Key for downloading ros2 source showing expired

griz11 · 2021-05-29T02:36:42.814Z

Trying to build ros2 foxy. apt-key list shows the key is expired and so apt update stops. Any idea when this will be fixed?

mikeferguson · 2021-05-29T04:03:43.481Z

It appears Open Robotics is now aware of the issue and working on it:

https://twitter.com/OpenRoboticsOrg/status/1398488980593668097

Katherine_Scott · 2021-05-29T04:06:20.905Z

Thanks for bringing this to our attention. We’re working on the issue presently. I’ll send out updates as things evolve.

Katherine_Scott · 2021-05-29T04:36:47.373Z

We’ve created an incident report that is available here.

Katherine_Scott · 2021-05-29T06:41:11.957Z

We have issued a PR that addresses the issue and it is being reviewed. It may take some time to deploy and will require user action. We’ll post additional details as they become available.

gavanderhoorn · 2021-05-29T07:32:00.991Z

Post on ROS Answers: apt update: signatures were invalid: F42ED6FBAB17C654.

With a sort-of acceptable work-around for those in dire need of .debs.

yanqd0 · 2021-05-29T07:48:53.254Z

It works, but is not secure.

Besides, --allow-insecure-repositories is also a good temporary solution, without change any file.

sudo apt update --allow-insecure-repositories

However, I am still concerning when the new key is released.

gavanderhoorn · 2021-05-29T07:57:32.694Z

yanqd0:

It works, but is not secure.

of course. That’s why it’s called a work-around.

yanqd0:

Besides, --allow-insecure-repositories is also a good temporary solution, without change any file.
sudo apt update --allow-insecure-repositories

yes, but that will allow insecure updates and installs from all repositories. Not just packages.ros.org.

Allowing just packages.ros.org is at least a little less insecure.

yanqd0:

However, I am still concerning when the new key is released.

that’s being worked on, as @kscottz and a few others have already posted.

Katherine_Scott · 2021-05-29T08:22:04.509Z

We have put together an incident report and a fix in this thread.