It looks like the Crystal signing key used for Ubuntu packages expired: 2023-07-08
As a result, I get an error when running apt-get update:
$ sudo apt-get update
..
Err:4 http://download.opensuse.org/repositories/devel:/languages:/crystal/xUbuntu_22.04 InRelease
The following signatures were invalid: EXPKEYSIG E456AE72856D1476 devel:languages:crystal OBS Project <devel:languages:crystal@build.opensuse.org>
..
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/devel:/languages:/crystal/xUbuntu_22.04 InRelease: The following signatures were invalid: EXPKEYSIG E456AE72856D1476 devel:languages:crystal OBS Project <devel:languages:crystal@build.opensuse.org>
W: Failed to fetch http://download.opensuse.org/repositories/devel:/languages:/crystal/xUbuntu_22.04/InRelease The following signatures were invalid: EXPKEYSIG E456AE72856D1476 devel:languages:crystal OBS Project <devel:languages:crystal@build.opensuse.org>
W: Some index files failed to download. They have been ignored, or old ones used instead.
The signing key from installing Crystal on Ubuntu:
curl -fsSL https://download.opensuse.org/repositories/devel:/languages:/crystal/xUbuntu_22.04/Release.key|gpg
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa2048 2021-04-29 [SC] [expired: 2023-07-08]
321DC2EA7F0A4F06714516B8E456AE72856D1476
uid devel:languages:crystal OBS Project <devel:languages:crystal@build.opensuse.org>
Thanks for reporting!
I didn’t realize we need to extend the key manually. The entire signing process is taken care of by OBS. But apparently you still have to occasionally tell it to extend the key validty.
The key should be extended now, but it might take some time to propagate? I don’t see it updated in the HTTP endpoint yet.
2 Likes
Damn @straight-shoota you’re FAST! The new key looks good, my apt problems is fixed, thanks, highly appreciated and have a nice day 
curl -fsSL https://download.opensuse.org/repositories/devel:/languages:/crystal/xUbuntu_22.04/Release.key|gpg
pub rsa2048 2021-04-29 [SC] [expires: 2025-09-17]
...
Please note that for existing configurations you may need to purge the invalid key with rm /etc/apt/trusted.gpg.d/devel_languages_crystal.gpg (or sudo apt-key del 321DC2EA7F0A4F06714516B8E456AE72856D1476).
Looks like I’m running in to this too. I ran the following:
sudo apt-key del 321DC2EA7F0A4F06714516B8E456AE72856D1476
curl -fsSL https://download.opensuse.org/repositories/devel:/languages:/crystal/xUbuntu_22.04/Release.key | gpg
sudo apt update
But now I’m getting this
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/devel:languages:crystal/Debian_Unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E456AE72856D1476
@jwoertink you also need to add the new signing key - something like this (it’s from the install page):
curl -fsSL https://download.opensuse.org/repositories/devel:/languages:/crystal/xUbuntu_22.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/crystal.gpg > /dev/null
…afterwards you should be able to run apt-get update without any errors.
The command I wrote ( this one: curl ... | gpg ), does not make any changes to your system. It’s just a simple way to see the expiry date of the signing key. Sorry for the confusion
2 Likes
Ah ha! Thanks, that worked 