Here you will learn how to fix the ROS package repo key expiration error. You may see 2 error messages like below as you run sudo apt update
.
Contents
Why this happens
ROS uses Debian package system that Ubuntu uses to distribute ROS packages. It is a best practice to sign the packages to make sure all the packages you downloaded are authentic, meaning they are exactly published and not modified by any other people.
To sign these packages, one needs a key, which in this case, a GPG key. The software that generates the key by default set expiration up to 2 years. Now, the end of May in 2021, the key has expired, so you see the error that the OS warns that the key is expired. The error code is EXPKEYSIG.
What are the errors
You will see 4 error messages in the output of sudo apt update
. They are all complaining about the expired signing key.
One is in the middle:
Err:8 http://packages.ros.org/ros/ubuntu focal InRelease
The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics info@osrfoundation.org
You will see three errors in the end of the output:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://packages.ros.org/ros/ubuntu focal InRelease: The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics info@osrfoundation.org
W: Failed to fetch http://packages.ros.org/ros/ubuntu/dists/focal/InRelease The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics info@osrfoundation.org
W: Some index files failed to download. They have been ignored, or old ones used instead.
How to fix
To fix this issue, you will need to add the updated key and run sudo apt update
again to verify the fix.
Step 1 — Add updated key file
Fix for ROS 1: ROS Melodic or Noetic
If you are using ROS Melodic or Noetic, run the following command.
curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | sudo apt-key add -
The apt-key add
command will add the new ROS key. You will see it outputs OK
when it succeeds.
Fix for ROS 2: ROS2 Galactic, Foxy, Dashing…
If you are using ROS 2, ROS2 Galactic, Foxy or Dashing, the key file is not the same one as ROS 1. You’ll need to run the following command:
sudo curl -sSL https://raw.githubusercontent.com/ros/rosdistro/master/ros.key -o /usr/share/keyrings/ros-archive-keyring.gpg
Step 2 — Verify the fix & check updated ROS packages
Now, run sudo apt update
to verify if the key is 100% succeeded.
sudo apt update
You will see similar output like below. As long as you don’t see any errors, you are again ready to update ROS packages as usual.
$ sudo apt update
...
Get:15 http://packages.ros.org/ros/ubuntu focal InRelease [4,676 B]
...
Fetched 2,671 kB in 2s (1,607 kB/s)
Reading package lists… Done
Building dependency tree
Reading state information… Done
30 packages can be upgraded. Run 'apt list --upgradable' to see them.
That’s it. The new key is set to be good for another 5 years, which is 3 years more than the default. It should be good as your current Ubuntu OS and ROS distro will be end-of-life at that time.
References: https://discourse.ros.org/t/ros-gpg-key-expiration-incident/20669