I had the following issue when running sudo apt update
to update my repositories in Debian Stretch
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repository.spotify.com testing InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A87FF9DF48BF1C90 W: Failed to fetch http://repository.spotify.com/dists/testing/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A87FF9DF48BF1C90 W: Some index files failed to download. They have been ignored, or old ones used instead.
This is due to the fact that spotify signing keys expire over time. In order to fix run the following command:
techbear@techbear-laptop:~$ gpg --keyserver hkp://keyserver.ubuntu.com --search-key 'Spotify Public Repository Signing Key' gpg: data source: http://91.189.90.55:11371 (1) Spotify Public Repository Signing Key <tux@spotify.com> 4096 bit RSA key A87FF9DF48BF1C90, created: 2018-05-23, expires: 2019-08-16 (2) Spotify Public Repository Signing Key <tux@spotify.com> 4096 bit RSA key EFDC8610341D9410, created: 2017-07-25, expires: 2018-07-25 (expired) (3) Spotify Public Repository Signing Key <operations@spotify.com> 4096 bit RSA key 13B00F1FD2C19886, created: 2015-05-28, expires: 2017-11-22 (expired) (4) Spotify Public Repository Signing Key <operations@spotify.com> 2048 bit RSA key 082CCEDF94558F59, created: 2012-06-25, expires: 2015-06-25 (expired) (5) Spotify Public Repository Signing Key <operations@spotify.com> 1024 bit DSA key 4F9946354E9CFF4E, created: 2010-06-23, expires: 2012-06-22 (expired) Keys 1-5 of 5 for "Spotify Public Repository Signing Key". Enter number(s), N)ext, or Q)uit > 1 gpg: key A87FF9DF48BF1C90: public key "Spotify Public Repository Signing Key <tux@spotify.com>" imported gpg: Total number processed: 1 gpg: imported: 1
Notice option 1 is not showing as expired so simply selecting ‘1’ when prompted imported the latest key.
Run the following if using Ubuntu (wasn’t needed in Debian) to activate the signing key:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys KEYCODE
Following this sudo apt update
ran fine without errors ensuring I’m always running the latest version of Spotify ‘testing’ from the repo. Hope this helps someone else with the same issue.