After upgrading aptly to newest version (0.9.7), the error disappear. The only changes I noticed are the inclusion of the SHA512 sums in the files and the creation of the content-arch.gz
-------- Original Message -------- Subject: apt-secure / apt-get update gpg signature invalid Local Time: January 13, 2017 9:57 AM UTC Time: January 13, 2017 8:57 AM From: cont...@arkade.info To: debian-user@lists.debian.org <debian-user@lists.debian.org> Hello, After setting up a new apt repository with aptly, signing the repository and adding the public gpg key to the apt keyring, I encounter a failure during the `apt update` command: Err:3 http://#REPO_URL#/#NAME# #DISTRIBUTION# InRelease The following signatures were invalid: #KEY_ID# Hit:4 http://apt.postgresql.org/pub/repos/apt sid-pgdg InRelease Reading package lists... Done W: GPG error: http://#REPO_URL#/#NAME# #DISTRIBUTION# InRelease: The following signatures were invalid: #KEY_ID# E: The repository 'http://#REPO_URL#/#NAME# #DISTRIBUTION# InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. And yet the signature and the gpg keys are good. I succeed to verify the gpg signature on the InRelease file: curl http://#REPO_URL#/InRelease | gpg --keyring /etc/apt/trusted.gpg --verify gpg: Signature made Wed 11 Jan 2017 04:01:23 PM CET gpg: using RSA key #KEY_ID# gpg: Good signature from "#DESCRIPTION_GPG_KEY#" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: #GOOD_KEY_FINGERPRINT# I also verified the Release and Release.gpg file and they seem correct to me. I tried to find what's done during the apt update with a strace -o /tmp/strace -ff apt update then grep: grep 'apt.*key' ./strace* ./strace.29829:execve("/usr/bin/apt-key", ["/usr/bin/apt-key", "--quiet", "--readonly", "verify", "--status-fd", "3", "/tmp/apt.sig.ORUwxh", "/tmp/apt.data.kKXyrN"], [/* 28 vars */]) = 0 ./strace.29829:open("/usr/bin/apt-key", O_RDONLY) = 4 ./strace.29888:execve("/usr/bin/apt-key", ["/usr/bin/apt-key", "--quiet", "--readonly", "verify", "--status-fd", "3", "/tmp/apt.sig.utRWBD", "/tmp/apt.data.Fo1Lka"], [/* 28 vars */]) = 0 ./strace.29888:open("/usr/bin/apt-key", O_RDONLY) = 4 ./strace.29947:execve("/usr/bin/apt-key", ["/usr/bin/apt-key", "--quiet", "--readonly", "verify", "--status-fd", "3", "/tmp/apt.sig.ug6xiV", "/tmp/apt.data.Yv4zFs"], [/* 28 vars */]) = 0 ./strace.29947:open("/usr/bin/apt-key", O_RDONLY) = 4 ./strace.30006:execve("/usr/bin/apt-key", ["/usr/bin/apt-key", "--quiet", "--readonly", "verify", "--status-fd", "3", "/tmp/apt.sig.QSyrCg", "/tmp/apt.data.LK9DGO"], [/* 28 vars */]) = 0 ./strace.30006:open("/usr/bin/apt-key", O_RDONLY) = 4 How can I debug and fix this error? Thanks
