Bug report #22023
Ubuntu: apt-get update can no longer verify gpg key at https://qgis.org/downloads/qgis-2017.gpg.key
|Affected QGIS version:||3.7(master)||Regression?:||No|
|Operating System:||Ubuntu 18.04||Easy fix?:||No|
|Pull Request or Patch supplied:||No||Resolution:|
|Crashes QGIS or corrupts data:||No||Copied to github as #:||29837|
I have the following lines in an /etc/apt/apt.conf.d/proxy.conf file in order to route all apt traffic through a socks proxy (Tor) hosted on my machine at 127.0.0.1:9050.
This has caused me no problem with updating QGIS from your repository at 'https://qgis.org/debian bionic main', until today. Today when I try sudo apt-get update I get the following error:
E: Failed to fetch https://qgis.org/debian/dists/bionic/InRelease 403 Forbidden [IP: 127.0.0.1 9050]
E: The repository 'https://qgis.org/debian bionic InRelease' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
If I remove proxy.conf and avoid the socks proxy all works fine, however, I do not wish to do this.
The issue appears to caused by Cloudflare, as the domain qgis.org is behind Cloudflare servers. Further evidence of this can be seen by installing Tor locally and trying curl -x socks5h://127.0.0.1:9050 https://qgis.org/downloads/qgis-2017.gpg.key. The resulting page title is "Attention Required! | Cloudflare", the page Cloudflare uses for DDOS defense. I can only assume Cloudflare must have changed their policy towards Tor users today, as I have used a Tor proxy for apt for months and never had any problems with QGIS. I note that no other repositories I use are affected by this problem today.
Given that you are unlikely to stop using Cloudflare, can your gpg key page be exempted from Cloudflare's DDOS policies somehow in your Cloudflare settings? I would expect this to quickly resolve the issue.