ROS GPG Key Expiration Incident

General
,
44

There’s no know issues with infrastructure and the keys available have been validate. @TSC21 @Red24dog These both look like problems with the download. Most commonly being missing CA Certificates, or your clock being incorrectly set on the system to invalidate the SSL certificates. If anyone is still having issues please ask a question on answers.ros.org to get help.

My reproduction

I validated it’s work, then removed the keys to show how the error can be reproduced. And showed the error output that’s being piped into the gpg instance instead of the key itself.

root@c4606cbad79c:/# curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | apt-key add -
OK
root@c4606cbad79c:/# sudo apt-get remove ca-certificates
bash: sudo: command not found
root@c4606cbad79c:/# apt-get remove ca-certificates
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following package was automatically installed and is no longer required:
  openssl
Use 'apt autoremove' to remove it.
The following packages will be REMOVED:
  ca-certificates
0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded.
After this operation, 412 kB disk space will be freed.
Do you want to continue? [Y/n] 
(Reading database ... 7449 files and directories currently installed.)
Removing ca-certificates (20200601~deb10u2) ...
Removing dangling symlinks from /etc/ssl/certs... done.
root@c4606cbad79c:/# curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | apt-key add -
gpg: no valid OpenPGP data found.
root@c4606cbad79c:/# history
    1  apt-get update  && apt-get install curl
    2  curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | apt-key add -
    3  apt-get install gnupg
    4  curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | apt-key add -
    5  sudo apt-get remove ca-certificates
    6  apt-get remove ca-certificates
    7  curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | apt-key add -
    8  history
root@c4606cbad79c:/# curl https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc 
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
1 Like
45

How would I do this on a windows machine? The apt-key add command doesn’t work on windows.

46

Windows does not apt for installing ROS and was not affected by this incident.

47

Hi,please I am new to ROS and tried the command for ROS1. It did not work. I run the command and the terminal dsiplays “OK”, but when I do a sudo apt update I still see errors involving the GPG key and I can’t install anything. I am using ubuntu version 18.04 and ROS melodic. Is there something I am doing wrong?

48

Hi,please I am new to ROS and tried the command for ROS1. It did not work. I run the command and the terminal dsiplays “OK”, but when I do a sudo apt update I still see errors involving the GPG key and I can’t install anything. I am using ubuntu version 18.04 and ROS melodic. Is there something I am doing wrong?

49

It’s likely that there’s something not quite setup correctly. As directed above, please ask for help on answers.ros.org first looking to see if anyone else has had the same problem. And if not please ask your own question. Make sure to include full details of what you’ve done, as well as the full commands you’re running with the commands as well as the full console outputs so that we can reproduce your issue. We can help you there without emailing most of the community.