateVM
  • Yes to approve file copy

In Whonix-Workstation TemplateVM → Terminal:

cd /home/user/QubesIncoming/<name-of-your-whonix-workstation-vm>/
sudo apt-key add patrick.asc

Then a normal update/upgrade should work without the KEYEXPIRED error…

sudo apt-get update
sudo apt-get dist-upgrade

[hr]

[b]Issue T100: KEYEXPIRED Error upon apt-get update from Whonix Repository

Posted by @WhonixQubes

January 17, 2015

https://phabricator.whonix.org/T100[/b]

KEYEXPIRED error upon apt-get update from Whonix repository reported and confirmed as happening in Qubes + Whonix.

W: GPG error: http://sourceforge.net wheezy Release: The following signatures were invalid: KEYEXPIRED 1421449064 KEYEXPIRED 1421449064 KEYEXPIRED 1421449064 KEYEXPIRED 1421449659 KEYEXPIRED 1421449659 KEYEXPIRED 1421449064 KEYEXPIRED 1421449064 KEYEXPIRED 1421449064 KEYEXPIRED 1421449659 KEYEXPIRED 1421449064 KEYEXPIRED 1421449064 KEYEXPIRED 1421449064 KEYEXPIRED 1421449659

Forum Discussion:

The faketime method will probably work for a long time, but it should not be used for a long time, because then we’d ignore the valid-until field for too long. Please feel free to delete this post and to add this info above.

Thanks Patrick! :smiley:

Included above.