ROS Resources: Documentation | Support | Discussion Forum | Service Status | Q&A answers.ros.org

Key for downloading ros2 source showing expired

Trying to build ros2 foxy. apt-key list shows the key is expired and so apt update stops. Any idea when this will be fixed?

3 Likes

It appears Open Robotics is now aware of the issue and working on it:

Thanks for bringing this to our attention. We’re working on the issue presently. I’ll send out updates as things evolve.

1 Like

We’ve created an incident report that is available here.

1 Like

We have issued a PR that addresses the issue and it is being reviewed. It may take some time to deploy and will require user action. We’ll post additional details as they become available.

Post on ROS Answers: apt update: signatures were invalid: F42ED6FBAB17C654.

With a sort-of acceptable work-around for those in dire need of .debs.

It works, but is not secure.

Besides, --allow-insecure-repositories is also a good temporary solution, without change any file.

sudo apt update --allow-insecure-repositories

However, I am still concerning when the new key is released.

of course. That’s why it’s called a work-around.

yes, but that will allow insecure updates and installs from all repositories. Not just packages.ros.org.

Allowing just packages.ros.org is at least a little less insecure.

that’s being worked on, as @kscottz and a few others have already posted.

1 Like

We have put together an incident report and a fix in this thread.

2 Likes