You are not logged in.

#26 2021-03-03 16:28:13

dolly
Miss Mixunderstand
From: /lab701
Registered: 2015-10-03
Posts: 430

Re: PSA: bunsen-keyring package refreshes

Eeeeh, have you updated the "Helium" keyring, see first post of this thread?


A bit nerdy, trying to grow up.

Offline

#27 2021-03-03 18:28:29

1bvl1012
Member
Registered: 2019-07-04
Posts: 6

Re: PSA: bunsen-keyring package refreshes

dolly wrote:

Eeeeh, have you updated the "Helium" keyring, see first post of this thread?

I'm honestly not too sure, but i hope, that my

sudo dpkg -i bunsen-keyring_2020.10.10+bl9-1_all.deb 

did this.

Offline

#28 2021-03-04 11:45:29

twoion
ほやほや
Registered: 2015-08-10
Posts: 3,248

Re: PSA: bunsen-keyring package refreshes

1bvl1012 wrote:

I hope I'm at the right place here. Till recently bunsenlabs never did give me any problems.

I have

5@lenovo-b1:~$ lsb_release -a
No LSB modules are available.
Distributor ID:	BunsenLabs
Description:	BunsenLabs GNU/Linux 9.9 (Helium)
Release:	9.9
Codename:	helium

So I did a

lenovo-b1:~$ sudo dpkg -i bunsen-keyring_2020.10.10+bl9-1_all.deb 
(Lese Datenbank ... 129332 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von bunsen-keyring_2020.10.10+bl9-1_all.deb ...
Entpacken von bunsen-keyring (2020.10.10+bl9-1) über (2020.10.10+bl9-1) ...
bunsen-keyring (2020.10.10+bl9-1) wird eingerichtet ...

However I still get (abbreviated)

@lenovo-b1:~$ sudo apt-get update 
...
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://eu.pkg.bunsenlabs.org/debian helium InRelease: Die folgenden Signaturen waren ungültig: EXPKEYSIG A0673F72FE62D9C5 Jens John (BunsenLabs Repository Signing Key) <dev@2ion.de>
W: Fehlschlag beim Holen von https://pkg.bunsenlabs.org/debian/dists/helium/InRelease  Die folgenden Signaturen waren ungültig: EXPKEYSIG A0673F72FE62D9C5 Jens John (BunsenLabs Repository Signing Key) <dev@2ion.de>
W: Einige Indexdateien konnten nicht heruntergeladen werden. Sie wurden ignoriert oder alte an ihrer Stelle benutzt.

Any ideas, what I should do would be appreciated.

So I just retested the package using a vanilla Debian 9 docker image, installed the bl9 keyring package, and it worked I could use the helium repositories.

Could you provide the output of:

sudo apt-key list
apt-cache policy bunsen-keyring
date -R

? Thanks. Because it strikes me that the correct key is not in the keyring.


Nassdachs

Offline

#29 2021-03-04 13:22:58

1bvl1012
Member
Registered: 2019-07-04
Posts: 6

Re: PSA: bunsen-keyring package refreshes

twoion wrote:

Could you provide the output of:

With pleasure.

@lenovo-b1:~$ sudo apt-key list
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-04-11 [SC] [expired: 2019-09-28]
      D4CC 8597 4C31 396B 18B3  6837 D615 560B A5C7 FF72
uid           [ expired] Opera Software Archive Automatic Signing Key 2017 <packager@opera.com>

pub   rsa4096 2019-09-12 [SC] [expires: 2021-09-11]
      68E9 B2B0 3661 EE3C 44F7  0750 4B8E C3BA ABDC 4346
uid           [ unknown] Opera Software Archive Automatic Signing Key 2019 <packager@opera.com>
sub   rsa4096 2019-09-12 [E] [expires: 2021-09-11]

pub   rsa4096 2018-01-05 [SC] [expired: 2020-01-25]
      68AE AE71 F9FA 1587 03C1  CBBC 8D04 CE49 EFB2 0B23
uid           [ expired] Vivaldi Package Composer KEY04 <packager@vivaldi.com>

pub   rsa4096 2018-12-04 [SC] [expired: 2021-01-22]
      B44B 85E3 E1A6 386B FC79  D411 9658 E804 4A3A A3D6
uid           [ expired] Vivaldi Package Composer KEY05 <packager@vivaldi.com>

pub   rsa4096 2019-11-12 [SC] [expires: 2022-01-30]
      790D 2E26 8F67 FE01 3B32  76D3 793F EB8B B697 35B2
uid           [ unknown] Vivaldi Package Composer KEY06 <packager@vivaldi.com>
sub   rsa4096 2019-11-12 [E] [expires: 2022-01-30]

