Debian 9 and repository's signature..

mirkt
Beiträge: 95
Registriert: 05 Jun 2013, 09:39
Wohnort: Lithuania

Debian 9 and repository's signature..

Beitragvon mirkt » 21 Sep 2017, 11:04

Hello,

As written in „Getting started“ manual, I get GPG errors on "Debian 9":

Code: Alles auswählen

W: GPG error: http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_9.0 ./ Release: The following signatures were invalid: 2371C96FC045365D00729A19520B97144DC87421
W: The repository 'http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_9.0 ./ Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.


Suggested method:
One can bypass this message by using the aptitude parameter --allow-unauthenticated. This parameter has to be used every time aptitude is called. For a permanent solution we recommend to disable the GPG check. This can be done by creating a file 99opsi in the directory /etc/apt/apt.conf.d/ with the following content:

Code: Alles auswählen

APT::Get::AllowUnauthenticated "true";


does not work for me..

Adding options [allow-insecure=yes allow-downgrade-to-insecure=yes] to opsi.list:

deb [allow-insecure=yes allow-downgrade-to-insecure=yes] http://download.opensuse.org/repositori ... Debian_9.0 ./

helps..

What's is the „correct“ way to overcome this issue?

I have tried importing http://download.opensuse.org/repositori ... elease.key into gpg, then exporting to
/usr/share/keyrings/uibmz-archive-keyring.gpg

Code: Alles auswählen

gpg --export 2371C96FC045365D00729A19520B97144DC87421 > /usr/share/keyrings/uibmz-archive-keyring.gpg


and setting:

Code: Alles auswählen

deb [signed-by=/usr/share/keyrings/uibmz-archive-keyring.gpg] http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_9.0 ./


in opsi.list, but then I get error:

Code: Alles auswählen

W: GPG error: http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_9.0 ./ Release: The following signatures were invalid: 2371C96FC045365D00729A19520B97144DC87421
E: The repository 'http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_9.0 ./ Release' is not signed.


Now I have to tell APT that I trust key 2371C96FC045365D00729A19520B97144DC87421 ?

Code: Alles auswählen

# gpg /usr/share/keyrings/uibmz-archive-keyring.gpg
pub   dsa1024 2010-07-23 [SC] [expires: 2019-04-27]
      2371C96FC045365D00729A19520B97144DC87421
uid           home:uibmz OBS Project <home:uibmz@build.opensuse.org>


Code: Alles auswählen

# gpg --verify Release.gpg Release
gpg: Signature made Fri 25 Aug 2017 10:14:23 AM EEST
gpg:                using DSA key 520B97144DC87421
gpg: Good signature from "home:uibmz OBS Project <home:uibmz@build.opensuse.org>" [ultimate]

Benutzeravatar
m.radtke
uib-Team
Beiträge: 729
Registriert: 10 Jun 2015, 12:19

Re: Debian 9 and repository's signature..

Beitragvon m.radtke » 22 Sep 2017, 13:28

Hi

thank you for your information.

We are currently replacing the keys and resigning the packages on the opensuse repositories.
As for now we will do this first in experimental, then in testing and finally in stable.

We hope the newly generated key will help with the issue.

Cheers
Kein Support per DM!
_________________________
opsi support - http://www.uib.de/
For productive opsi installations we recommend support contracts.

Benutzeravatar
n.wenselowski
uib-Team
Beiträge: 3148
Registriert: 04 Apr 2013, 12:15

Re: Debian 9 and repository's signature..

Beitragvon n.wenselowski » 26 Sep 2017, 15:34

Hi,

we are changing the keys to fix the problems regarding the repository signature.
Read here for more information.


Kind regards

Niko
opsi development - uib gmbh
For productive opsi installations we recommend support contracts.

mirkt
Beiträge: 95
Registriert: 05 Jun 2013, 09:39
Wohnort: Lithuania

Re: Debian 9 and repository's signature..

Beitragvon mirkt » 27 Sep 2017, 10:37

Thank you :)

dorian.borovina
Beiträge: 36
Registriert: 24 Aug 2017, 12:32

Re: Debian 9 and repository's signature..

Beitragvon dorian.borovina » 13 Okt 2017, 14:33

Install it on Jessie 8.9, it works without any issues.
Best regards,
Dorian Borovina

Benutzeravatar
n.wenselowski
uib-Team
Beiträge: 3148
Registriert: 04 Apr 2013, 12:15

Re: Debian 9 and repository's signature..

Beitragvon n.wenselowski » 16 Okt 2017, 16:24

dorian.borovina hat geschrieben:Install it on Jessie 8.9, it works without any issues.

Why settle on the old horse if all you need to do is to re-import the key? ;)
opsi development - uib gmbh
For productive opsi installations we recommend support contracts.

dorian.borovina
Beiträge: 36
Registriert: 24 Aug 2017, 12:32

Re: Debian 9 and repository's signature..

Beitragvon dorian.borovina » 17 Okt 2017, 14:06

Hahahaha, my "old" Jessie horse is running perfectly, so there is no need for replacement, not yet. :)
Best regards,
Dorian Borovina

Benutzeravatar
SisterOfMercy
Beiträge: 999
Registriert: 22 Jun 2012, 19:18

Re: Debian 9 and repository's signature..

Beitragvon SisterOfMercy » 18 Okt 2017, 13:21

At home I still have a debian 4 (etch) server running, still not very old compared to ye olde vaxen ;)
Bitte schreiben Sie Deutsch, when I'm responding in the German-speaking part of the forum!

Benutzeravatar
n.wenselowski
uib-Team
Beiträge: 3148
Registriert: 04 Apr 2013, 12:15

Re: Debian 9 and repository's signature..

Beitragvon n.wenselowski » 18 Okt 2017, 17:07

SisterOfMercy hat geschrieben:At home I still have a debian 4 (etch) server running, still not very old compared to ye olde vaxen ;)

Hat's off!
What is the uptime of that machine of yours? :D
opsi development - uib gmbh
For productive opsi installations we recommend support contracts.

Benutzeravatar
SisterOfMercy
Beiträge: 999
Registriert: 22 Jun 2012, 19:18

Re: Debian 9 and repository's signature..

Beitragvon SisterOfMercy » 24 Okt 2017, 16:03

It's horribly outdated and uptime isn't great. I have power outages due to a defective earth leakage sensor. The entire fuse-block-thing has to be replaced, it's a long term project.

The uptime of my XP x64 workstation (at work) was 465 days :D

I know someone in austria who still runs his website on a quad pentium pro with windows 2000.
Bitte schreiben Sie Deutsch, when I'm responding in the German-speaking part of the forum!