Bug #94378 APT GPG Key Expired
Submitted: 18 Feb 11:49 Modified: 22 Feb 8:12
Reporter: Paul Mougel Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Packaging Severity:S2 (Serious)
Version:5.7 (mysql-apt-config_0.8.10-1_all.deb) OS:Debian (Jessie)
Assigned to: CPU Architecture:Any

[18 Feb 11:49] Paul Mougel
Description:
The debian apt repository private key for the mysql repo expired on 2019-02-17. When running apt-get upgrade after the key expired the following error occurs:

W: GPG error: http://repo.mysql.com jessie InRelease: The following signatures were invalid: KEYEXPIRED 1550412832 KEYEXPIRED 1550412832 KEYEXPIRED 1550412832

Seems related to bug #85029.

How to repeat:
1) Install mysql-apt-config_0.8.10-1_all.deb

# wget https://dev.mysql.com/get/mysql-apt-config_0.8.10-1_all.deb
# dpkg -i mysql-apt-config_0.8.10-1_all.deb

2) Run apt-get update

# apt-get update

W: GPG error: http://repo.mysql.com jessie InRelease: The following signatures were invalid: KEYEXPIRED 1550412832 KEYEXPIRED 1550412832 KEYEXPIRED 1550412832

Suggested fix:
Update the GPG key for the MySQL APT repository and update the mysql-apt-config Debian package.
[18 Feb 12:05] Paul Mougel
Previous bug #85029 and official documentation ("Appendix A: Adding and Configuring the MySQL APT Repository Manually", https://dev.mysql.com/doc/mysql-apt-repo-quick-guide/en/#repo-qg-apt-repo-manual-setup) suggest to fetch an updated GPP key using the following command:

# sudo apt-key adv --keyserver pgp.mit.edu --recv-keys 5072E1F5

However, this command yields an error:

gpg: requesting key 5072E1F5 from hkp server pgp.mit.edu
gpgkeys: key 5072E1F5 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
[20 Feb 11:01] Umesh Shastry
Hello Paul,

Thank you for the report.

regards,
Umesh
[20 Feb 11:09] Umesh Shastry
Workaround which helped me on Ubuntu 16.04, installed latest Ubuntu / Debian (Architecture Independent), DEB Package mysql-apt-config_0.8.12-1_all.deb

ushastry@XenialXerus:~/Downloads$ sudo dpkg -i mysql-apt-config_0.8.12-1_all.deb 
(Reading database ... 281377 files and directories currently installed.)
Preparing to unpack mysql-apt-config_0.8.12-1_all.deb ...
Unpacking mysql-apt-config (0.8.12-1) over (0.8.10-1) ...
Setting up mysql-apt-config (0.8.12-1) ...
OK
ushastry@XenialXerus:~/Downloads$ sudo dpkg -l|grep -i mysql
ii  mysql-apt-config                           0.8.12-1                                     all          Auto configuration for MySQL APT Repo.
ii  mysql-client                               5.7.22-1ubuntu16.04                          amd64        MySQL Client meta package depending on latest version
ii  mysql-common                               5.7.22-1ubuntu16.04                          amd64        MySQL Common
ii  mysql-community-client                     5.7.22-1ubuntu16.04                          amd64        MySQL Client
ii  mysql-community-server                     5.7.22-1ubuntu16.04                          amd64        MySQL Server
ii  mysql-connector-python                     8.0.11-1ubuntu16.04                          all          MySQL database driver written in Python
ii  mysql-server                               5.7.22-1ubuntu16.04                          amd64        MySQL Server meta package depending on latest version
ii  mysql-shell:amd64                          8.0.11-1ubuntu16.04                          amd64        MySQL Shell (part of MySQL Server) 8.0
ushastry@XenialXerus:~/Downloads$ 
ushastry@XenialXerus:~/Downloads$ sudo apt update
Get:1 http://repo.mysql.com/apt/ubuntu xenial InRelease [19.1 kB]   
Hit:2 http://us.archive.ubuntu.com/ubuntu xenial InRelease                 
Get:3 http://repo.mysql.com/apt/ubuntu xenial/mysql-5.7 Sources [948 B]  
Get:4 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
Get:5 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]       
Get:6 http://repo.mysql.com/apt/ubuntu xenial/mysql-apt-config amd64 Packages [565 B]                           
Get:7 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]
Get:8 http://repo.mysql.com/apt/ubuntu xenial/mysql-apt-config i386 Packages [565 B]   
Get:9 http://repo.mysql.com/apt/ubuntu xenial/mysql-5.7 amd64 Packages [5,632 B]
Get:10 http://repo.mysql.com/apt/ubuntu xenial/mysql-5.7 i386 Packages [5,645 B]          
Get:11 http://repo.mysql.com/apt/ubuntu xenial/mysql-tools amd64 Packages [3,829 B]
Get:12 http://repo.mysql.com/apt/ubuntu xenial/mysql-tools i386 Packages [3,101 B]          
Fetched 365 kB in 3s (98.4 kB/s)                               
Reading package lists... Done
Building dependency tree       
Reading state information... Done
385 packages can be upgraded. Run 'apt list --upgradable' to see them.
[20 Feb 17:45] Lars Tangvald
Posted by developer:
 
As Umesh mentions, the fix is to use the newest version of the apt-config package (0.8.12)

The apt-config package embeds the signing key. We did at one point (when the related issue you listed was encountered) test out having it download it, but quite a lot of users ran into issues with contacting the key servers during installation, so we went back to embedding.
[21 Feb 4:51] Umesh Shastry
Bug #94415 marked as duplicate of this one
[22 Feb 8:12] Paul Mougel
Thank you very much Umesh and Lars for your quick and helpful answers. Your solution indeed fixes our issue.

Thanks again,
Paul
[22 Feb 8:12] Paul Mougel
Thank you very much Umesh and Lars for your quick and helpful answers. Your solution indeed fixes our issue.

Thanks again,
Paul
[22 Feb 9:47] Андрей Подвезько
Hello. I am do not install mysql 5.7 with mysql-apt-config_0.8.12-1_all.deb. 
It is not on the list available for installation. Any work being done?