Devuan Update Fails with Signature Invalid

CLI, Linux / By /

Problem: (5. September 2022) when fetching Devuan updates you get the following error:

Err http://deb.devuan.org/merged beowulf InRelease
The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) repository@devuan.org

Discussion: The devuan key to sign the repository list has expired on 3. September 2022.

# apt-key list
...

/etc/apt/trusted.gpg.d/devuan-keyring-2017-archive.gpg
------------------------------------------------------
pub   rsa4096 2017-09-04 [SC] [expired: 2022-09-03]
      E032 601B 7CA1 0BC3 EA53  FA81 BB23 C00C 61FC 752C
uid           [ expired] Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>

This is an embarrassing fail from Devuan. But the solution is quite simple

Solution: Install the new keyring manually:

# wget http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb
# dpkg -i devuan-keyring_2022.09.04_all.deb

Version: tested with Devuan 3 (beowulf), Devuan4 (chimaera)