Categories
ROS

How to fix ROS package repo signature verification error

Here you will learn how to fix the ROS package repo key expiration error. You may see 2 error messages like below as you run sudo apt update.

Following signatures invalid EXPKEYSIG F42ED6FBAB17C654 Open Robotics info@osrfoundation.org
Failed to fetch packages ros org

Why this happens

ROS uses Debian package system that Ubuntu uses to distribute ROS packages. It is a best practice to sign the packages to make sure all the packages you downloaded are authentic, meaning they are exactly published and not modified by any other people.

To sign these packages, one needs a key, which in this case, a GPG key. The software that generates the key by default set expiration up to 2 years. Now, the end of May in 2021, the key has expired, so you see the error that the OS warns that the key is expired. The error code is EXPKEYSIG.

What are the errors

You will see 4 error messages in the output of sudo apt update. They are all complaining about the expired signing key.

One is in the middle:

The following signatures were invalid EXPKEYSIG F42ED6FBAB17C654 Open Robotics info osrfoundation org
Err:8 http://packages.ros.org/ros/ubuntu focal InRelease   
   The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics info@osrfoundation.org

You will see three errors in the end of the output:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://packages.ros.org/ros/ubuntu focal InRelease: The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics info@osrfoundation.org
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://packages.ros.org/ros/ubuntu focal InRelease: The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics info@osrfoundation.org
W: Failed to fetch http://packages.ros.org/ros/ubuntu/dists/focal/InRelease The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics info@osrfoundation.org
W: Failed to fetch http://packages.ros.org/ros/ubuntu/dists/focal/InRelease The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics info@osrfoundation.org
W Some index files failed to download. They have been ignored or old ones used instead
W: Some index files failed to download. They have been ignored, or old ones used instead.

How to fix

To fix this issue, you will need to add the updated key and run sudo apt update again to verify the fix.

Step 1 — Add updated key file

Fix for ROS 1: ROS Melodic or Noetic

If you are using ROS Melodic or Noetic, run the following command.

curl -s https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | sudo apt-key add -

The apt-key add command will add the new ROS key. You will see it outputs OK when it succeeds.

curl s httpsraw.githubusercontent.com ros rosdistro master ros.asc sudo apt key add

Fix for ROS 2: ROS2 Galactic, Foxy, Dashing…

If you are using ROS 2, ROS2 Galactic, Foxy or Dashing, the key file is not the same one as ROS 1. You’ll need to run the following command:

sudo curl -sSL https://raw.githubusercontent.com/ros/rosdistro/master/ros.key -o /usr/share/keyrings/ros-archive-keyring.gpg

Step 2 — Verify the fix & check updated ROS packages

Now, run sudo apt update to verify if the key is 100% succeeded.

sudo apt update

You will see similar output like below. As long as you don’t see any errors, you are again ready to update ROS packages as usual.

$ sudo apt update
...
 Get:15 http://packages.ros.org/ros/ubuntu focal InRelease [4,676 B] 
...
 Fetched 2,671 kB in 2s (1,607 kB/s)                     
 Reading package lists… Done
 Building dependency tree       
 Reading state information… Done
 30 packages can be upgraded. Run 'apt list --upgradable' to see them.

That’s it. The new key is set to be good for another 5 years, which is 3 years more than the default. It should be good as your current Ubuntu OS and ROS distro will be end-of-life at that time.


References: https://discourse.ros.org/t/ros-gpg-key-expiration-incident/20669

+7

By VarHowto Editor

Welcome to VarHowto!