FIXED: Failed to fetch https://packages.sury.org, signatures were invalid

When running a Linux sudo apt-get update to fetch the latest package listings on an order emonSD, in this case emonSD-10Nov22 you may run into the error:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.sury.org/php bullseye InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key <[email protected]>
W: Failed to fetch https://packages.sury.org/php/dists/bullseye/InRelease  The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key <[email protected]>

This error is caused by an outdated signing key on the PHP sury.org repository, this can be fixed by:

First move the old sury-php.list file when the signing key is stored to the home folder in case something goes wrong and we need to restore it:

sudo mv /etc/apt/sources.list.d/sury-php.list /home/pi/old.sury-php.list

Then get the new signing key:

sudo apt-get update
sudo apt-get -y install lsb-release ca-certificates curl
sudo curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb
sudo dpkg -i /tmp/debsuryorg-archive-keyring.deb
sudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
sudo apt-get update

These steps were taken from https://packages.sury.org/php/README.txt


@TrystanLea Maybe going forward we should use the official Debian PHP packages rather than sury, the notes from https://deb.sury.org/ says:

I am a Debian Developer since year 2000, and I have been packaging PHP for Debian since PHP 5. That means the official packages in Debian and Ubuntu are either my work or they are based on my work. The PHP packages in my Ubuntu PPA and Debian DPA matches the official packages in Debian. Basically I am saying that you can’t get any closer than that.

Which means the official Debian packages should be the same as the sury packages without requiring adding and maintaining a new package list.

1 Like