Apt repository throwing a Date warning

I’m on Ubuntu xenial (16.04) and starting around October 10th I’ve started getting a warning when I do an apt update.

W: Invalid ‘Date’ entry in Release file /var/lib/■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■_Ubuntu_dists_xenial_Release

What changed?
I looked at the release file and the Date doesn’t seem to conform with the date spec here: https://wiki.debian.org/DebianRepository/Format?action=show&redirect=RepositoryFormat#Date.2C_Valid-Until

2 Likes

I’ll add a “me too” post here. Hopefully it’s a quick fix.

I get similar errors. It looks like the GPG key expired?

root@net:/etc/apt/sources.list.d# cat duosecurity.list
deb http://pkg.duosecurity.com/Ubuntu xenial main

root@net:/etc/apt/sources.list.d# apt-get update
Ign:8 http://pkg.duosecurity.com/Ubuntu xenial InRelease
Get:10 http://pkg.duosecurity.com/Ubuntu xenial Release [2,043 B]
Get:11 http://pkg.duosecurity.com/Ubuntu xenial Release.gpg [116 B]
Ign:11 http://pkg.duosecurity.com/Ubuntu xenial Release.gpg
Get:12 http://pkg.duosecurity.com/Ubuntu xenial/main amd64 Packages [1,588 B]
Get:13 http://pkg.duosecurity.com/Ubuntu xenial/main i386 Packages [1,574 B]
Fetched 1,171 kB in 3s (381 kB/s)
Reading package lists... Done
W: GPG error: http://pkg.duosecurity.com/Ubuntu xenial Release: The following signatures were invalid: KEYEXPIRED 1536066916 KEYEXPIRED 1536066916 KEYEXPIRED 1536066916
W: The repository 'http://pkg.duosecurity.com/Ubuntu xenial Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: Invalid 'Date' entry in Release file /var/lib/■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■_Ubuntu_dists_xenial_Release

There is 2 types of error here.

The GP Key must but update with :

curl -s https://duo.com/APT-GPG-KEY-DUO | sudo apt-key add -

For the date, I have this error too.
But I think this must be corrected by Duo teams in the file
https://pkg.duosecurity.com/Ubuntu/dists/bionic/Release (or use a InRelease file)

A correct Release file date : Date: Sun, 06 Oct 2019 16:10:50 +0000
DuoSecurity release file date : Date: 2019-10-09 15:40:36 UTC
(from : https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1649086 )

We need someone from DuoSecurity :wink:

Check out today’s update:

1 Like

Yes. But like I said there is 2 distinct bug. The got key and the date from the release file.

I correctly updated the gpg, but the date is still making an apt error (I haven’t try on Debian, only Ubuntu)

Did you clear your apt cache? If you look at the current bionic release file you’ll see the date format has changed.

Date: Wed, 30 Oct 2019 18:11:21 -0000

Almost there. The date error dissapeared but I get a new one about i386.

W: Skipping acquire of configured file ‘main/binary-i386/Packages’ as repository ‘https://pkg.duosecurity.com/Ubuntu bionic InRelease’ does not seem to provide it (sources.list entry misspelt?)

Easy one to fix, just add “[arch=amd64]” to the source repo :

deb [arch=amd64] https://pkg.duosecurity.com/Ubuntu bionic main

Thank you !

@meepmeep

To clarify, your comments are just about warnings you see, and you are not actually blocked from retrieving the packages? In our testing the warnings aren’t a blocker.

Indeed. Warning aren’t a blocker. But it’s always better to get clean log :slight_smile:

Thanks for the response! Yes, we agree no warnings is the better state.