/etc/apt/trusted.gpg.d/bunsen.key.binary.asc
--------------------------------------------
pub   rsa4096 2015-07-11 [SC] [expired: 2021-01-18]
      3172 4784 0522 7490 BBB7  43E6 A067 3F72 FE62 D9C5
uid           [ expired] Jens John (BunsenLabs Repository Signing Key) <dev@2ion.de>

/etc/apt/trusted.gpg.d/bunsen.key.chroot.asc
--------------------------------------------
pub   rsa4096 2015-07-11 [SC] [expired: 2021-01-18]
      3172 4784 0522 7490 BBB7  43E6 A067 3F72 FE62 D9C5
uid           [ expired] Jens John (BunsenLabs Repository Signing Key) <dev@2ion.de>

/etc/apt/trusted.gpg.d/bunsen-keyring.gpg
-----------------------------------------
pub   rsa4096 2015-07-11 [SC] [expired: 2021-01-18]
      3172 4784 0522 7490 BBB7  43E6 A067 3F72 FE62 D9C5
uid           [ expired] Jens John (BunsenLabs Repository Signing Key) <dev@2ion.de>

/etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      80D1 5823 B7FD 1561 F9F7  BCDD DC30 D7C2 3CBB ABEE
uid           [ unknown] Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      5E61 B217 265D A980 7A23  C5FF 4DFA B270 CAA9 6DFA
uid           [ unknown] Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
-------------------------------------------------------
pub   rsa4096 2019-02-05 [SC] [expires: 2027-02-03]
      6D33 866E DD8F FA41 C014  3AED DCC9 EFBF 77E1 1517
uid           [ unknown] Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010
uid           [ unknown] Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      D211 6914 1CEC D440 F2EB  8DDA 9D6D 8F6B C857 C906
uid           [ unknown] Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
-------------------------------------------------------
pub   rsa4096 2013-08-17 [SC] [expires: 2021-08-15]
      75DD C3C4 A499 F1A1 8CB5  F3C8 CBF8 D6FD 518E 17E1
uid           [ unknown] Jessie Stable Release Key <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
-----------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
uid           [ unknown] Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
--------------------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      6ED6 F5CB 5FA6 FB2F 460A  E88E EDA0 D238 8AE2 2BA9
uid           [ unknown] Debian Security Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
--------------------------------------------------------
pub   rsa4096 2017-05-20 [SC] [expires: 2025-05-18]
      067E 3C45 6BAE 240A CEE8  8F6F EF0F 382A 1A7B 6500
uid           [ unknown] Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org>
@lenovo-b1:~$ apt-cache policy bunsen-keyring
bunsen-keyring:
  Installiert:           2020.10.10+bl9-1
  Installationskandidat: 2020.10.10+bl9-1
  Versionstabelle:
 *** 2020.10.10+bl9-1 500
        500 https://pkg.bunsenlabs.org/debian helium/main amd64 Packages
        100 /var/lib/dpkg/status
@lenovo-b1:~$ date -R
Thu, 04 Mar 2021 14:29:38 +0100

Offline

#30 2021-03-04 16:15:50

twoion
ほやほや
Registered: 2015-08-10
Posts: 3,248

Re: PSA: bunsen-keyring package refreshes

1bvl1012 wrote:
twoion wrote:

Could you provide the output of:

With pleasure.

@lenovo-b1:~$ sudo apt-key list
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-04-11 [SC] [expired: 2019-09-28]
      D4CC 8597 4C31 396B 18B3  6837 D615 560B A5C7 FF72
uid           [ expired] Opera Software Archive Automatic Signing Key 2017 <packager@opera.com>

pub   rsa4096 2019-09-12 [SC] [expires: 2021-09-11]
      68E9 B2B0 3661 EE3C 44F7  0750 4B8E C3BA ABDC 4346
uid           [ unknown] Opera Software Archive Automatic Signing Key 2019 <packager@opera.com>
sub   rsa4096 2019-09-12 [E] [expires: 2021-09-11]

pub   rsa4096 2018-01-05 [SC] [expired: 2020-01-25]
      68AE AE71 F9FA 1587 03C1  CBBC 8D04 CE49 EFB2 0B23
uid           [ expired] Vivaldi Package Composer KEY04 <packager@vivaldi.com>

pub   rsa4096 2018-12-04 [SC] [expired: 2021-01-22]
      B44B 85E3 E1A6 386B FC79  D411 9658 E804 4A3A A3D6
uid           [ expired] Vivaldi Package Composer KEY05 <packager@vivaldi.com>

pub   rsa4096 2019-11-12 [SC] [expires: 2022-01-30]
      790D 2E26 8F67 FE01 3B32  76D3 793F EB8B B697 35B2
uid           [ unknown] Vivaldi Package Composer KEY06 <packager@vivaldi.com>
sub   rsa4096 2019-11-12 [E] [expires: 2022-01-30]

