Package: apt
Version: 1.8.2
Tags: minor
I had manually used
```
```
which adds a key to `/etc/apt/trusted.gpg` -- I did this a while ago.
The key I had for this has expired:
```
apt-get update
...
The following signatures were invalid: EXPKEYSIG 96B3EE5F29111145 Wazuh.com (Wazuh Signing Key) <
support@wazuh.com>
```
** It would have been somewhat helpful if the message said "expired" instead of "invalid".
I went and checked (or could have checked):
```
apt-key list
/etc/apt/trusted.gpg
--------------------
...
pub rsa4096 2016-08-01 [SC] [expired: 2019-08-01]
0DCF CA55 47B1 9D2A 6099 5060 96B3 EE5F 2911 1145
...
```
I ran:
```
apt-get update
```
And I still got a complaint about EXPKEYSIG for 96B3EE5F29111145
```
apt-key list
/etc/apt/trusted.gpg
--------------------
...
pub rsa4096 2016-08-01 [SC] [expired: 2019-08-01]
0DCF CA55 47B1 9D2A 6099 5060 96B3 EE5F 2911 1145
...
/etc/apt/trusted.gpg.d/wazuh.asc
--------------------------------
pub rsa4096 2016-08-01 [SC] [expires: 2027-05-15]
0DCF CA55 47B1 9D2A 6099 5060 96B3 EE5F 2911 1145
sub rsa4096 2016-08-01 [E] [expires: 2027-05-15]
```
Expected results:
If a key exists twice, once w/ an old expiry, and once w/ a newer expiry, accept the newer expiry.
Alternatively, if a key exists twice, w/ different expiries and apt really doesn't want to deal w/ it, it should explain about the mismatch (apt-key list didn't complain that I had two keys for the same key w/ different expiration dates).
For reference, I can trigger it w/ deterministic file names like:
```
apt-key list
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2017-05-20 [SC] [expires: 2025-05-18]
067E 3C45 6BAE 240A CEE8 8F6F EF0F 382A 1A7B 6500
/etc/apt/trusted.gpg.d/000-wazuh-expired.asc
--------------------------------------------
pub rsa4096 2016-08-01 [SC] [expired: 2019-08-01]
0DCF CA55 47B1 9D2A 6099 5060 96B3 EE5F 2911 1145
pub rsa4096 2016-08-01 [SC] [expires: 2027-05-15]
0DCF CA55 47B1 9D2A 6099 5060 96B3 EE5F 2911 1145
sub rsa4096 2016-08-01 [E] [expires: 2027-05-15]
/etc/apt/trusted.gpg.d/001-wazuh-updated.asc
--------------------------------------------
pub rsa4096 2016-08-01 [SC] [expires: 2027-05-15]
0DCF CA55 47B1 9D2A 6099 5060 96B3 EE5F 2911 1145
sub rsa4096 2016-08-01 [E] [expires: 2027-05-15]
```
Note: it's possible to use `apt-key del 96B3EE5F29111145`, but this unfortunately also deleted my updated key, which was slightly frustrating.