Firefox Install Error: GPG Signatures Found, But None Are In Trusted Keyring

I am getting this error on multiple computers when attempting to install Firefox:

Firefox Install Error: GPG signatures found, but none are in trusted keyring.

Using Endless 3.5.8 and 3.5.9 on multiple computers, all up-to-date.

Seems like some applications in Endless’s repositories haven’t yet been resigned with the new keys - the old keys used for verification have been expired a few days ago. Until then, you can perform the following in a Terminal to install Firefox:

  1. Make yourself root
sudo bash
  1. (Temporarily) Disable GPG verification for the needed repositories
flatpak remote-modify --no-gpg-verify eos-apps
flatpak remote-modify --no-gpg-verify eos-runtimes
  1. Update your caches and install Firefox
flatpak update --appstream -y
flatpak install eos-apps org.mozilla.Firefox -y
  1. Re-enable GPG verification
flatpak remote-modify --gpg-verify eos-apps
flatpak remote-modify --gpg-verify eos-runtimes

Please note, that even if that works, you are installing unsigned software which normally shouldn’t make any difference, except that this is relucantely seen in the security community, as a possible attacker might intercept your network traffic and injects malware during the transfer (highly unlikely case i have to admit)

@Rocky_Carr Try downloading Firefox again through App Center

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.