Description:
The GPG key A8D3785C used for signing packages from the APT repository has expired today, 2025-10-22.

This key is available at https://repo.mysql.com/RPM-GPG-KEY-mysql-2023/.

---

Key info:
pub   rsa4096 2023-10-23 [SC] [expired: 2025-10-22]
      BCA43417C3B485DD128EC6D4B7B3B788A8D3785C
uid           [ expired] MySQL Release Engineering <mysql-build@oss.oracle.com>

---

Errors and warnings when running apt program:

Err:13 http://repo.mysql.com/apt/ubuntu lunar InRelease                                                                               
  The following signatures were invalid: EXPKEYSIG B7B3B788A8D3785C MySQL Release Engineering <mysql-build@oss.oracle.com>

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repo.mysql.com/apt/ubuntu lunar InRelease: The following signatures were invalid: EXPKEYSIG B7B3B788A8D3785C MySQL Release Engineering <mysql-build@oss.oracle.com>

W: Failed to fetch http://repo.mysql.com/apt/ubuntu/dists/lunar/InRelease  The following signatures were invalid: EXPKEYSIG B7B3B788A8D3785C MySQL Release Engineering <mysql-build@oss.oracle.com>

How to repeat:
Option #01
01) wget https://repo.mysql.com/mysql-apt-config_0.8.34-1_all.deb
02) sudo dpkg -i mysql-apt-config_0.8.34-1_all.deb
03) sudo apt update

Options #02
01) wget https://repo.mysql.com/RPM-GPG-KEY-mysql-2023
02) sudo gpg --dearmor -o /usr/share/keyrings/mysql.gpg RPM-GPG-KEY-mysql-2023
03) echo 'deb [signed-by=/usr/share/keyrings/mysql.gpg] http://repo.mysql.com/apt/ubuntu/ lunar mysql-apt-config' > /etc/apt/sources.list.d/mysql.list
04) sudo apt update

Suggested fix:
Provide a new valid GPG key to https://repo.mysql.com/ for signing packages from repository.

The key link in the description is broken (it has an extra slash at the end). It should be https://repo.mysql.com/RPM-GPG-KEY-mysql-2023.

It looks like this key was already updated on Ubuntu keyserver: https://keyserver.ubuntu.com/pks/lookup?search=B7B3B788A8D3785C&fingerprint=on&op=index

So the workaround here is to receive the GPG key from the Ubuntu keyserver directly instead of letting "mysql-apt-config" configure it.

New expiration date is set to 2027-10-23T12:03:47Z.

It looks like new mysql-apt-config is available that embeds a key with updated expiration date (mysql-apt-config_0.8.35-1_all.deb) at https://dev.mysql.com/get/mysql-apt-config_0.8.35-1_all.deb.

It addresses the issue for me.

Any idea when https://repo.mysql.com/ will be updated with the new GPG key?

Dayo Lasode,

There is no need to update the repository key itself. What was needed is updated expiration for the existing one. It is already happened. mysql-apt-config package was also updated and GPG with updated expiration is now embedded. Key/fingerprint is the same.

Hi Eugene
This might be specific in my case but our automation pulls the key directly from https://repo.mysql.com/RPM-GPG-KEY-mysql-2023, which is the current latest one but that still shows as expired?

~$ sudo curl -fsSL https://repo.mysql.com/RPM-GPG-KEY-mysql-2023 -o /tmp/fresh.asc -H "Cache-Control: no-cache"
~$ gpg --show-keys /tmp/fresh.asc
pub   rsa4096 2023-10-23 [SC] [expired: 2025-10-22]
      BCA43417C3B485DD128EC6D4B7B3B788A8D3785C
uid                      MySQL Release Engineering <mysql-build@oss.oracle.com>
sub   rsa4096 2023-10-23 [E] [expired: 2025-10-22]

Hey Dayo Lasode,

Yes, they did not update by this link. However, you can download updated at from Ubuntu key server already.