Signatures were invalid

[Tara M]

Hi all,

I am downloading BitCurator on a new computer (running Ubuntu 20.04.4 LTS).  I am getting the following error.  Any suggestions on what needs to be fixed?

Thanks!

Tara

bcadmin@bcadmin:~$ sudo apt-get update && sudo apt-get upgrade -y

Hit:1 https://download.docker.com/linux/ubuntu focal InRelease
Hit:2 http://archive.canonical.com/ubuntu focal InRelease                      
Get:3 https://www.itforarchivists.com buster InRelease                        
Hit:4 https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/3005 focal InRelease
Hit:5 https://apt.kitware.com/ubuntu focal InRelease                          
Hit:6 https://dl.google.com/linux/chrome/deb stable InRelease                  
Hit:7 http://security.ubuntu.com/ubuntu focal-security InRelease              
Hit:8 http://dell.archive.canonical.com focal InRelease                        
Hit:9 http://archive.ubuntu.com/ubuntu focal InRelease                        
Hit:10 http://archive.ubuntu.com/ubuntu focal-updates InRelease                
Hit:11 http://archive.ubuntu.com/ubuntu focal-backports InRelease              
Hit:12 http://archive.ubuntu.com/ubuntu focal-security InRelease              
Err:3 https://www.itforarchivists.com buster InRelease                        
  The following signatures were invalid: EXPKEYSIG A702E58BD13BE0B5 Richard Lehane (siegfried) <ric...@itforarchivists.com>
Hit:13 http://ppa.launchpad.net/openjdk-r/ppa/ubuntu focal InRelease          
Hit:14 http://oem.archive.canonical.com focal InRelease                      
Reading package lists... Done              
W: GPG error: https://www.itforarchivists.com buster InRelease: The following signatures were invalid: EXPKEYSIG A702E58BD13BE0B5 Richard Lehane (siegfried) <ric...@itforarchivists.com>
E: The repository 'https://www.itforarchivists.com buster InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

[Corey Forman]

Hi Tara, I'll take a look at it shortly and see if I can get this resolved. I'll let you know as soon as it's ready!

Corey F

---

From: bitcurat...@googlegroups.com <bitcurat...@googlegroups.com> on behalf of Tara M <njt...@gmail.com>
Sent: Thursday, August 3, 2023 12:22:56 PM
To: BitCurator Users <bitcurat...@googlegroups.com>
Subject: Signatures were invalid

 

--
You received this message because you are subscribed to the Google Groups "BitCurator Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcurator-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcurator-users/a41ba5bd-3f35-4b17-8d09-7be01ca5a261n%40googlegroups.com.

[co...@digitalsleuth.ca]

Hi Tara, the issue has been identified and fixed, but is undergoing testing right now. I'll submit a PR this evening to fix and once the release is generated, you should be good to go.

Cheers!

[Kam Woods]

A new release (4.4.2) that incorporates this fix is now available.

Kam

To view this discussion on the web visit https://groups.google.com/d/msgid/bitcurator-users/020f9936-e67c-4c18-857f-6a024940b173n%40googlegroups.com.

[Tara M]

Thank you so much!

You received this message because you are subscribed to a topic in the Google Groups "BitCurator Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/bitcurator-users/xs9fLS4r-M0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to bitcurator-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcurator-users/CAAOjFxCWh_8eBOannKmrwo%3DMTdfwpjPKjxoM6-Szs2qvxu4uiQ%40mail.gmail.com.

[Tara M]

Bad news.  Still getting the error.  Did I try too soon or do I need to do something else?

bcadmin@bcadmin:~$ sudo apt-get update && sudo apt-get upgrade -y

Hit:1 http://archive.canonical.com/ubuntu focal InRelease
Hit:2 http://archive.ubuntu.com/ubuntu focal InRelease                        
Hit:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease                
Hit:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease              
Hit:5 http://archive.ubuntu.com/ubuntu focal-security InRelease                
Hit:6 https://download.docker.com/linux/ubuntu focal InRelease                
Hit:7 https://dl.google.com/linux/chrome/deb stable InRelease                  
Hit:8 https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/3005 focal InRelease
Get:9 https://www.itforarchivists.com buster InRelease                        
Hit:10 http://oem.archive.canonical.com focal InRelease                        
Hit:11 http://dell.archive.canonical.com focal InRelease                      
Err:9 https://www.itforarchivists.com buster InRelease                        

  The following signatures were invalid: EXPKEYSIG A702E58BD13BE0B5 Richard Lehane (siegfried) <ric...@itforarchivists.com>

Get:12 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]    

Hit:13 http://ppa.launchpad.net/openjdk-r/ppa/ubuntu focal InRelease          

Hit:14 https://apt.kitware.com/ubuntu focal InRelease                          

Reading package lists... Done    
W: GPG error: https://www.itforarchivists.com buster InRelease: The following signatures were invalid: EXPKEYSIG A702E58BD13BE0B5 Richard Lehane (siegfried) <ric...@itforarchivists.com>
E: The repository 'https://www.itforarchivists.com buster InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

[Kam Woods]

Are you trying to update the existing attempted install? If so, the old signatures are still present - they only get written to the appropriate location when you run “sudo bitcurator install”. I can’t test or provide additional detail right now, but if that also throws an error, you can try first following the manual install instructions for Siegfried (under Ubuntu/Debian 64-bit) at  

https://www.itforarchivists.com/siegfried to overwrite the existing signatures and then running “sudo bitcurator install —version=4.2.2”.

Kam

To view this discussion on the web visit https://groups.google.com/d/msgid/bitcurator-users/CAGr_FBx%3DTDQfZUoP3FKst5QFRjNCzCWf6SCOUyyJx7K8zngLGw%40mail.gmail.com.

[Corey Forman]

Hi Tara, also, you can simply delete the key at /usr/share/keyrings/SIEGFRIED-PGP-KEY.asc and try again. I forgot to force the state to replace the existing file, but I will fix that shortly.

Cheers!

---

From: bitcurat...@googlegroups.com <bitcurat...@googlegroups.com> on behalf of Kam Woods <kamw...@gmail.com>
Sent: Friday, August 4, 2023 1:59:33 PM
To: bitcurat...@googlegroups.com <bitcurat...@googlegroups.com>
Subject: Re: Signatures were invalid

 

To view this discussion on the web visit https://groups.google.com/d/msgid/bitcurator-users/CAAOjFxA2H5f4Wf_MXz2%2Bj6u4C5qrpTtmC_K_YOzVNfy4A02BcA%40mail.gmail.com.