18
December
2023
Problem with the signature of the MYSQL 8.0 repository after 12/14/2023
17:10

Problem with the signature of the MYSQL 8.0 repository after 12/14/2023

18 December 2023 17:10

On December 12, 2023, the signature of the repo.mysql.com repository expired, which caused an issue with updating MySQL using apt update.

Symptoms

1) When updating the package cache, apt update returns an error:

Error: 2 http://repo.mysql.com/apt/ubuntu jammy InRelease
The following signatures cannot be verified because the public key is not available: NO_PUBKEY B7B3B788A8D3785C

2) when executing a command sudo dpkg-reconfigure mysql-apt-config the problem with apt update occurs again.

W: GPG Error: http://repo.mysql.com/apt/ubuntu jammy InRelease: The following signatures could not be verified because the public key is not available: NO_PUBKEY B7B3B788A8D3785C
E: Repository 'http://repo.mysql.com/apt/ubuntu jammy InRelease' is not signed.

3) If you install or reinstall mysql-apt-config_0.8.28-1_all.deb and try to update packages apt update - the same error: NO_PUBKEY B7B3B788A8D3785C.

Temporary decision

In Linux Mint - “start” - “administration” - “sources of applications” turn off in “additional repositories” Three lines regarding MySQL,
or in the file /etc/apt/sources.list.d/mysql.list comment out these lines or delete the file itself `/etc/apt/sources.list.d/mysql.list '

In the way the problem is solved temporarily ._ We need to wait for the owner oraCle will lay out a new release on its repository and sign the current key B7B3B788A8D3785C, which will operate for two years until 2025-10-22.

Today, the condition of the keys is as follows:

gpg --fingerprint
/home/user/.gnupg/pubring.kbx
---------------------------------
Pubrsa4096 2023-10-23 [SC] [suitable to: 2025-10-22]
      bca4 3417 c3b4 85dd 128e  c6d4 b7b3 b788 a8d3 785c
uid [unknown] MySQL Release Engineering 
Subrsa4096 2023-10-23 [e] [suitable to: 2025-10-22]

Pubrsa4096 2021-12-14 [SC] [expired with: 2023-12-14]
      859b e8d7 c586 f538 430b  19c2 467b 942d 3a79 bd29
uid [expired] MySQL Release Engineering

Constant solution - eliminates the problem of MySQL signature

1) We remove old, invalid keys - from 2022

sudo apt-key del a4a9 4068 76fc bd3c 4567 70c8 8c71 8d3b 5072 e1f5
sudo apt-key del 859b e8d7 c586 f538 430b 19c2 467b 942d 3a79 bd29

2) Using the GPG, download the new B7B3B78A8D3785C key if you haven't done before

gpg --keyserver keyserver.ubuntu.com --recv b7b3b788a8d3785c
gpg --export b7b3b788a8d3785c | sudo tee /etc/apt/trusted.gpg.d/mysql.gpg > /dev/null

3) in the folder cd /etc/apt/sources.list.d/ we edit the file for the application source - a third-party repository: mysql.list 

sudo nano /etc/apt/sources.list.d/mysql.list

Correct the line:

  • Instead of ~~ [signed-by =/usr/share/keyrings/mysql-apt-config.gpg] ~~
  • indicate [signed-by =/etc/apt/trusted.gpg.d/mysql.gpg]

Trusted

Contents of the file /etc/apt/sources.list.d/mysql.list

deb [signed-by=/etc/apt/trusted.gpg.d/mysql.gpg] http://repo.mysql.com/apt/ubuntu/ jammy mysql-apt-config
deb [signed-by=/etc/apt/trusted.gpg.d/mysql.gpg] http://repo.mysql.com/apt/ubuntu/ jammy mysql-8.0
deb [signed-by=/etc/apt/trusted.gpg.d/mysql.gpg] http://repo.mysql.com/apt/ubuntu/ jammy mysql-tools

I saved the file.

4) updated the cache of packages and updated them

sudo apt update
sudo apt upgrade

There is no longer an apt update error, the mysql repository is signed with a valid signature B7B3B788A8D3785C.

 gpg --list-keys

Key...785C expiration date: 2025-10-22

Sources:
GITHUB Issue
MySQL IS Badly Signed



Related publications

Languages

Theme

RSS feeds

Atom 1.0 RSS

Popular tags

Random post

I'll be lucky!

Archive of posts

Search on Site

Weather forecast