Bad Zimbra Repo Keys

L. Mark Stone mark.stone at missioncriticalemail.com
Thu Mar 20 21:00:17 CET 2025 

Hi Randy,

Regrettably, I am seeing the same behaviour.

root at securemail:~# apt-get update && apt list --upgradable 
Hit:1 https://repo.zimbra.com/apt/87 focal InRelease
Hit:2 https://repo.zimbra.com/apt/1000 focal InRelease                                 
Hit:3 https://repo.zimbra.com/apt/1000-ne focal InRelease                                                    
Hit:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu focal InRelease                                         
Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu focal-updates InRelease [128 kB]  
Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu focal-backports InRelease [128 kB] 
Err:1 https://repo.zimbra.com/apt/87 focal InRelease                         
  The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
Err:2 https://repo.zimbra.com/apt/1000 focal InRelease 
  The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
Get:7 http://security.ubuntu.com/ubuntu focal-security InRelease [128 kB]
Err:3 https://repo.zimbra.com/apt/1000-ne focal InRelease
  The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [3821 kB]
Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu focal-updates/main amd64 c-n-f Metadata [18.0 kB]
Get:10 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [3433 kB]
Get:11 http://security.ubuntu.com/ubuntu focal-security/main amd64 c-n-f Metadata [14.4 kB]
Get:12 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [1035 kB]
Get:13 http://security.ubuntu.com/ubuntu focal-security/universe Translation-en [220 kB]
Get:14 http://security.ubuntu.com/ubuntu focal-security/universe amd64 c-n-f Metadata [22.4 kB]
Fetched 8947 kB in 2s (5340 kB/s)                            
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://repo.zimbra.com/apt/87 focal InRelease: The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://repo.zimbra.com/apt/1000 focal InRelease: The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://repo.zimbra.com/apt/1000-ne focal InRelease: The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
W: Failed to fetch https://repo.zimbra.com/apt/87/dists/focal/InRelease  The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
W: Failed to fetch https://repo.zimbra.com/apt/1000/dists/focal/InRelease  The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
W: Failed to fetch https://repo.zimbra.com/apt/1000-ne/dists/focal/InRelease  The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
W: Some index files failed to download. They have been ignored, or old ones used instead.
Listing... Done
cloud-init/focal-updates 24.4.1-0ubuntu0~20.04.2 all [upgradable from: 24.4.1-0ubuntu0~20.04.1]
libfreetype6/focal-updates,focal-security 2.10.1-2ubuntu0.4 amd64 [upgradable from: 2.10.1-2ubuntu0.3]
libpython3.8-minimal/focal-updates,focal-security 3.8.10-0ubuntu1~20.04.17 amd64 [upgradable from: 3.8.10-0ubuntu1~20.04.15]
libpython3.8-stdlib/focal-updates,focal-security 3.8.10-0ubuntu1~20.04.17 amd64 [upgradable from: 3.8.10-0ubuntu1~20.04.15]
libpython3.8/focal-updates,focal-security 3.8.10-0ubuntu1~20.04.17 amd64 [upgradable from: 3.8.10-0ubuntu1~20.04.15]
libxslt1.1/focal-security 1.1.34-4ubuntu0.20.04.3 amd64 [upgradable from: 1.1.34-4ubuntu0.20.04.1]
python3-jinja2/focal-updates,focal-security 2.10.1-2ubuntu0.6 all [upgradable from: 2.10.1-2ubuntu0.4]
python3.8-minimal/focal-updates,focal-security 3.8.10-0ubuntu1~20.04.17 amd64 [upgradable from: 3.8.10-0ubuntu1~20.04.15]
python3.8/focal-updates,focal-security 3.8.10-0ubuntu1~20.04.17 amd64 [upgradable from: 3.8.10-0ubuntu1~20.04.15]
unrar/focal-updates,focal-security 1:5.6.6-2ubuntu0.1 amd64 [upgradable from: 1:5.6.6-2build1]
root at securemail:~# 

Regards, 
Mark 

-- 
_________________________________________________________________ 
L. Mark Stone, Founder 
North America's Leading Zimbra VAR/BSP/Training Partner 
For Companies With Mission-Critical Email Needs 
Winner of the Zimbra Americas VAR Partner of the Year 2024 Award

