signature verification error for wine - index files failed to download - changing mirror doesn't help

As of 2018-12-19 08:07 there is a new winehq.key keyfile as mentioned here.

Download the new repository key and add it to the list of trusted keys:

cd /tmp
wget -nc https://dl.winehq.org/wine-builds/winehq.key
sudo apt-key add winehq.key
sudo apt update

As mentioned by @jason-hunter in a comment, apt update will ask if you accept the changes in the repository, whereas apt-get update will show an error and fail.


Note that after adding the new keyfile, it is better to use apt update rather than apt-get update, as it will prompt you to accept the changes.

So in full:

wget -nc https://dl.winehq.org/wine-builds/winehq.key && sudo apt-key add winehq.key && sudo apt update

Inspecting https://dl.winehq.org/wine-builds/, there's a new file winehq.key. Try using that instead, as its fingerprint seems to match the error:

# curl -sL "https://dl.winehq.org/wine-builds/Release.key" | gpg --dry-run --import --verbose
gpg: pub  rsa4096/818A435C5FCBF54A 2015-11-23  Sebastian Lackner (WineHQ packages) <[email protected]>
gpg: Total number processed: 1
# curl -sL "https://dl.winehq.org/wine-builds/winehq.key" | gpg --dry-run --import --verbose
gpg: pub  rsa3072/76F1A20FF987672F 2018-12-10  WineHQ packages <[email protected]>
gpg: key 76F1A20FF987672F: 1 signature not checked due to a missing key
gpg: Total number processed: 1