Something went wrong while updating the cache of APT (due to SURY) (version 2024)

:uk:/:us: What to do if you have an error while updating the repo ?

I just had an error while trying to update my server :

[multiple sources listed here]
W: Some index files failed to download. They have been ignored, or old ones used instead.

W: Failed to fetch https://packages.sury.org/php/dists/bullseye/InRelease The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.sury.org/php buster InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key 

I then found this issue in the sury bug tracker : Apt key for Debian Package is expiring on 16.02.2024 · Issue #2074 · oerdnj/deb.sury.org · GitHub
No nice 1 liner to fix this, but I create this topic just because I can not bump the one created 2 years ago, with a solution : Something went wrong while updating the cache of APT (due to SURY)
apt-key del 95BD4743; wget -nv -O - "https://packages.sury.org/php/apt.gpg" | apt-key add -
(On my server, I had to run this adaptation : sudo apt-key del 95BD4743; wget -nv -O - "https://packages.sury.org/php/apt.gpg" | sudo apt-key add -

Hopping it will help :smiley:

PS : It seems that a better solution is on it’s way, but only maybe for next time, see you in 2 years.


:fr:Que faire en cas d’erreur lors de l’update des paquets ?

Je viens d’avoir cette erreur en essayant de mettre à jour mon serveur :

[plusieurs fichier source listés ici]
W: Some index files failed to download. They have been ignored, or old ones used instead.

W: Failed to fetch https://packages.sury.org/php/dists/bullseye/InRelease The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.sury.org/php buster InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key 

J’ai ensuite trouvé ce ticket sur le bug tracker de sury : Apt key for Debian Package is expiring on 16.02.2024 · Issue #2074 · oerdnj/deb.sury.org · GitHub
Mais pas de joli fix en une ligne comme il y a 2 ans, mais ce topic a ce qu’il faut : Something went wrong while updating the cache of APT (due to SURY)
apt-key del 95BD4743; wget -nv -O - "https://packages.sury.org/php/apt.gpg" | apt-key add -
(Sur mon serveur j’ai du l’exécuter comme ça : sudo apt-key del 95BD4743; wget -nv -O - "https://packages.sury.org/php/apt.gpg" | sudo apt-key add -

En espérant que ça aide :smiley:

PS : Il semblerait qu’une solution plus propre soit en cours, mais ça ne sera peut-être disponible que la prochaine fois, à dans 2 ans !

9 Likes

Empty post to mark it solved.

Nice works fine :wink: Thx

Ça marche, merci @Mamie !

This can also be done by force-regenerating the configuration:

$  sudo yunohost tools regen-conf -f

The upcoming way as per sury’s github page is to use debsuryorg-archive-keyring package, can’t say for sure but I suspect this’ll be incorporated as YNH’s DEB requirement in the future (if it’s not already).

4 Likes

Bonjour,
Déjà, la commande apt-key est rejetée, signalée comme “deprecied” sur mon système
J’ai excuté la commande indiquée par orhtej2 qui m’a permis de faire mon update et mon update en intégrant les depots sury.
Mais j’ai maintenant un nouveau souci, je reçoit toutes les 10mn le message suivant

Aucun domaine n’a été enregistré avec DynDNS

Merci d’avance pour vos préconisations

I’m getting a similar error with slight differences to the packages trying to be reached: log here

I’ve tried both the stated solutions:

sudo apt-key del 95BD4743; wget -nv -O - "https://packages.sury.org/php/apt.gpg" | sudo apt-key add -

Which gave me this message:

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK
“https://packages.sury.org/php/apt.gpg”: Scheme missing.
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
gpg: no valid OpenPGP data found.

I then tried

sudo yunohost tools regen-conf -f

I tried to update my server again and got the same errors, I then tried rebooting the server and running the update again with the same errors.

Any guidance much appreciated!

It seems that YunoHost 11.2.10.1 contains a fix for this.

2 Likes

same. I tried both and received the same erros…

yes, starting with YunoHost 11.2.10.1, yunohost tools regen-conf is clearing the APT keys
see: Update sury apt key by Tagadda · Pull Request #1777 · YunoHost/yunohost · GitHub

2 Likes

Running sudo yunohost tools regen-conf -f again worked this time.

2 Likes

I had similar problems with sury and yarn today.

I ran this command and it fixed all my GPG problems.
sudo yunohost tools regen-conf apt --force

maybe better if people don’t want to touch other parts of their configuration.

1 Like

I ran the same command and it updated the keys, but sury still fails:

Fehl:5 https://packages.sury.org/php bookworm InRelease
Die folgenden Signaturen waren ungĂĽltig: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key deb@sury.org

Is there a specific command to update this key manually?

Given conf-regen hooks check if the key exists and, if yes, skip redownloading:

sudo rm /etc/apt/trusted.gpg.d/extra_php_version.gpg, then sudo yunohost tools regen-conf apt --force

Alternatively just fetch the current key (adopted from core scripts:

curl -sL "https://packages.sury.org/php/apt.gpg" | gpg --dearmor | sudo tee "/etc/apt/trusted.gpg.d/extra_php_version.gpg" > /dev/null
3 Likes

Thanks, mate. I used the curl variant, because this approach also had fixed yarn for me.

2 Likes

Alternatively just fetch the current key (adopted from core scripts:

curl -sL "https://packages.sury.org/php/apt.gpg" | gpg --dearmor | sudo tee "/etc/apt/trusted.gpg.d/extra_php_version.gpg" > /dev/null

This worked for me! Thanks

1 Like

I have a slightly different problem, but it seems related. If I need to I can start a new topic. Here’s what I’m getting when I attempt to update.

~$ sudo apt update && sudo apt upgrade -y
Get:1 https://dl.yarnpkg.com/debian stable InRelease
Get:2 https://pkgs.tailscale.com/stable/debian bookworm InRelease                                                                                            
Hit:3 http://ftp.debian.org/debian bookworm InRelease                                                                                       
Hit:4 http://security.debian.org/debian-security bookworm-security InRelease                                          
Err:1 https://dl.yarnpkg.com/debian stable InRelease                                            
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 62D54FD4003F6525
Hit:6 http://ftp.debian.org/debian bookworm-updates InRelease                                   
Hit:7 https://packages.sury.org/php bookworm InRelease                                          
Err:7 https://packages.sury.org/php bookworm InRelease                   
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B188E2B695BD4743
Hit:5 https://forge.yunohost.org/debian bookworm InRelease
Reading package lists... Done
W: GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 62D54FD4003F6525
E: The repository 'https://dl.yarnpkg.com/debian stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.sury.org/php bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B188E2B695BD4743

The listed solutions haven't worked for me.

See : Yarn repo key expired [EDIT: changed again], is it OK to trust it?

1 Like