Install the Tanzu CLI using a package manager on APT (Debian or Ubuntu) fails with "GPG error", "The following signatures were invalid" and "The repository ... is not signed"
search cancel

Install the Tanzu CLI using a package manager on APT (Debian or Ubuntu) fails with "GPG error", "The following signatures were invalid" and "The repository ... is not signed"

book

Article ID: 384202

calendar_today

Updated On:

Products

Tanzu Kubernetes Grid Tanzu Kubernetes Runtime Tanzu Mission Control VMware Tanzu Kubernetes Grid VMware Tanzu Kubernetes Grid 1.x VMware Tanzu Kubernetes Grid Management VMware Tanzu Kubernetes Grid Plus VMware Tanzu Kubernetes Grid Plus 1.x VMware Tanzu Kubernetes Grid Service (TKGs) VMware Tanzu for Kubernetes Operations Tanzu Mission Control Prepaid Commitment Plan per Core Tanzu Service Mesh Enterprise - Per Core - Commitment Plan Tanzu Service Mesh, built on VMware NSX - Advanced Prepaid Commitment Plan per Core VMware Tanzu Mission Control VMware Tanzu Mission Control - SM VMware Tanzu Mission Control Self-Managed VMware Tanzu Service Mesh VMware Tanzu Service Mesh, Secure App IX VMware Tanzu Standard VMware Tanzu Toolkit for Kubernetes VMware Tanzu Toolkit for Kubernetes 1.x VMware vSphere with Tanzu vSphere with Tanzu VMware vSphere 7.0 with Tanzu

Issue/Introduction

When attempting to install the tanzu CLI on an APT system (Debian or Ubuntu), it fails.

The failure occurs upon running the command: sudo apt update

The error reported is similar to below:

W: GPG error: https://storage.googleapis.com/tanzu-cli-os-packages/apt tanzu-cli-jessie Release: The following signatures were invalid: EXPKEYSIG 915493E7001E5CC9 VMware, Inc. (Linux Packaging Key) <[email protected]>
E: The repository 'https://storage.googleapis.com/tanzu-cli-os-packages/apt tanzu-cli-jessie Release' is not signed.

 

Environment

ANY environment that requires or makes use of the tanzu CLI.  

Such as:

Tanzu Kubernetes Grid

Tanzu Mission Control

vSphere IaaS control plane Documentation (formerly vSphere with Tanzu)

 

Cause

The VMware public key has expired. 

Using the old key as documented in the TKG docs is no longer supported because of the Broadcom acquisition of VMware.  We don't expect the VMware key to be extended.

As such, the below Resolution is to be updated in the public documentation. 

Resolution

Until any public documentation is corrected, the permanent solution is to perform the following instead:

NOTE: Below installs tanzu CLI version 1.3.0 specifically instead of the latest CLI version. 

 

NOTE: If you had already run this and received the GPG signature errors, skip repeating the first three steps

  1. sudo apt update

  2. sudo apt install -y ca-certificates curl gpg

  3. sudo mkdir -p /etc/apt/keyrings 
  4. curl -fsSL https://storage.googleapis.com/tanzu-cli-installer-packages/keys/TANZU-PACKAGING-GPG-RSA-KEY.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/tanzu-archive-keyring.gpg

  5. echo "deb [signed-by=/etc/apt/keyrings/tanzu-archive-keyring.gpg] https://storage.googleapis.com/tanzu-cli-installer-packages/apt tanzu-cli-jessie main" | sudo tee /etc/apt/sources.list.d/tanzu.list

  6. sudo apt update

  7. sudo apt install tanzu-cli=1.3.0

Additional Information

If you have further issues or questions, please open a Tanzu Support Request