Apt repository throwing a Date warning

bjcpgd · ‎10-15-2019

I’m on Ubuntu xenial (16.04) and starting around October 10th I’ve started getting a warning when I do an apt update.

W: Invalid ‘Date’ entry in Release file /var/lib/■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■_Ubuntu_dists_xenial_Release

What changed?
I looked at the release file and the Date doesn’t seem to conform with the date spec here: https://wiki.debian.org/DebianRepository/Format?action=show&redirect=RepositoryFormat#Date.2C_Valid-Until

KevinSiddique · ‎10-15-2019

I’ll add a “me too” post here. Hopefully it’s a quick fix.

bpillet1 · ‎10-21-2019

I get similar errors. It looks like the GPG key expired?

root@net:/etc/apt/sources.list.d# cat duosecurity.list
deb http://pkg.duosecurity.com/Ubuntu xenial main

root@net:/etc/apt/sources.list.d# apt-get update
Ign:8 http://pkg.duosecurity.com/Ubuntu xenial InRelease
Get:10 http://pkg.duosecurity.com/Ubuntu xenial Release [2,043 B]
Get:11 http://pkg.duosecurity.com/Ubuntu xenial Release.gpg [116 B]
Ign:11 http://pkg.duosecurity.com/Ubuntu xenial Release.gpg
Get:12 http://pkg.duosecurity.com/Ubuntu xenial/main amd64 Packages [1,588 B]
Get:13 http://pkg.duosecurity.com/Ubuntu xenial/main i386 Packages [1,574 B]
Fetched 1,171 kB in 3s (381 kB/s)
Reading package lists... Done
W: GPG error: http://pkg.duosecurity.com/Ubuntu xenial Release: The following signatures were invalid: KEYEXPIRED 1536066916 KEYEXPIRED 1536066916 KEYEXPIRED 1536066916
W: The repository 'http://pkg.duosecurity.com/Ubuntu xenial Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: Invalid 'Date' entry in Release file /var/lib/■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■_Ubuntu_dists_xenial_Release

meepmeep · ‎11-04-2019

There is 2 types of error here.

The GP Key must but update with :

curl -s https://duo.com/APT-GPG-KEY-DUO | sudo apt-key add -

For the date, I have this error too.
But I think this must be corrected by Duo teams in the file
https://pkg.duosecurity.com/Ubuntu/dists/bionic/Release (or use a InRelease file)

A correct Release file date : Date: Sun, 06 Oct 2019 16:10:50 +0000
DuoSecurity release file date : Date: 2019-10-09 15:40:36 UTC
(from : https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1649086 )

We need someone from DuoSecurity

DuoKristina · ‎11-04-2019

Check out today’s update:

Duo, not DUO.

meepmeep · ‎11-04-2019

Yes. But like I said there is 2 distinct bug. The got key and the date from the release file.

I correctly updated the gpg, but the date is still making an apt error (I haven’t try on Debian, only Ubuntu)

DuoKristina · ‎11-05-2019

Did you clear your apt cache? If you look at the current bionic release file you’ll see the date format has changed.

Date: Wed, 30 Oct 2019 18:11:21 -0000

Duo, not DUO.

meepmeep · ‎11-05-2019

Almost there. The date error dissapeared but I get a new one about i386.

W: Skipping acquire of configured file ‘main/binary-i386/Packages’ as repository ‘https://pkg.duosecurity.com/Ubuntu bionic InRelease’ does not seem to provide it (sources.list entry misspelt?)

Easy one to fix, just add “[arch=amd64]” to the source repo :

deb [arch=amd64] https://pkg.duosecurity.com/Ubuntu bionic main

Thank you !

DuoKristina · ‎11-07-2019

@meepmeep

To clarify, your comments are just about warnings you see, and you are not actually blocked from retrieving the packages? In our testing the warnings aren’t a blocker.

Duo, not DUO.

meepmeep · ‎11-08-2019

Indeed. Warning aren’t a blocker. But it’s always better to get clean log

DuoKristina · ‎11-08-2019

Thanks for the response! Yes, we agree no warnings is the better state.

Duo, not DUO.