MongoDB GPG - Invalid Signatures

Question

I'm installing MongoDB on an Ubuntu 14.04 machine, using the instructions at: https://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/

So I run:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927

And then:

echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list

Followed by:

sudo apt-get update

I then get the following warning at the end of the update:

W: GPG error: http://repo.mongodb.org trusty/mongodb-org/3.2 Release: The following signatures were invalid: BADSIG D68FA50FEA312927 MongoDB 3.2 Release Signing Key

If I ignore the warning and try to run:

sudo apt-get install -y mongodb-org

I get:

WARNING: The following packages cannot be authenticated!
mongodb-org-shell mongodb-org-server mongodb-org-mongos mongodb-org-tools mongodb-org E: There are problems and -y was used without --force-yes

Any ideas on how to resolve? Thanks!

Answer 1

If you are getting below errors while patching;

GPG error: http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY D68FA50FEA312927 

E: Therepository 'https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/4.4 InRelease' is not signed.

Then follow below to resolve this issue;

a) Remove the Old Key: First, remove the expired key using the following command:

sudo apt-key del D68FA50FEA312927

b) Add the New Key: Then, add the new key from the MongoDB key server:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv D68FA50FEA312927

c) Update the Package List: After adding the new key, update the package list:

sudo apt-get update

Answer 2

Import the public key used by the package management system.

From the terminal, install gnupg and curl if they are not already installed. Run the following command-line:

sudo apt-get install gnupg curl

To import the MongoDB public GPG key, run the following command-lines:

curl -fsSL https://www.mongodb.org/static/pgp/server-4.4.asc | \   
sudo gpg -o /usr/share/keyrings/mongodb-server-4.4.gpg \    --dearmor

Answer 3

I had the same problem currently with MongoDB version 4.4. Running

sudo apt update

ran into this problem and gave following error message:

https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 Release.gpg The following signatures were invalid: EXPKEYSIG ... MongoDB 4.4 Release Signing Key packaging@mongodb.com

The solution was rather simple by just reimporting the specific public key like so:

wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -

Afterwards apt update worked like a charme again.

Hope that helps someone maintaining their systems!

Answer 4

Faced a similar GPG error while trying to run sudo apt-get update. Here's how I resolved it:

• sudo nano /etc/apt/sources.list.d/mongodb-org-7.0.list (enter the correct .list path)
• Change deb [signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mong> to deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mong> added arch=amd64,arm64 just inside the bracket after deb
• Save and exit

You may encounter similar error for other .list files present in the folder. If you follow the same steps for them as well, the command should execute as expected.

Answer 5

You can follow the commands to upgrade the Mongo from 3.6 to 4.0.

Note: I tried this in the Ubuntu 16.04

Stop the Mongo service

$ sudo systemctl stop mongod.service

$ sudo mv /etc/mongod.conf /etc/mongodnew.conf

Import the public key as mentioned in the MongoDB official documentation https://www.mongodb.com/docs/v4.0/tutorial/install-mongodb-on-ubuntu/

wget -qO - https://www.mongodb.org/static/pgp/server-4.0.asc | sudo apt-key add -

Create a list file for MongoDB.

echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list

Reload local package database

sudo apt-get update

Upgrade the MongoDB packages [ Specific Versoion]

sudo apt-get upgrade -y --allow-unauthenticated mongodb-org=4.0.27 mongodb-org-server=4.0.27 mongodb-org-shell=4.0.27 mongodb-org-mongos=4.0.27 mongodb-org-tools=4.0.27

Done !!!

