Thanks that help to determine how to reproduce the case. We might want to force the refresh of the key when people run the add_bareos_repositories.sh <https://download.bareos.org/experimental/PR-2385/Debian_13/add_bareos_repositories.sh> script.
On Thursday, 16 October 2025 at 08:23:57 UTC+2 [email protected] wrote: > I've done a little research and installed bareos on an LXC on a Proxmox > host. And as Andreas Rogge described in the github comment I could not > reproduce the error an that fresh install. You can read the details in my > Github comment. > > Long story short: If your key is too old (mine was from July 2023) you > will have to download the key again from the bareos website and after that > the apt warning will be gone. > > Greetings, Jens > > [email protected] schrieb am Mittwoch, 15. Oktober 2025 um 18:51:15 > UTC+2: > >> Thank you for the Github link. I left a comment and I hope that someone >> will take care of it. >> >> I'm not quite sure what you mean by "how your system was provisioned". >> The system is a bare metal server. On this computer and with Debian 12 I >> did not see this error but after upgrading to Debian 13. >> I installed the community edition of Bareos in the first place with the >> help of the script add_bareos_repositories.sh as described in the >> documentation. >> Is that what you meant or do you need other information? >> >> Greetings, Jens >> Bruno Friedmann (bruno-at-bareos) schrieb am Mittwoch, 15. Oktober 2025 >> um 16:57:56 UTC+2: >> >>> Hi Jens, >>> >>> We got that issue reported once, but we never got a reproducible path >>> for it. >>> https://github.com/bareos/bareos/issues/2353 >>> >>> Could you develop a bit more how your system was provisioned to get that >>> error. >>> Regards. >>> >>> If you have interesting details, you can reopen the issue and add them >>> there. >>> >>> On Wednesday, 15 October 2025 at 13:00:23 UTC+2 [email protected] >>> wrote: >>> >>>> Hello guys, >>>> >>>> after upgrading a server to Debian 13 I get this warning when I do an >>>> 'apt update'. >>>> >>>> root@gandalf# LC_ALL=C apt update --audit >>>> Hit:1 https://download.bareos.org/current/Debian_13 InRelease >>>> <snip> >>>> All packages are up to date. >>>> Warning: https://download.bareos.org/current/Debian_13/InRelease: >>>> Policy will reject signature within a year, see --audit for details >>>> Audit: https://download.bareos.org/current/Debian_13/InRelease: >>>> Sub-process /usr/bin/sqv returned an error code (1), error message is: >>>> Signing key on 82834CF002D89BA55C1ED0AA42DA24A6DFEF9127 is not bound: >>>> No binding signature at time 2025-10-09T09:15:50Z >>>> because: Policy rejected non-revocation signature >>>> (PositiveCertification) requiring second pre-image resistance >>>> because: SHA1 is not considered secure since 2026-02-01T00:00:00Z >>>> >>>> I've just looked up if I have the most recent key and at least I >>>> haven't found a newer one on the website. >>>> >>>> Right now this is not an issue but as far as I understand the message >>>> it will be a problem from 2026-02-01. Are there any plans to create are >>>> more secure key (sorry if I mix up keys, signatures etc. because I'm not >>>> too familiar with these things). >>>> >>>> Greetings, Jens >>>> >>> -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bareos-users/4033248c-d32a-49ae-833a-96c8b7529cban%40googlegroups.com.
