Solution to GPG error when updating packages in Linux (beta)
sudo apt-get update in the Linux subsystem of FydeOS, you may encounter an error message similar to the following:
W: GPG error: https://deb-mirror.fydeos.com/cros-packages/79 buster Release: The following signatures were invalid: EXPKEYSIG 6494C6D6997C215E Google Inc. (Linux Packages Signing Authority) <firstname.lastname@example.org> ... Updating from such a repository can't be done securely, and is therefore disabled by default.
This error prevents the Linux subsystem from updating packages through this source.
The source used in FydeOS’s Linux subsystem is
https://deb-mirror.fydeos.com/cros-packages, this source is the official Google source
https://storage.googleapis.com/cros-packages mirror address. The reason for the above error is that Google recently experienced a problem in the process of replacing the key, which caused
apt to fail to verify the signature of each package in the source, so the above error will also occur when using Google’s source.
For details of the bug, see Issue 1045292: crostini signing keys expired.
It can be solved by updating the public key used for verification, or skipping verification.
Update public key
The first method you should try is to update the public key, so that the process of verifying the package signature goes smoothly.
Run this command to update the public key:
sudo apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
After the command is executed successfully, try
sudo apt-get update again.
If the above
apt-key command fails to execute, or after successful execution,
sudo apt-get update still shows GPG error, you can try to modify file
/etc/apt/sources.list.d/cros.list with root permissions (sudo) in the Linux subsystem, add
[trusted = yes] in front of the FydeOS source address, the specific change is (omitting the version number and other content in the second half of the URL):
deb [trusted=yes] https://deb-mirror.fydeos.com/cros-packages/......
After this change, you will still see a GPG error when
sudo apt-get update, but this source will not be disabled, and you can still update the package from this source.