/etc/apt/trusted.gpg.d/bunsen.key.binary.asc
--------------------------------------------
pub   rsa4096 2015-07-11 [SC] [expired: 2021-01-18]
      3172 4784 0522 7490 BBB7  43E6 A067 3F72 FE62 D9C5
uid           [ expired] Jens John (BunsenLabs Repository Signing Key) <dev@2ion.de>

/etc/apt/trusted.gpg.d/bunsen.key.chroot.asc
--------------------------------------------
pub   rsa4096 2015-07-11 [SC] [expired: 2021-01-18]
      3172 4784 0522 7490 BBB7  43E6 A067 3F72 FE62 D9C5
uid           [ expired] Jens John (BunsenLabs Repository Signing Key) <dev@2ion.de>

/etc/apt/trusted.gpg.d/bunsen-keyring.gpg
-----------------------------------------
pub   rsa4096 2015-07-11 [SC] [expired: 2021-01-18]
      3172 4784 0522 7490 BBB7  43E6 A067 3F72 FE62 D9C5
uid           [ expired] Jens John (BunsenLabs Repository Signing Key) <dev@2ion.de>

/etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      80D1 5823 B7FD 1561 F9F7  BCDD DC30 D7C2 3CBB ABEE
uid           [ unknown] Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      5E61 B217 265D A980 7A23  C5FF 4DFA B270 CAA9 6DFA
uid           [ unknown] Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
-------------------------------------------------------
pub   rsa4096 2019-02-05 [SC] [expires: 2027-02-03]
      6D33 866E DD8F FA41 C014  3AED DCC9 EFBF 77E1 1517
uid           [ unknown] Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010
uid           [ unknown] Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      D211 6914 1CEC D440 F2EB  8DDA 9D6D 8F6B C857 C906
uid           [ unknown] Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
-------------------------------------------------------
pub   rsa4096 2013-08-17 [SC] [expires: 2021-08-15]
      75DD C3C4 A499 F1A1 8CB5  F3C8 CBF8 D6FD 518E 17E1
uid           [ unknown] Jessie Stable Release Key <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
-----------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
uid           [ unknown] Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
--------------------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      6ED6 F5CB 5FA6 FB2F 460A  E88E EDA0 D238 8AE2 2BA9
uid           [ unknown] Debian Security Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
--------------------------------------------------------
pub   rsa4096 2017-05-20 [SC] [expires: 2025-05-18]
      067E 3C45 6BAE 240A CEE8  8F6F EF0F 382A 1A7B 6500
uid           [ unknown] Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org>
@lenovo-b1:~$ apt-cache policy bunsen-keyring
bunsen-keyring:
  Installiert:           2020.10.10+bl9-1
  Installationskandidat: 2020.10.10+bl9-1
  Versionstabelle:
 *** 2020.10.10+bl9-1 500
        500 https://pkg.bunsenlabs.org/debian helium/main amd64 Packages
        100 /var/lib/dpkg/status
@lenovo-b1:~$ date -R
Thu, 04 Mar 2021 14:29:38 +0100

So the file /etc/apt/trusted.gpg.d/bunsen-keyring.gpg is actually what is shipped by 2020.10.10+bl9-1, and the keyring should include the updated key. From the listing above, we see however that the keyring does not contain the updated key, which likely means that due to Debian's special configuration file type handling, a for whatever reason modified version did not get overwritten by the version of the keyring file in the package.  Let's try to fix it.

Attempt the following commands. Make sure you have the .deb package for bl9 in the original post downloaded.

# Get rid of the stray ASCII armored keys, likely installed manually or somehow via scripts I don't understand
sudo rm -f -- /etc/apt/trusted.gpg.d/bunsen.key.binary.asc
sudo rm -f -- /etc/apt/trusted.gpg.d/bunsen.key.chroot.asc

# Reinstall the keyring package, but force dpkg to replace whatever file in /etc/apt/trusted.gpg.d we ship with the original version from the package
sudo dpkg --force-confmiss -i bunsen-keyring_2020.10.10+bl9-1_all.deb

Then check the output of

sudo apt-key list

again, it should contain the section

/etc/apt/trusted.gpg.d/bunsen-keyring.gpg
-----------------------------------------
pub   rsa4096 2015-07-11 [SC] [expires: 2030-10-08]
      3172 4784 0522 7490 BBB7  43E6 A067 3F72 FE62 D9C5
uid           [ unknown] Jens John (BunsenLabs Repository Signing Key) <dev@2ion.de>
sub   rsa4096 2015-07-11 [E] [expires: 2030-10-08]

Note the different expiration dates, which are properly in the future.


