I'm installing MongoDB on an Ubuntu 14.04 machine, using the instructions at: https://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/

So I run:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927

And then:

echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list

Followed by:

sudo apt-get update

I then get the following warning at the end of the update:

W: GPG error: http://repo.mongodb.org trusty/mongodb-org/3.2 Release: The following signatures were invalid: BADSIG D68FA50FEA312927 MongoDB 3.2 Release Signing Key

If I ignore the warning and try to run:

sudo apt-get install -y mongodb-org

I get:

WARNING: The following packages cannot be authenticated!
mongodb-org-shell mongodb-org-server mongodb-org-mongos mongodb-org-tools mongodb-org E: There are problems and -y was used without --force-yes

Any ideas on how to resolve? Thanks!

It seems version 3.2.1 has been released on 11/Jan/2016, and the packages signature is bad since this moment. The packages signature were fine the day before.

refs: https://jira.mongodb.org/browse/SERVER/fixforversion/15908/?selectedTab=com.atlassian.jira.jira-projects-plugin:version-summary-panel

You can either add the --force-yes option, or wait for a few hours that the mongodb team sees and fixes the issue.

There is already a ticket there: https://jira.mongodb.org/browse/SERVER-22144

Update all expired keys from Ubuntu key server in one command:

sudo apt-key list | \
 grep "expired: " | \
 sed -ne 's|pub .*/\([^ ]*\) .*|\1|gp' | \
 xargs -n1 sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys

Command explanation:

1. sudo apt-key list - lists all keys installed in the system;
2. grep "expired: " - leave only lines with expired keys;
3. sed -ne 's|pub .*/\([^ ]*\) .*|\1|gp' - extracts keys;
4. xargs -n1 sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys - updates keys from Ubuntu key server by found expired ones.

Source

Sounds like you need to redo the installation steps for MongoDB. First,remove any existing repository file for MongoDB. Do as below.

$ sudo rm /etc/apt/sources.list.d/mongodb*.list

Next, add the key: (without the key, the repository will not load).

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927

Now, create a new MongoDB repository list file:

$ echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list

After adding the repository details, we need to update the packages list.

$ sudo apt-get update

Now install MongoDB.

sudo apt install mongodb-org

Hope this helps !

You don't need to reinstall the mongo packages, but just change the key as following:

List the keys to confirm it is expired:

apt-key list | grep "expired:"

Replace the key:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0xd68fa50fea312927

The number 0xd68fa50fea312927 is the current valid key id (expires at 2019-10-09), as you can check here.

I also faced this issue when installing MongoDB 3.2 on my ubuntu 16.04 using the below commands. The below solution is provided as the question related to the v3.2 installation of MongoDB

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
sudo apt-get update

After running the above update command i found the following warnings

W: GPG error: http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release: The following signatures were invalid: KEYEXPIRED 1507497109
W: The repository 'http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.

On further investigating using the below command to list all the keys

sudo apt-key list

It shows that the current key is expired on 2017-10-08

pub   4096R/EA312927 2015-10-09 [expired: 2017-10-08]
uid                  MongoDB 3.2 Release Signing Key <packaging@mongodb.com>

This also made sense as the MongoDB Current Stable Release is now (3.4.9).

To fix the issue first we make a small cleanup (optional)

1. we remove the old key added

   sudo apt-key list // List all keys

   sudo apt-key del EA312927 // Find the uid of the key to be deleted

   apt-key list | grep Mongodb // Verify if its deleted

2. Now we remove the MongoDB repo added in /etc/apt/sources.list.d

   sudo rm /etc/apt/sources.list.d/mongodb*.list

3. Now we install the latest stable version of MongoDB(3.4.9) using below commands

Import the Public Key used by the Ubuntu Package Manager

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6

Create a file list for mongoDB to fetch the current repository

echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-3.4.list

Install MongoDB

sudo apt-get update
sudo apt-get install mongodb-org

I had the same problem, and solved it by installing mongodb with tarball method. Refer to the below link for detail.

https://docs.mongodb.org/manual/tutorial/install-mongodb-on-linux/

Adding details below

1. curl -O https://fastdl.mongodb.org/linux/mongodb-linux-i686-3.2.0.tgz
2. tar -zxvf mongodb-linux-i686-3.2.0.tgz
3. mkdir -p mongodb && cp -R -n mongodb-linux-i686-3.2.0/ mongodb

4. export PATH=/bin:$PATH

5. then run mongod (db path might needs to be set)

I had the same problem, so I did:

root@skarabi:~# apt remove mongodb-org

Then:

root@skarabi:~# sudo rm /etc/apt/sources.list.d/mongodb*.list

After :

root@skarabi:~# apt update