ROS GPG Key Expiration Incident

Tiryoh · May 30, 2021, 5:41am

As @ipa-mdl said, it seems to be caused by installing without using the signed-by option.
I didn’t realize that. Thank you for letting me know, @ipa-mdl!
The environment was set up in 2020 and apt upgraded since then, so that’s probably the cause.

How about guiding ROS 2 users who set up before April 2021 to use “apt-key add”, which is the same approach as ROS1?

This is the result of sudo apt -oDebug::pkgAcquire::Worker=1 update 2>&1 | tee log.txt.

gist.github.com

https://gist.github.com/Tiryoh/8860baf09a5cd3f0cb3cd82a17d1f685

ros2-foxy-focal-apt-key-update-log.txt


WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Starting method '/usr/lib/apt/methods/mirror'
 <- mirror:100%20Capabilities%0aAuxRequests:%20true%0aSend-Config:%20true%0aPipeline:%20true%0aSingle-Instance:%20true%0aVersion:%202.0
Configured access method mirror
Version:2.0 SingleInstance:1 Pipeline:1 SendConfig:1 LocalOnly: 0 NeedsCleanup: 0 Removable: 0 AuxRequests: 1
Starting method '/usr/lib/apt/methods/http'
 <- http:100%20Capabilities%0aSend-Config:%20true%0aPipeline:%20true%0aVersion:%201.2
Configured access method http

This file has been truncated. show original

Topic		Replies	Views
Post-mortem: ROS GPG Key Expiration Incident General	0	1612	June 4, 2021
Ubuntu installation doc needs to be updated for use with new GPG keys?	3	2419	June 14, 2021
New GPG keys deployed for packages.ros.org General	11	30801	June 14, 2021
Key rotation for ROS 2 apt repositories General ros2 , ardent , bouncy , crystal	2	8351	June 7, 2019
Key for downloading ros2 source showing expired General	8	6053	May 29, 2021

ROS GPG Key Expiration Incident

Related topics