Apt-get update > Error: Signature no longer valid?


when I do an apt-get update I get the following error message:

An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://apt.z.cash jessie Release: Die folgenden Signaturen waren ungültig: F1E214037E94E950BA8577B263C4A2169C1B2FA2

Seems that the signature is not valid anymore?

Do you have this problem too? Any idea what I can do to fix it?

the sign is valid
pub 4096R/9C1B2FA2 2016-10-18 [expires: 2018-10-18]

Did you try to re-import it?
wget -qO - https://apt.z.cash/zcash.asc | sudo apt-key add -

I was getting the same thing initially.
I tried re-adding the key but that didn’t change anything.
Then I did:

sudo apt-get clean
sudo rm -rf /var/lib/apt/lists/* && sudo mkdir -p /var/lib/apt/lists

Now I get a slightly different thing when doing:

sudo apt-get update

Reading package lists... Done                                            
W: GPG error: https://apt.z.cash jessie Release: The following signatures were invalid: F1E214037E94E950BA8577B263C4A2169C1B2FA2
E: The repository 'https://apt.z.cash jessie Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Thank you guys for your feedback.

@jubub: Yes, I re-imported the key, but no improvement.

Based on the message of tuxer I now think there might be a problem with the repository itself. The message “The repository is not signet” is pretty clear… Thats really strange…

Hi, what version of gpg are you using? Can you paste the output of --version? Thanks.

Hi, the output is:

gpg (GnuPG) 2.1.18
libgcrypt 1.7.6-beta

I’m running Debian GNU/Linux 9.1 (stretch) with all updates installed.

Thank you.

Ps.: In the sources.list I’m still pointing to Jessie, this is the entry:
deb [arch=amd64] https://apt.z.cash/ jessie main

Should I change it to stretch?
deb [arch=amd64] https://apt.z.cash/ stretch main

In my case it’s what comes by default on Xubuntu:

gpg (GnuPG) 2.1.15
libgcrypt 1.7.6-beta

Hmm, seems that is a known issue: Invalid Signature on Debian Binaries for 1.0.10 · Issue #2472 · zcash/zcash · GitHub

Thx @cypherpunk, now I’ll be following the GitHub page to check on updates on the issue…