----- Original Message -----

| Hi Everyone,
| 
| I noticed on all of the Ubuntu 20.04 servers with Zimbra installed that I
| maintain that running "sudo apt update" recently began returning warnings like
| these:
| 
| Err:1 https://repo.zimbra.com/apt/onlyoffice focal InRelease
| The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra
| Packaging Services <packaging-devel at zimbra.com>
| Err:2 https://repo.zimbra.com/apt/87 focal InRelease
| The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra
| Packaging Services <packaging-devel at zimbra.com>
| Err:3 https://repo.zimbra.com/apt/1000 focal InRelease
| The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra
| Packaging Services <packaging-devel at zimbra.com>
| Err:4 https://repo.zimbra.com/apt/1000-ne focal InRelease
| The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra
| Packaging Services <packaging-devel at zimbra.com>
| 
| In checking the Zimbra repo key with "sudo apt-key list" and it does not appear
| the key expired, so it is not clear to me what happened to it:
| 
| /etc/apt/trusted.gpg
| --------------------------
| pub rsa4096 2015-03-19 [SC]
| 254F 9170 B966 D193 D6BA D300 D5CE F8BF 9BE6 ED79
| uid [ unknown] Zimbra Packaging Services <packaging-devel at zimbra.com>
| sub rsa4096 2015-03-19 [E]
| 
| Here is how I fixed it:
| 
| sudo apt-key del 254F9170B966D193D6BAD300D5CEF8BF9BE6ED79
| 
| Copy the key import script from: [
| https://wiki.zimbra.com/wiki/Zimbra_Collaboration_repository#Adding_the_Zimbra_Repository_key
| |
| https://wiki.zimbra.com/wiki/Zimbra_Collaboration_repository#Adding_the_Zimbra_Repository_key
| ] and run it:
| 
| sudo ./zimbra_gpg.sh
| sudo apt update
| 
| And all works correctly again:
| 
| Hit:1 http://us.archive.ubuntu.com/ubuntu focal InRelease
| Hit:2 https://repo.zimbra.com/apt/87 focal InRelease
| Hit:3 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease
| Hit:4 https://repo.zimbra.com/apt/1000 focal InRelease
| Hit:5 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease
| Hit:6 http://us.archive.ubuntu.com/ubuntu focal-security InRelease
| Hit:7 https://repo.zimbra.com/apt/1000-ne focal InRelease
| Reading package lists... Done
| Building dependency tree
| Reading state information... Done
| All packages are up to date.
| 
| 
| Randy Leiker ( randy at skywaynetworks.com )
| Skyway Networks, LLC
| 
| 
| --=_be61e944-4731-4efc-93b7-edcc8673d9c3
| Content-Type: text/html; charset=utf-8
| Content-Transfer-Encoding: quoted-printable
| 
| <html><body><div style=3D"font-family: arial, helvetica, sans-serif; font-s=
| ize: 12pt; color: #000000"><div>Hi Everyone,</div><div><br data-mce-bogus=
| =3D"1"></div><div>I noticed on all of the Ubuntu 20.04 servers with Zimbra =
| installed that I maintain that running "sudo apt update" recently began ret=
| urning warnings like these:</div><div><br data-mce-bogus=3D"1"></div><div>E=
| rr:1 https://repo.zimbra.com/apt/onlyoffice focal InRelease<br>  The f=
| ollowing signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packagi=
| ng Services <packaging-devel at zimbra.com><br>Err:2 https://repo.zimbra=
| .com/apt/87 focal InRelease<br>  The following signatures were invalid=
| : EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel@=
| zimbra.com><br>Err:3 https://repo.zimbra.com/apt/1000 focal InRelease<br=
|>  The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Z=
| imbra Packaging Services <packaging-devel at zimbra.com><br>Err:4 https:=
| //repo.zimbra.com/apt/1000-ne focal InRelease<br>  The following signa=
| tures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services &l=
| t;packaging-devel at zimbra.com><br><br data-mce-bogus=3D"1"></div><div>In =
| checking the Zimbra repo key with "sudo apt-key list" and it does not appea=
| r the key expired, so it is not clear to me what happened to it:</div><div>=
| <br data-mce-bogus=3D"1"></div><div>/etc/apt/trusted.gpg<br>---------------=
| -----------<br>pub   rsa4096 2015-03-19 [SC]<br>  &nbsp=
| ;   254F 9170 B966 D193 D6BA  D300 D5CE F8BF 9BE6 ED79<br>ui=
| d           [ unknown] Zi=
| mbra Packaging Services <packaging-devel at zimbra.com><br>sub &nbs=
| p; rsa4096 2015-03-19 [E]<br><br data-mce-bogus=3D"1"></div><div>Here is ho=
| w I fixed it:</div><div><br data-mce-bogus=3D"1"></div><div>sudo apt-key de=
| l 254F9170B966D193D6BAD300D5CEF8BF9BE6ED79</div><div><br data-mce-bogus=3D"=
| 1"></div><div>Copy the key import script from: <a href=3D"https://wiki.zimb=
| ra.com/wiki/Zimbra_Collaboration_repository#Adding_the_Zimbra_Repository_ke=
| y">https://wiki.zimbra.com/wiki/Zimbra_Collaboration_repository#Adding_the_=
| Zimbra_Repository_key</a> and run it:</div><div><br data-mce-bogus=3D"1"></=
| div><div>sudo ./zimbra_gpg.sh</div><div>sudo apt update</div><div><br data-=
| mce-bogus=3D"1"></div><div>And all works correctly again:</div><div><br dat=
| a-mce-bogus=3D"1"></div><div>Hit:1 http://us.archive.ubuntu.com/ubuntu foca=
| l InRelease<br>Hit:2 https://repo.zimbra.com/apt/87 focal InRelease<br>Hit:=
| 3 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease<br>Hit:4 http=
| s://repo.zimbra.com/apt/1000 focal InRelease<br>Hit:5 http://us.archive.ubu=
| ntu.com/ubuntu focal-backports InRelease<br>Hit:6 http://us.archive.ubuntu.=
| com/ubuntu focal-security InRelease<br>Hit:7 https://repo.zimbra.com/apt/10=
| 00-ne focal InRelease<br>Reading package lists... Done<br>Building dependen=
| cy tree<br>Reading state information... Done<br>All packages are up to date=
| .</div><div><br data-mce-bogus=3D"1"></div><div data-marker=3D"__SIG_PRE__"=
|><div><div><div><span style=3D"color:rgb( 255 , 102 , 0 );font-weight:bold"=
|><br>Randy Leiker (</span><span style=3D"font-weight:bold"> <span style=3D"=
| color:rgb( 51 , 51 , 255 );background-color:rgb( 255 , 255 , 255 )">randy at s=
| kywaynetworks.com</span> <span style=3D"color:rgb( 255 , 102 , 0 )">)</span=
|></span><br><span style=3D"color:rgb( 0 , 0 , 153 )">Skyway Networks, LLC</=
| span><br><br></div></div></div></div></div></body></html>
| --=_be61e944-4731-4efc-93b7-edcc8673d9c3--

More information about the Users mailing list