How to update GPG key for MySQL APT repository on Debian/Ubuntu?

Updated on September 1, 2017

If you are getting an error “GPG error and Duplicate sources.list” while configuring MySQL repository for installing MySQL server version 5.7, then here’s how you can udpate GPG key.

#apt-get update
 .....
 W: GPG error: http://repo.mysql.com jessie InRelease: The following signatures were invalid: KEYEXPIRED 1487236823 KEYEXPIRED 1487236823 KEYEXPIRED 1487236823
 W: Duplicate sources.list entry https://packages.sury.org/php/ jessie/main amd64 Packages (/var/lib/apt/lists/packages.sury.org_php_dists_jessie_main_binary-amd64_Packages)

Solution: Above error indicates that the MySQL APT GPG key has expired, making it impossible to install or upgrade Debian packages from the Oracle MySQL APT repository.

Update gpg key for MySQL repository in debian/ubuntu

Find the expired keys of the repository in Debian/Ubuntu?

Step 1: List the expired key using the below command:

#apt-key list
/etc/apt/trusted.gpg
--------------------
pub 4096R/89DF5277 2010-07-11
uid Guillaume Plessis <gui@dotdeb.org>
sub 4096R/3D624A3B 2010-07-11
sub 4096R/A2098A6E 2010-07-11
pub 1024D/5072E1F5 2003-02-03 [expired: 2017-02-16]
uid MySQL Release Engineering <mysql-build@oss.oracle.com>

From the above expired key list, it’s clear that the MySQL repository GPG key expired on 16th Feb 2017.

How to update the GPG key for the MySQL APT repository?

Step 2: The simple solution is to update the GPG key for Oracle MySQL APT repository.

#apt-key adv --keyserver pgp.mit.edu --recv-keys A4A9406876FCBD3C456770C88C718D3B5072E1F5

Sample Output:

Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.z5SEIWWrbt --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyring /etc/apt/trusted.gpg.d/php.gpg --keyserver pgp.mit.edu --recv-keys A4A9406876FCBD3C456770C88C718D3B5072E1F5
gpg: requesting key 5072E1F5 from hkp server pgp.mit.edu
gpg: key 5072E1F5: "MySQL Release Engineering <mysql-build@oss.oracle.com>" 62 new signatures
gpg: Total number processed: 1
gpg: new signatures: 62

Step 3: The new key has been updated successfully and now you can update package manager

#apt-get update

Was this article helpful?

Related Articles

Comments Leave a Comment

Leave a Comment