Your message dated Sat, 12 Aug 2023 12:33:31 +0200
with message-id <[email protected]>
and subject line Re: Bug#1043457: ftp.debian.org: buster-backports repository
signed with bullseye + bookworm keys
has caused the Debian Bug report #1043457,
regarding ftp.debian.org: buster-backports repository signed with bullseye +
bookworm keys
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1043457: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043457
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ftp.debian.org
Severity: important
Hi,
the buster-backports repository seems to be signed only with
the bullseye + bookworm keys now:
| % wget --quiet
http://deb.debian.org/debian/dists/buster-backports/Release{,.gpg}
| % gpg --verify Release.gpg Release 2>&1 | grep 'using RSA'
| gpg: using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
| gpg: using RSA key 4CB50190207B4758A3F73A796ED0E7B82643E131
STR:
| podman run --pull=always --rm -i -t debian:buster bash
| mv /etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.gpg
/etc/apt/trusted.gpg.d/debian-archive-bookworm-security-automatic.gpg
/etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.gpg .
| mv /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
/etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
/etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg .
| echo "deb http://deb.debian.org/debian buster-backports main" >
/etc/apt/sources.list.d/backports.list
| apt update
This then reports:
| [...]
| Hit:1 http://deb.debian.org/debian buster InRelease
| Hit:2 http://deb.debian.org/debian-security buster/updates InRelease
| Hit:3 http://deb.debian.org/debian buster-updates InRelease
| Hit:4 http://deb.debian.org/debian buster-backports InRelease
| Err:4 http://deb.debian.org/debian buster-backports InRelease
| The following signatures couldn't be verified because the public key is not
available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
| Reading package lists... Done
| Building dependency tree
| Reading state information... Done
| All packages are up to date.
| W: An error occurred during the signature verification. The repository is not
updated and the previous index files will be used. GPG error:
http://deb.debian.org/debian buster-backports InRelease: The following
signatures couldn't be verified because the public key is not available:
NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
| W: Failed to fetch
http://deb.debian.org/debian/dists/buster-backports/InRelease The following
signatures couldn't be verified because the public key is not available:
NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
| W: Some index files failed to download. They have been ignored, or old ones
used instead.
regards
-mika-
--- End Message ---
--- Begin Message ---
On Fri, 2023-08-11 at 15:52 +0200, Michael Prokop wrote:
> the buster-backports repository seems to be signed only with
> the bullseye + bookworm keys now:
Which is fine. We use the current keys to sign the Release files.
> STR:
>
> > podman run --pull=always --rm -i -t debian:buster bash
> > mv /etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.gpg
> > /etc/apt/trusted.gpg.d/debian-archive-bookworm-security-
> > automatic.gpg /etc/apt/trusted.gpg.d/debian-archive-bookworm-
> > stable.gpg .
> > mv /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
> > /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-
> > automatic.gpg /etc/apt/trusted.gpg.d/debian-archive-bullseye-
> > stable.gpg .
> > echo "deb http://deb.debian.org/debian buster-backports main" >
> > /etc/apt/sources.list.d/backports.list
> > apt update
This is a user error. Don't disable the keys used to sign the Release
files.
Ansgar
--- End Message ---
