MongoDB GPG - Invalid Signatures
MongodbUbuntuMongodb Problem Overview
I'm installing MongoDB on an Ubuntu 14.04 machine, using the instructions at: https://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/
So I run:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
And then:
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
Followed by:
sudo apt-get update
I then get the following warning at the end of the update:
> W: GPG error: http://repo.mongodb.org trusty/mongodb-org/3.2 Release: > The following signatures were invalid: BADSIG D68FA50FEA312927 MongoDB > 3.2 Release Signing Key <[email protected]>
If I ignore the warning and try to run:
sudo apt-get install -y mongodb-org
I get:
> WARNING: The following packages cannot be authenticated!
> mongodb-org-shell mongodb-org-server mongodb-org-mongos
> mongodb-org-tools mongodb-org E: There are problems and -y was used
> without --force-yes
Any ideas on how to resolve? Thanks!
Mongodb Solutions
Solution 1 - Mongodb
Update all expired keys from Ubuntu key server in one command:
sudo apt-key list | \
grep "expired: " | \
sed -ne 's|pub .*/\([^ ]*\) .*|\1|gp' | \
xargs -n1 sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys
Command explanation:
sudo apt-key list
- lists all keys installed in the system;grep "expired: "
- leave only lines with expired keys;sed -ne 's|pub .*/\([^ ]*\) .*|\1|gp'
- extracts keys;xargs -n1 sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys
- updates keys from Ubuntu key server by found expired ones.
Solution 2 - Mongodb
Sounds like you need to redo the installation steps for MongoDB. First, remove any existing repository file for MongoDB. Do as below:
$ sudo rm /etc/apt/sources.list.d/mongodb*.list
Next, add the key (without the key, the repository will not load):
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
Now, create a new MongoDB repository list file:
$ echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
After adding the repository details, we need to update the packages list:
$ sudo apt-get update
Now install MongoDB:
sudo apt install mongodb-org
Solution 3 - Mongodb
You don't need to reinstall the mongo packages, but just change the key as following:
List the keys to confirm it is expired:
apt-key list | grep "expired:"
Replace the key:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0xd68fa50fea312927
The number 0xd68fa50fea312927 is the current valid key id (expires at 2019-10-09), as you can check here.
Solution 4 - Mongodb
It seems version 3.2.1 has been released on 11/Jan/2016, and the packages signature is bad since this moment. The packages signature were fine the day before.
You can either add the --force-yes option, or wait for a few hours that the mongodb team sees and fixes the issue.
There is already a ticket there: https://jira.mongodb.org/browse/SERVER-22144
Solution 5 - Mongodb
I also faced this issue when installing MongoDB 4.0 on Ubuntu 16.04. So I did.
-
sudo rm /etc/apt/sources.list.d/mongodb*.list
- remove any existing file for MongoDB -
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E52529D4
- add the key -
sudo bash -c 'echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/4.0 multiverse" > /etc/apt/sources.list.d/mongodb-org-4.0.list'
- create a new MongoDB repository list file
Now, Complete the installation with an update of repositories then install MongoDB, enable the mongod
service and start it up, and last, check your MongoDB version:
sudo apt update
sudo apt install mongodb-org
systemctl enable mongod.service
systemctl start mongod.service
mongo --version
Solution 6 - Mongodb
I also faced this issue when installing MongoDB 3.2 on my ubuntu 16.04 using the below commands. The below solution is provided as the question related to the v3.2 installation of MongoDB
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
sudo apt-get update
After running the above update command i found the following warnings
W: GPG error: http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release: The following signatures were invalid: KEYEXPIRED 1507497109
W: The repository 'http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
On further investigating using the below command to list all the keys
sudo apt-key list
It shows that the current key is expired on 2017-10-08
pub 4096R/EA312927 2015-10-09 [expired: 2017-10-08]
uid MongoDB 3.2 Release Signing Key <[email protected]>
This also made sense as the MongoDB Current Stable Release is now (3.4.9).
