ROSのaptリポジトリに利用されているGPGキーは期限切れになってしまいました。キーは延長されて、新しいパブリックキーは生成されました。ただし、全ユーザは自分のPCなどをアップデートすることが必要です。
ROS 1の場合は下記のコマンドでキーをアップデートしてください。
curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | sudo apt-key add -
ROS 2の場合は下記のコマンドを実行してアップデートしてください。
sudo curl -sSL https://raw.githubusercontent.com/ros/rosdistro/master/ros.key -o /usr/share/keyrings/ros-archive-keyring.gpg
英語ですが詳しくはこちらをご覧ください 。
3 Likes
@gbiggs ROS2 FoxyのDockerコンテナで試しました。
docker run -it --rm ros:foxy bash
ROS 2の場合は下記のコマンドを実行してアップデートしてください。
sudo curl -sSL https://raw.githubusercontent.com/ros/rosdistro/master/ros.key -o /usr/share/keyrings/ros-archive-keyring.gpg
Dockerコンテナで以下のコマンドを実行しましたが解決していないようです。
apt update || apt install -y curl && curl -sSL https://raw.githubusercontent.com/ros/rosdistro/master/ros.key -o /usr/share/keyrings/ros-archive-keyring.gpg && apt update
W: GPG error: http://packages.ros.org/ros2/ubuntu focal InRelease: The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics <info@osrfoundation.org>
E: The repository 'http://packages.ros.org/ros2/ubuntu focal InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
https://discourse.ros.org/t/ros-gpg-key-expiration-incident/20669/28 を読んで以下のコマンドを実行すると解決しました。
apt update || apt install -y curl && curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | apt-key add - && apt update
Docker Official imageの更新はいろいろ作業があり,ようやく先ほど完了したようです.私の環境ではなにも気にせずに使えるようになりました.
Affected images should be rebuilt soon after this gets mered upstream by the librarians:
docker-library:master ← ros-infrastructure:swap_key_install
opened 09:26PM - 31 May 21 UTC
The ROS [apt repo key expired](https://status.ros.org/incidents/mhqz8yyhrtsg), a… new key has been pushed, for apt to work in the docker images, they need to be rebuilt without cache.
To do so we modified our images to swap the creation of the source.list file and the retrieval of the key from the keyserver.
Another more futureprool approach would be to [ADD the key using a fixed URL.](https://github.com/osrf/docker_images/issues/535#issuecomment-850893664) If the key changes the cache would be burst and the images rebuilt, otherwise the cache would be kept. Is this an approach that would be acceptable in official images ?
Relates to https://github.com/osrf/docker_images/issues/535
今年の4月にROSのインストール方法が変更になったようです。ROS GPG Key Expiration Incident - #15 by ipa-mdl で教えてもらいました。)
それ以前にインストールした場合、それ以前の方法を引き続き使用してインストールしている場合は"apt-key add"を使った方法(現在ROS1用として案内されている方法)でアップグレードする必要がありそうです。
インストール方法変更のPR:
ros2:rolling ← mrpollo:mrpollo/debianrepofutureproofing
opened 12:55AM - 08 Mar 21 UTC
In future debian releases, the way how you configure a third-party repository is… going to change, see https://wiki.debian.org/DebianRepository/UseThirdParty
**Note:** I tried this under Ubuntu Focal & Groovy and can confirm it works.
This is my first contribution to your docs, and I don't know what your policy is for changing instructions as such; and since this is a very sensitive step in the installation process, I would suggest someone confirms this works under Ubuntu 20.04 & 20.10
**This is a list of the changes in this PR:**
* The GPG key is now converted to a binary with `gpg --dearmor`
* The location of the ROS repository key changes to the recommended path under
`/usr/share/keyrings`
* The sources.list entry requires a `signed-by` option to be set
pointing to the GPG binary key
**TODO:** Standard Pinning needs to be set to allow apt to understand the level of priority that should be given to the sources found on the ROS repository
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858406
ros2:foxy ← ros2:mergify/bp/foxy/pr-1189
opened 05:12PM - 01 Apr 21 UTC
This is an automatic backport of pull request #1189 done by [Mergify](https://me… rgify.io).
---
<details>
<summary>Mergify commands and options</summary>
<br />
More conditions and actions can be found in the [documentation](https://docs.mergify.io/).
You can also trigger Mergify actions by commenting on this pull request:
- `@Mergifyio refresh` will re-evaluate the rules
- `@Mergifyio rebase` will rebase this PR on its base branch
- `@Mergifyio update` will merge the base branch into this PR
- `@Mergifyio backport <destination>` will backport this PR on `<destination>` branch
Additionally, on Mergify [dashboard](https://dashboard.mergify.io/) you can:
- look at your merge queues
- generate the Mergify configuration with the config editor.
Finally, you can contact us on https://mergify.io/
</details>
公式の案内で2021年4月より前にインストールした場合について言及してみてはいかが?と聞いています。
@cottsay
As @ipa-mdl said, it seems to be caused by installing without using the signed-by option.
I didn’t realize that. Thank you for letting me know, @ipa-mdl !
The environment was set up in 2020 and apt upgraded since then, so that’s probably the cause.
How about guiding ROS 2 users who set up before April 2021 to use “apt-key add”, which is the same approach as ROS1?
This is the result of sudo apt -oDebug::pkgAcquire::Worker=1 update 2>&1 | tee log.txt.