Devuan Forgot to Renew the Key That Signs System Updates

Due to an invalid key, Devuan users have been unable to update their systems today. Fortunately, the problem has now been fixed.

Devuan emerged in 2014 due to Debianโ€™s transition to systemd following a long technical and widely publicized dispute. Like Debian, Devuan strives to be a general-purpose Linux distribution with desktop and server capabilities.

The distro, aimed at power users and proponents of systemd-free Linux systems, has gained popularity among GNU enthusiasts.

But the Devuan Project found itself in a slightly delicate situation today. Due to forgetting to renew the key with which all software updates are signed, they could not be applied.

Users first reported the issue on the official Devuan forum who were puzzled by an error message they received when attempting to update their systems. The exact case may be seen in the screenshot below.

APT update failed

The issue was quickly identified as caused by an expired key, which Devuan Project uses to sign all software updates. A simple check reveals that the five-year validity period expires on September 3, 2022.

gpg --list-keys BB23C00C61FC752CCode language: PHP (php)
pub   rsa4096 2017-09-04 [SC] [expired: 2022-09-03]
      E032601B7CA10BC3EA53FA81BB23C00C61FC752C
uid   [ expired] Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>Code language: CSS (css)

Fortunately, the Devuan developers acted immediately, and the software key was renewed a few hours later. However, the conventional method of using the “apt update” command to apply the new key cannot be utilized.

Below are two alternative ways for downloading and installing the new key on your Devuan GNU/Linux system so that software updates can resume normally.

The first step is to use wget to obtain the software package with the updated key, then install it locally using the dpkg command.

wget http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb
dpkg -i devuan-keyring_2022.09.04_all.debCode language: JavaScript (javascript)
Installing the new Devuan software repo signing key

Then, using the APT command, you may effortlessly update your Devuan system.

APT successfully updated

The second approach is considerably more straightforward, as it takes advantage of the APT’s ability to use “insecure” software repositories and unsigned keys.

sudo apt update --allow-insecure-repositories
sudo apt install devuan-keyring --allow-unauthenticated

Whichever method you pick, our tests have proven that it is entirely effective and results in the resumption of applying software updates from the Devuan repos.

In conclusion, we can only hope and believe that those in charge of the Devuan Project have taken all necessary precautions to avoid such an awkward situation in the future. And, of course, admirations for the lightning reaction in resolving the issue.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%