Nassdachs

Offline

#31 2021-03-04 22:36:48

1bvl1012
Member
Registered: 2019-07-04
Posts: 6

Re: PSA: bunsen-keyring package refreshes

twoion wrote:

Note the different expiration dates, which are properly in the future.

I did this

@lenovo-b1:~/Downloads$ sudo rm -f -- /etc/apt/trusted.gpg.d/bunsen.key.binary.asc
@lenovo-b1:~/Downloads$ sudo rm -f -- /etc/apt/trusted.gpg.d/bunsen.key.chroot.asc
@lenovo-b1:~/Downloads$ sudo dpkg --force-confmiss -i bunsen-keyring_2020.10.10+bl9-1_all.deb 
(Lese Datenbank ... 129332 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von bunsen-keyring_2020.10.10+bl9-1_all.deb ...
Entpacken von bunsen-keyring (2020.10.10+bl9-1) über (2020.10.10+bl9-1) ...
bunsen-keyring (2020.10.10+bl9-1) wird eingerichtet ...
@lenovo-b1:~/Downloads$ sudo apt-key list | less

but I see no future date

/etc/apt/trusted.gpg.d/bunsen-keyring.gpg
-----------------------------------------
pub   rsa4096 2015-07-11 [SC] [expired: 2021-01-18]
      3172 4784 0522 7490 BBB7  43E6 A067 3F72 FE62 D9C5
uid           [ expired] Jens John (BunsenLabs Repository Signing Key) <dev@2ion.de>

Last edited by 1bvl1012 (2021-03-05 11:47:09)

Offline

#32 2021-03-05 12:04:32

rbh
Member
From: Sweden/Vasterbotten/Rusfors
Registered: 2016-08-11
Posts: 1,083

Re: PSA: bunsen-keyring package refreshes

My Helium box, runa "apt update", without errors.
I backed up BL apt-keys and delted original.

Installing bunsen-keyring, with just "bunsen-keyring_2020.10.10+bl9-1_all.deb", resulted in failed "apt update".

Did a manual setup as described on  https://www.bunsenlabs.org/repositories.html:

Manual setup
Fetch and verify the repository’s signing key:

wget https://ddl.bunsenlabs.org/ddl/BunsenLabs-RELEASE.asc
# The following will NOT affect your actual trusted keyring - a transient
# keyring is created in a temporary directory and then deleted. This awkwardness
# is because I cannot figure out how to do this in a portable way across
# different gpg versions and in a way that always works.
tmpdir=$(mktemp -d)
gpg --homedir "$tmpdir" --import /tmp/BunsenLabs-RELEASE.asc &>/dev/null
gpg --homedir "$tmpdir" --fingerprint
rm -r -- "$tmpdir"/
The key’s fingerprint as displayed by gpg should be identical with the following hexstring:

3172 4784 0522 7490 BBB7 43E6 A067 3F72 FE62 D9C5 
If that is not the case, you have got the wrong key. Use a safe, non-intercepted internet connection in order to retrieve the correct key file.

Finally, add the key to APT and update the package index:

sudo apt-key add BunsenLabs-RELEASE.asc
sudo apt-get update

Then "apt update" again worked.


// Regards rbh

Please read before requesting help: Guide to getting help,
Introduction to the Bunsenlabs Lithium Desktop and other help topics under "Help Resources" on the BunsenLabs menu

Offline

#33 2021-03-05 14:29:53

rbh
Member
From: Sweden/Vasterbotten/Rusfors
Registered: 2016-08-11
Posts: 1,083

Re: PSA: bunsen-keyring package refreshes

Running

apt-key del "3172 4784 0522 7490 BBB7  43E6 A067 3F72 FE62 D9C5"

made "apt update fail".

Reinstalling bunsenkeyring with

$ sudo dpkg --force-confmiss -i bunsen-keyring_2020.10.10+bl9-1_all.deb

removed error for "apt update".

Last edited by rbh (2021-03-05 14:30:09)


// Regards rbh

Please read before requesting help: Guide to getting help,
Introduction to the Bunsenlabs Lithium Desktop and other help topics under "Help Resources" on the BunsenLabs menu

Offline

#34 2021-03-09 18:45:12

1bvl1012
Member
Registered: 2019-07-04
Posts: 6

Re: PSA: bunsen-keyring package refreshes

rbh wrote:

My Helium box, runa "apt update", without errors.

3172 4784 0522 7490 BBB7 43E6 A067 3F72 FE62 D9C5 

I don't know, how to display that.

$ gpg --homedir "$tmpdir" --fingerprint

gave me

gpg: /tmp/tmp.fSdccMQBRF/trustdb.gpg: trustdb created

But I boldly went where I have no idea, what I am doing, and now it seems to work again.
Thanks to everybody for their help.
Now on to the upgrade.

Offline

Board footer

Powered by FluxBB