Problem with MySQL 8.0 repository signing after 12/14/2023

December

2023

Problem with MySQL 8.0 repository signing after 12/14/2023

Linux

18 December 2023 17:10

On December 12, 2023, the signature of the repo.mysql.com repository expired, which caused a problem with updating MySQL using apt update.

Symptoms

1) When updating the apt update package cache, an error is displayed

Error: 2 http://repo.mysql.com/apt/ubuntu jammy InRelease The following signatures cannot be verified because the public key is not available: NO_PUBKEY B7B3B788A8D3785C

2) When executing a command sudo dpkg-reconfigure mysql-apt-config the problem with apt update occurs again.

W: GPG Error: http://repo.mysql.com/apt/ubuntu jammy InRelease: The following signatures cannot be verified because the public key is not available: NO_PUBKEY B7B3B788A8D3785C E: Repository "http://repo.mysql.com/apt/ubuntu jammy InRelease" is not signed.

3) If you install or reinstall mysql-apt-config_0.8.28-1_all.deb and try to update the packages apt update- same error:NO_PUBKEY B7B3B788A8D3785C.

Workaround

B Linux Mint - "Start" - "Administration" - "Application Sources" disable in "Additional repositories" three lines regarding MySQL,
or in a file /etc/apt/sources.list.d/mysql.list закомментировать эти строчки, либо удалить сам файл `/etc/apt/sources.list.d/mysql.list'

This method solves the problem temporarily. You need to wait until the owner of Oracle uploads a new release to his repository and signs it with a valid key B7B3B788A8D3785C, which will be valid for two years until 2025-10-22.

As of today, the status of the keys is as follows:

gpg --fingerprint

/home/user/.gnupg/pubring.kbx
-----------------------------
pub rsa4096 2023-10-23 [SC] [expired until: 2025-10-22]
    BCA4 3417 C3B4 85DD 128E C6D4 B7B3 B788 A8D3 785C
uid [unknown] MySQL Release Engineering 
sub rsa4096 2023-10-23 [E] [expired until: 2025-10-22]

pub rsa4096 2021-12-14 [SC] [expired from: 2023-12-14]
      859B E8D7 C586 F538 430B  19C2 467B 942D 3A79 BD29
uid [ expired ] MySQL Release Engineering

Permanent Solution - Fixes MySQL Signing Issue

1) We delete old, inactive keys - from 2022.

sudo apt-key del A4A9 4068 76FC BD3C 4567  70C8 8C71 8D3B 5072 E1F5
sudo apt-key del 859B E8D7 C586 F538 430B 19C2 467B 942D 3A79 BD29

2) Using GPG, download a new key B7B3B788A8D3785C, if you have not done so before

gpg --keyserver keyserver.ubuntu.com --recv B7B3B788A8D3785C
gpg --export B7B3B788A8D3785C | sudo tee /etc/apt/trusted.gpg.d/mysql.gpg > /dev/null

3) In the cd /etc/apt/sources.list.d/ folder, edit the file for the application source - a third-party repository:mysql.list

sudo nano /etc/apt/sources.list.d/mysql.list

Correcting the line:

instead of ~~[signed-by=/usr/share/keyrings/mysql-apt-config.gpg]~~
specify [signed-by=/etc/apt/trusted.gpg.d/mysql.gpg]

Contents of the file /etc/apt/sources.list.d/mysql.list:

deb [signed-by=/etc/apt/trusted.gpg.d/mysql.gpg] http://repo.mysql.com/apt/ubuntu/ jammy mysql-apt-config deb [signed-by=/etc/apt/trusted.gpg.d/mysql.gpg] http://repo.mysql.com/apt/ubuntu/ jammy mysql-8.0 deb [signed-by=/etc/apt/trusted.gpg.d/mysql.gpg] http://repo.mysql.com/apt/ubuntu/ jammy mysql-tools

Saved the file.

4) Updated the package cache and updated them

sudo apt update
sudo apt upgrade

There is no apt update error anymore, the mysql repository is signed with a valid signature B7B3B788A8D3785C.

 gpg --list-keys

Key...785C expiration date: 2025-10-22

Sources:
GitHub issue
MySQL is badly signed

Blog about Radio and Linux