Do the validation by running the following command

mongod --version

Rename the mongodnew.conf file

sudo mv /etc/mongodnew.conf /etc/mongod.conf

sudo systemctl daemon-reload

sudo systemctl start mongod

sudo systemctl status mongod

Login to the Mongo Shell and set FCV

db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )

db.adminCommand( { setFeatureCompatibilityVersion: "4.0" } )


For ubuntu 20.04 Please follow this.

https://www.mongodb.com/community/forums/t/mongo-db-4-0-gpg-key-expired-for-ubuntu-18-04/230854/2

```echo "deb [ arch=amd64,arm64 trusted=yes ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" > /etc/apt/sources.list.d/mongodb-org-4.0.list```

Answer 6

# remove any existing file for MongoDB
sudo rm /etc/apt/sources.list.d/mongodb*.list
# add the key
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E52529D4
# create a new MongoDB repository list file
sudo bash -c 'echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/4.0 multiverse" > /etc/apt/sources.list.d/mongodb-org-4.0.list'          

Now, Complete the installation with an update of repositories then install MongoDB, enable the mongod service and start it up, and last, check your MongoDB version:

sudo apt update
sudo apt install mongodb-org

mongo --version

Answer 7

The following is important to solve the problem:

sudo rm /etc/apt/sources.list.d/mongodb*.list

Answer 8

This worked for me on ubuntu focal 20.04.01 LTS for installing MongoDB version 3.4.17:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list
sudo apt update

apt-cache policy libssl1.0-dev
sudo apt-get install libssl1.0-dev

sudo apt-get install -y mongodb-org=3.4.17 mongodb-org-server=3.4.17 mongodb-org-shell=3.4.17 mongodb-org-mongos=3.4.17 mongodb-org-tools=3.4.17

Answer 9

Sounds like you need to redo the installation steps for MongoDB. First, remove any existing repository file for MongoDB. Do as below:

$ sudo rm /etc/apt/sources.list.d/mongodb*.list

Next, add the key (without the key, the repository will not load):

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927

Now, create a new MongoDB repository list file:

$ echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list

After adding the repository details, we need to update the packages list:

$ sudo apt-get update

Now install MongoDB:

sudo apt install mongodb-org

Answer 10

wget -qO - https://www.mongodb.org/static/pgp/server-3.2.asc | sudo apt-key add -

Answer 11

I experienced the similar problem and got the following error while installing MongoDB 4.2 on Ubuntu 18.04 instance on Google Cloud.

W: GPG error: http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B7C549A058F8B6B
E: The repository 'http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details

The solution that worked from me was running the following command to get the key. I found this on MongoDB official Jira Issue Pages.

/usr/bin/curl -sLO https://www.mongodb.org/static/pgp/server-4.2.asc && sudo /usr/bin/apt-key add server-4.2.asc

I found this solution in MongoDB official Jira issues. Here is the link to the issue.

Answer 12

Using dlopatin's answer I came up with this for Ubuntu 18.04 since that code doesnt work anymore:

sudo apt-key list | \
grep -A 1 "\[expired:" | \
sed -ne 's|^\s\{1,10\}\(\w*\)|\1|gp' | \
xargs -d '\n' sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys

1. List keys sudo apt-key list
2. Get the expired one and print the next line with the fingerprint grep -A 1 "\[expired:"
3. Use sed to extract only the lines starting with space ^\s\{1,10\},and select the alphanumeric characters \(\w*\), replace those lines with the selected group which is the fingerprint \1, repeat for all returned lines g,then print the fingerprint p. That gives: sed -ne 's|^\s\{1,10\}\(\w*\)|\1|gp'
4. Use xargs with delimiter for '\n' otherwise it will break on spaces: xargs -d '\n', then pass the fingerprints as arguments to apt-key to update them: sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys which gives you: xargs -d '\n' sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys

Hopefully that is clear. Ignore the warning about apt-key output parsing :)

Answer 13

I also faced this issue when installing MongoDB 4.0 on Ubuntu 16.04. So I did.

1. sudo rm /etc/apt/sources.list.d/mongodb*.list - remove any existing file for MongoDB

2. sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E52529D4 - add the key

3. sudo bash -c 'echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/4.0 multiverse" > /etc/apt/sources.list.d/mongodb-org-4.0.list' - create a new MongoDB repository list file

Now, Complete the installation with an update of repositories then install MongoDB, enable the mongod service and start it up, and last, check your MongoDB version:

sudo apt update
sudo apt install mongodb-org

systemctl enable mongod.service
systemctl start mongod.service

mongo --version

Answer 14

Update all expired keys from Ubuntu key server in one command:

sudo apt-key list | \
 grep "expired: " | \
 sed -ne 's|pub .*/\([^ ]*\) .*|\1|gp' | \
 xargs -n1 sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys

Command explanation:

1. sudo apt-key list - lists all keys installed in the system;
2. grep "expired: " - leave only lines with expired keys;
3. sed -ne 's|pub .*/\([^ ]*\) .*|\1|gp' - extracts keys;
4. xargs -n1 sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys - updates keys from Ubuntu key server by found expired ones.

Source

Answer 15

You don't need to reinstall the mongo packages, but just change the key as following:

List the keys to confirm it is expired:

apt-key list | grep "expired:"

Replace the key:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0xd68fa50fea312927

The number 0xd68fa50fea312927 is the current valid key id (expires at 2019-10-09), as you can check here.

Answer 16

I had the same problem, so I did:

root@skarabi:~# apt remove mongodb-org

Then:

root@skarabi:~# sudo rm /etc/apt/sources.list.d/mongodb*.list

After :

root@skarabi:~# apt update

Answer 17

I also faced this issue when installing MongoDB 3.2 on my ubuntu 16.04 using the below commands. The below solution is provided as the question related to the v3.2 installation of MongoDB

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
sudo apt-get update

After running the above update command i found the following warnings

W: GPG error: http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release: The following signatures were invalid: KEYEXPIRED 1507497109
W: The repository 'http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.

On further investigating using the below command to list all the keys

sudo apt-key list

It shows that the current key is expired on 2017-10-08

pub   4096R/EA312927 2015-10-09 [expired: 2017-10-08]
uid                  MongoDB 3.2 Release Signing Key <packaging@mongodb.com>

This also made sense as the MongoDB Current Stable Release is now (3.4.9).

To fix the issue first we make a small cleanup (optional)

1. we remove the old key added

   sudo apt-key list // List all keys

   sudo apt-key del EA312927 // Find the uid of the key to be deleted

   apt-key list | grep Mongodb // Verify if its deleted

2. Now we remove the MongoDB repo added in /etc/apt/sources.list.d

   sudo rm /etc/apt/sources.list.d/mongodb*.list

3. Now we install the latest stable version of MongoDB(3.4.9) using below commands

Import the Public Key used by the Ubuntu Package Manager

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6

Create a file list for mongoDB to fetch the current repository

echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-3.4.list

Install MongoDB

sudo apt-get update
sudo apt-get install mongodb-org

Answer 18

It seems version 3.2.1 has been released on 11/Jan/2016, and the packages signature is bad since this moment. The packages signature were fine the day before.

refs: https://jira.mongodb.org/browse/SERVER/fixforversion/15908/?selectedTab=com.atlassian.jira.jira-projects-plugin:version-summary-panel

You can either add the --force-yes option, or wait for a few hours that the mongodb team sees and fixes the issue.

There is already a ticket there: https://jira.mongodb.org/browse/SERVER-22144

Answer 19

I had the same problem, and solved it by installing mongodb with tarball method. Refer to the below link for detail.

https://docs.mongodb.org/manual/tutorial/install-mongodb-on-linux/

Adding details below

1. curl -O https://fastdl.mongodb.org/linux/mongodb-linux-i686-3.2.0.tgz
2. tar -zxvf mongodb-linux-i686-3.2.0.tgz
3. mkdir -p mongodb && cp -R -n mongodb-linux-i686-3.2.0/ mongodb

4. export PATH=/bin:$PATH

5. then run mongod (db path might needs to be set)