To fix the issue first we make a small cleanup (optional)
-
we remove the old key added
sudo apt-key list // List all keys
sudo apt-key del EA312927 // Find the uid of the key to be deleted
apt-key list | grep Mongodb // Verify if its deleted
-
Now we remove the MongoDB repo added in /etc/apt/sources.list.d
sudo rm /etc/apt/sources.list.d/mongodb*.list
-
Now we install the latest stable version of MongoDB(3.4.9) using below commands
Import the Public Key used by the Ubuntu Package Manager
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
Create a file list for mongoDB to fetch the current repository
echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-3.4.list
Install MongoDB
sudo apt-get update
sudo apt-get install mongodb-org
Solution 7 - Mongodb
I had the same problem, and solved it by installing mongodb with tarball method. Refer to the below link for detail.
https://docs.mongodb.org/manual/tutorial/install-mongodb-on-linux/
Adding details below
-
curl -O https://fastdl.mongodb.org/linux/mongodb-linux-i686-3.2.0.tgz
-
tar -zxvf mongodb-linux-i686-3.2.0.tgz
-
mkdir -p mongodb && cp -R -n mongodb-linux-i686-3.2.0/ mongodb
-
export PATH=
/bin:$PATH -
then run mongod (db path might needs to be set)
Solution 8 - Mongodb
I experienced the similar problem and got the following error while installing MongoDB 4.2 on Ubuntu 18.04 instance on Google Cloud.
W: GPG error: http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B7C549A058F8B6B
E: The repository 'http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details
The solution that worked from me was running the following command to get the key. I found this on MongoDB official Jira Issue Pages.
/usr/bin/curl -sLO https://www.mongodb.org/static/pgp/server-4.2.asc && sudo /usr/bin/apt-key add server-4.2.asc
I found this solution in MongoDB official Jira issues. Here is the link to the issue.
Solution 9 - Mongodb
wget -qO - https://www.mongodb.org/static/pgp/server-3.2.asc | sudo apt-key add -
Solution 10 - Mongodb
Actually, the following is very important to solve the problem
$ sudo rm /etc/apt/sources.list.d/mongodb*.list
Solution 11 - Mongodb
I had the same problem, so I did:
root@skarabi:~# apt remove mongodb-org
Then:
root@skarabi:~# sudo rm /etc/apt/sources.list.d/mongodb*.list
After :
root@skarabi:~# apt update
Solution 12 - Mongodb
Using dlopatin's answer I came up with this for Ubuntu 18.04 since that code doesnt work anymore:
sudo apt-key list | \
grep -A 1 "\[expired:" | \
sed -ne 's|^\s\{1,10\}\(\w*\)|\1|gp' | \
xargs -d '\n' sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys
- List keys
sudo apt-key list
- Get the expired one and print the next line with the fingerprint
grep -A 1 "\[expired:"
- Use sed to extract only the lines starting with space
^\s\{1,10\}
,and select the alphanumeric characters\(\w*\)
, replace those lines with the selected group which is the fingerprint\1
, repeat for all returned linesg
,then print the fingerprintp
. That gives:sed -ne 's|^\s\{1,10\}\(\w*\)|\1|gp'
- Use xargs with delimiter for '\n' otherwise it will break on spaces:
xargs -d '\n'
, then pass the fingerprints as arguments to apt-key to update them:sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys
which gives you:xargs -d '\n' sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys
Hopefully that is clear. Ignore the warning about apt-key output parsing :)
Solution 13 - Mongodb
This worked for me on ubuntu focal 20.04.01 LTS for installing MongoDB version 3.4.17:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list
sudo apt update
apt-cache policy libssl1.0-dev
sudo apt-get install libssl1.0-dev
sudo apt-get install -y mongodb-org=3.4.17 mongodb-org-server=3.4.17 mongodb-org-shell=3.4.17 mongodb-org-mongos=3.4.17 mongodb-org-tools=3.4.17