Zimbra repo key issue & solution for Ubuntu
Randy Leiker
randy at skywaynetworks.com
Thu Mar 20 21:16:02 CET 2025
After some further checking, I have learned that this repo key issue apparently affects all Ubuntu 20.04 and 22.04 installs for both Zimbra 10.0 and 10.1. I did not have a 9.0 install available to check, however I think we can reasonably presume it would affect it too, and probably 8.8.15 as well.
In digging around some more, I noticed that the new Zimbra repo key I installed today seems to have a sub-key now associated with it that it did not have before. I am thinking the Zimbra development team made an unannounced change to their repos where they are now signing packages with this newer sub-key rather than the main key they were using earlier.
So to recap, if you have Zimbra installed on Ubuntu 20.04 or 22.04, here is how to fix the issue and obtain Zimbra's new repo sub-key:
Delete the repo key:
sudo apt-key del 254F9170B966D193D6BAD300D5CEF8BF9BE6ED79
Copy the key import script from: [ https://wiki.zimbra.com/wiki/Zimbra_Collaboration_repository#Adding_the_Zimbra_Repository_key | https://wiki.zimbra.com/wiki/Zimbra_Collaboration_repository#Adding_the_Zimbra_Repository_key ] and run it with:
sudo chmod +x zimbra_gpg.sh
sudo ./zimbra_gpg.sh
Update your local host's repo cache:
sudo apt update
Randy Leiker ( randy at skywaynetworks.com )
Skyway Networks, LLC
From: "Randy Leiker" <randy at skywaynetworks.com>
To: "users" <users at lists.zetalliance.org>
Sent: Thursday, March 20, 2025 12:35:54 PM
Subject: Zimbra repo key issue & solution for Ubuntu
Hi Everyone,
I noticed on all of the Ubuntu 20.04 servers with Zimbra installed that I maintain that running "sudo apt update" recently began returning warnings like these:
Err:1 https://repo.zimbra.com/apt/onlyoffice focal InRelease
The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
Err:2 https://repo.zimbra.com/apt/87 focal InRelease
The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
Err:3 https://repo.zimbra.com/apt/1000 focal InRelease
The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
Err:4 https://repo.zimbra.com/apt/1000-ne focal InRelease
The following signatures were invalid: EXPKEYSIG 5234D2B73B6996C7 Zimbra Packaging Services <packaging-devel at zimbra.com>
In checking the Zimbra repo key with "sudo apt-key list" and it does not appear the key expired, so it is not clear to me what happened to it:
/etc/apt/trusted.gpg
--------------------------
pub rsa4096 2015-03-19 [SC]
254F 9170 B966 D193 D6BA D300 D5CE F8BF 9BE6 ED79
uid [ unknown] Zimbra Packaging Services <packaging-devel at zimbra.com>
sub rsa4096 2015-03-19 [E]
Here is how I fixed it:
sudo apt-key del 254F9170B966D193D6BAD300D5CEF8BF9BE6ED79
Copy the key import script from: [ https://wiki.zimbra.com/wiki/Zimbra_Collaboration_repository#Adding_the_Zimbra_Repository_key | https://wiki.zimbra.com/wiki/Zimbra_Collaboration_repository#Adding_the_Zimbra_Repository_key ] and run it:
sudo ./zimbra_gpg.sh
sudo apt update
And all works correctly again:
Hit:1 http://us.archive.ubuntu.com/ubuntu focal InRelease
Hit:2 https://repo.zimbra.com/apt/87 focal InRelease
Hit:3 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:4 https://repo.zimbra.com/apt/1000 focal InRelease
Hit:5 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease
Hit:6 http://us.archive.ubuntu.com/ubuntu focal-security InRelease
Hit:7 https://repo.zimbra.com/apt/1000-ne focal InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
Randy Leiker ( randy at skywaynetworks.com )
Skyway Networks, LLC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20250320/31b2bf2e/attachment-0001.html>
More information about the Users
mailing list