Sublime Forum

Ubuntu update OpenPGP warning invalid signature

#1

I keep getting this warning:

Warning: OpenPGP signature verification failed: https://download.sublimetext.com apt/stable/ InRelease: The following signatures were invalid: ERRSIG F57D4F59BD3DF454

How can I resolve it?

0 Likes

#2

Hello, the clean solution is not on your side.
Sublime must sign a new key (sha256).
The old one uses SHA‑1 (2021) and is no longer supported.
Meanwhile, you can autosign the old key and install.

0 Likes

#3

Thank you tyk for the quick answer. I thought I was going crazy, I’ve tried everything to fix the issue.

Meanwhile, you can autosign the old key and install.

Can you please share a link to any resource that might help me understand how this is done? Thanks in advance.

0 Likes

#4

Hello
Sorry for the delay.

1/download the sublime key from the sublime site : https://www.sublimetext.com/docs/linux_repositories.html

2/Import it to your GnuPG bundle:

gpg --import sublimehq.gpg

3/create a new self-signature sha256:

KEYID=$(gpg --with-colons sublimehq.gpg | awk -F: ‘/^pub/ {print $5; exit}’)
gpg --quick-sign-key $KEYID

4/ export the new key:

gpg --export $KEYID > sublimehq-fixed.gpg

5/ import to rpm:

sudo rpm --import sublimehq-fixed.gpg

6/ check

rpm -qi gpg-pubkey | grep -i sublime

1 Like