![[BunsenLabs Logo]](/img/bl.svg)
You are not logged in.
- Topics: Active | Unanswered
#1 2016-06-20 07:09:31
- Snap
- Member
- Registered: 2015-10-02
- Posts: 465
gpg issue: siduction repos: invalid signatures. [SOLVED]
I use to update all my rolling distros twice a week. This includes four machines running Sid. The last time I've tried to dist-upgrade (four days ago) two of the sidstems went fine. My main desktop (thankfully) and a sidubox. While the other two: my window manager testing/tweaking machine and a noX/Framebuffer machine threw this message:
Get:2 http://packages.siduction.org/base unstable InRelease [17.7 kB]
Get:1 http://softlibre.unizar.es/debian unstable InRelease [205 kB]
Get:3 http://packages.siduction.org/extra unstable InRelease [14.2 kB]
Err:2 http://packages.siduction.org/base unstable InRelease
At least one invalid signature was encountered.
Get:4 http://packages.siduction.org/user unstable InRelease [17.7 kB]
Err:3 http://packages.siduction.org/extra unstable InRelease
At least one invalid signature was encountered.
Get:5 http://packages.siduction.org/fixes unstable InRelease [17.8 kB]
Err:4 http://packages.siduction.org/user unstable InRelease
At least one invalid signature was encountered.
Err:1 http://softlibre.unizar.es/debian unstable InRelease
At least one invalid signature was encountered.
Err:5 http://packages.siduction.org/fixes unstable InRelease
At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://packages.siduction.org/base unstable InRelease: At least one invalid signature was encountered.
E: The repository 'http://packages.siduction.org/base unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://packages.siduction.org/extra unstable InRelease: At least one invalid signature was encountered.
E: The repository 'http://packages.siduction.org/extra unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://packages.siduction.org/user unstable InRelease: At least one invalid signature was encountered.
E: The repository 'http://packages.siduction.org/user unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://softlibre.unizar.es/debian unstable InRelease: At least one invalid signature was encountered.
E: The repository 'http://http.debian.net/debian unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://packages.siduction.org/fixes unstable InRelease: At least one invalid signature was encountered.
E: The repository 'http://packages.siduction.org/fixes unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.Yes, all the repos went disabled. I've googled a lot and struggled trying to fix this issue without any luck. All the info I've found is related to missing keyrings or expired ones. The keyrings are present and not outdated AFAIK. I haven't changed or installed anything in these two machines in-between dist-upgrades. Checked settings and configs including relevant directories and files permissions and ownership and didn't found any differences compared with the two working machines. I'm a bit stuck here. Also reinstalled the keyrings but made no effect.
Any suggestions will be welcome.
Last edited by Snap (2016-06-21 08:27:08)
Offline
#2 2016-06-20 07:13:06
- Snap
- Member
- Registered: 2015-10-02
- Posts: 465
Re: gpg issue: siduction repos: invalid signatures. [SOLVED]
BTW, this is apt-key list output:
/etc/apt/trusted.gpg
--------------------
pub 4096R/F0A367D0 2013-02-02
uid Oliver Schütz (OPPs Debian Repository Key) <admin@oppserver.net>
sub 4096R/376D2A3B 2013-02-02
pub 2048R/EDFD12C1 2011-10-24
uid Philip Newborough <corenominal@corenominal.org>
sub 2048R/510D1409 2011-10-24
pub 1024D/7FAC5991 2007-03-08
uid Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>
sub 2048g/C07CB649 2007-03-08
pub 4096R/C61670EE 2014-04-10
uid Christopher Roy Bratusek <nano@jpberlin.de>
sub 4096R/76E4C9F9 2014-04-10
/etc/apt/trusted.gpg.d/antix-archive-keyring.gpg
------------------------------------------------
pub 2048R/452F0C20 2013-03-13 [expired: 2015-03-13]
uid antiX (antix repo) <antix@daveserver.info>
/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
----------------------------------------------------------
pub 4096R/2B90D010 2014-11-21 [expires: 2022-11-19]
uid Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
-------------------------------------------------------------------
pub 4096R/C857C906 2014-11-21 [expires: 2022-11-19]
uid Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
-------------------------------------------------------
pub 4096R/518E17E1 2013-08-17 [expires: 2021-08-15]
uid Jessie Stable Release Key <debian-release@lists.debian.org>
/etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg
-----------------------------------------------------------
pub 4096R/473041FA 2010-08-27 [expires: 2018-03-05]
uid Debian Archive Automatic Signing Key (6.0/squeeze) <ftpmaster@debian.org>
/etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg
--------------------------------------------------------
pub 4096R/B98321F9 2010-08-07 [expires: 2017-08-05]
uid Squeeze Stable Release Key <debian-release@lists.debian.org>
/etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg
----------------------------------------------------------
pub 4096R/46925553 2012-04-27 [expires: 2020-04-25]
uid Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
/etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg
-------------------------------------------------------
pub 4096R/65FFB764 2012-05-08 [expires: 2019-05-07]
uid Wheezy Stable Release Key <debian-release@lists.debian.org>
/etc/apt/trusted.gpg.d/siduction-archive-keyring.gpg
----------------------------------------------------
pub 4096R/45C45076 2011-09-19 [expires: 2021-09-16]
uid Siduction Repository (The Siduction Repository) <repository@siduction.org>
sub 4096R/05BF7E4F 2011-09-19 [expires: 2021-09-16]PS, the antix repos have been always disabled in these machines. The keyring has expired but I guess this shouldn't make a difference.
Last edited by Snap (2016-06-20 07:15:51)
Offline
#3 2016-06-20 09:57:48
- xaos52
- The Good Doctor
- From: Planet of the @pes
- Registered: 2015-09-30
- Posts: 695
Re: gpg issue: siduction repos: invalid signatures. [SOLVED]
Comment out antix and try again...
Edit:
Also check your apt options in
/etc/apt/apt.conf.dCheck setting of Apt::Get::AllowUnauthenticated
Offline
#4 2016-06-20 11:23:01
- unklar
- Back to the roots 1.9
- From: #! BL
- Registered: 2015-10-31
- Posts: 2,709
Re: gpg issue: siduction repos: invalid signatures. [SOLVED]
Offline
#5 2016-06-21 08:26:34
- Snap
- Member
- Registered: 2015-10-02
- Posts: 465
Re: gpg issue: siduction repos: invalid signatures. [SOLVED]
Got it. The antix repos where there disabled from the beginning (so never updated) and besides the antix.list was removed from sources, the keyring still in was the problem. Purged the expired key and it seems to work now. Gotta try in the other machine.
What I find strange is that single expired key from a single repo can bork them all.
Thanks a billion, xaos52.
Offline