Seite 1 von 2

Debian 9 and repository's signature..

Verfasst: 21 Sep 2017, 11:04
von mirkt
Hello,

As written in „Getting started“ manual, I get GPG errors on "Debian 9":

Code: Alles auswählen

W: GPG error: http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_9.0 ./ Release: The following signatures were invalid: 2371C96FC045365D00729A19520B97144DC87421
W: The repository 'http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_9.0 ./ Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.


Suggested method:
One can bypass this message by using the aptitude parameter --allow-unauthenticated. This parameter has to be used every time aptitude is called. For a permanent solution we recommend to disable the GPG check. This can be done by creating a file 99opsi in the directory /etc/apt/apt.conf.d/ with the following content:

Code: Alles auswählen

APT::Get::AllowUnauthenticated "true";


does not work for me..

Adding options [allow-insecure=yes allow-downgrade-to-insecure=yes] to opsi.list:

deb [allow-insecure=yes allow-downgrade-to-insecure=yes] http://download.opensuse.org/repositori ... Debian_9.0 ./

helps..

What's is the „correct“ way to overcome this issue?

I have tried importing http://download.opensuse.org/repositori ... elease.key into gpg, then exporting to
/usr/share/keyrings/uibmz-archive-keyring.gpg

Code: Alles auswählen

gpg --export 2371C96FC045365D00729A19520B97144DC87421 > /usr/share/keyrings/uibmz-archive-keyring.gpg


and setting:

Code: Alles auswählen

deb [signed-by=/usr/share/keyrings/uibmz-archive-keyring.gpg] http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_9.0 ./


in opsi.list, but then I get error:

Code: Alles auswählen

W: GPG error: http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_9.0 ./ Release: The following signatures were invalid: 2371C96FC045365D00729A19520B97144DC87421
E: The repository 'http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_9.0 ./ Release' is not signed.


Now I have to tell APT that I trust key 2371C96FC045365D00729A19520B97144DC87421 ?

Code: Alles auswählen

# gpg /usr/share/keyrings/uibmz-archive-keyring.gpg
pub   dsa1024 2010-07-23 [SC] [expires: 2019-04-27]
      2371C96FC045365D00729A19520B97144DC87421
uid           home:uibmz OBS Project <home:uibmz@build.opensuse.org>


Code: Alles auswählen

# gpg --verify Release.gpg Release
gpg: Signature made Fri 25 Aug 2017 10:14:23 AM EEST
gpg:                using DSA key 520B97144DC87421
gpg: Good signature from "home:uibmz OBS Project <home:uibmz@build.opensuse.org>" [ultimate]

Re: Debian 9 and repository's signature..

Verfasst: 22 Sep 2017, 13:28
von m.radtke
Hi

thank you for your information.

We are currently replacing the keys and resigning the packages on the opensuse repositories.
As for now we will do this first in experimental, then in testing and finally in stable.

We hope the newly generated key will help with the issue.

Cheers

Re: Debian 9 and repository's signature..

Verfasst: 26 Sep 2017, 15:34
von n.wenselowski
Hi,

we are changing the keys to fix the problems regarding the repository signature.
Read here for more information.


Kind regards

Niko

Re: Debian 9 and repository's signature..

Verfasst: 27 Sep 2017, 10:37
von mirkt
Thank you :)

Re: Debian 9 and repository's signature..

Verfasst: 13 Okt 2017, 14:33
von dorian.borovina
Install it on Jessie 8.9, it works without any issues.

Re: Debian 9 and repository's signature..

Verfasst: 16 Okt 2017, 16:24
von n.wenselowski
dorian.borovina hat geschrieben:Install it on Jessie 8.9, it works without any issues.

Why settle on the old horse if all you need to do is to re-import the key? ;)

Re: Debian 9 and repository's signature..

Verfasst: 17 Okt 2017, 14:06
von dorian.borovina
Hahahaha, my "old" Jessie horse is running perfectly, so there is no need for replacement, not yet. :)

Re: Debian 9 and repository's signature..

Verfasst: 18 Okt 2017, 13:21
von SisterOfMercy
At home I still have a debian 4 (etch) server running, still not very old compared to ye olde vaxen ;)

Re: Debian 9 and repository's signature..

Verfasst: 18 Okt 2017, 17:07
von n.wenselowski
SisterOfMercy hat geschrieben:At home I still have a debian 4 (etch) server running, still not very old compared to ye olde vaxen ;)

Hat's off!
What is the uptime of that machine of yours? :D

Re: Debian 9 and repository's signature..

Verfasst: 24 Okt 2017, 16:03
von SisterOfMercy
It's horribly outdated and uptime isn't great. I have power outages due to a defective earth leakage sensor. The entire fuse-block-thing has to be replaced, it's a long term project.

The uptime of my XP x64 workstation (at work) was 465 days :D

I know someone in austria who still runs his website on a quad pentium pro with windows 2000.