Package: emdebian-archive-keyring
Version: 2.0.5
Severity: grave
Justification: renders package unusable
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
I upgraded from wheezy to jessie a Virtual Machine (Virtualbox) I use to
develop ARM code.
At end of dist-upgrade I started consistently to have the following error:
root@ariag25:~# apt-get update
Hit http://ftp.it.debian.org jessie InRelease
Get:1 http://www.emdebian.org jessie InRelease [5,012 B]
Hit http://security.debian.org jessie/updates InRelease
Hit http://ftp.it.debian.org jessie-updates InRelease
Ign http://www.emdebian.org jessie InRelease
Hit http://ftp.it.debian.org jessie/main Sources
Hit http://security.debian.org jessie/updates/main Sources
Hit http://ftp.it.debian.org jessie/main amd64 Packages
Ign http://www.emdebian.org jessie/main amd64 Packages/DiffIndex
Hit http://security.debian.org jessie/updates/main amd64 Packages
Hit http://ftp.it.debian.org jessie/non-free amd64 Packages
Hit http://security.debian.org jessie/updates/non-free amd64 Packages
Hit http://ftp.it.debian.org jessie/main Translation-en
Hit http://ftp.it.debian.org jessie/non-free Translation-en
Hit http://security.debian.org jessie/updates/main Translation-en
Hit http://ftp.it.debian.org jessie-updates/main Sources
Hit http://security.debian.org jessie/updates/non-free Translation-en
Get:2 http://ftp.it.debian.org jessie-updates/main amd64 Packages/DiffIndex
[643 B]
Hit http://ftp.it.debian.org jessie-updates/non-free amd64 Packages
Get:3 http://ftp.it.debian.org jessie-updates/main Translation-en/DiffIndex
[229 B]
Hit http://ftp.it.debian.org jessie-updates/non-free Translation-en
Hit http://www.emdebian.org jessie/main amd64 Packages
Ign http://www.emdebian.org jessie/main Translation-en_US
Ign http://www.emdebian.org jessie/main Translation-en
Fetched 5,884 B in 1s (4,079 B/s)
Reading package lists... Done
W: GPG error: http://www.emdebian.org jessie InRelease: The following
signatures were invalid: REVKEYSIG B5B7720097BB3B58 Emdebian Archive Signing Key
* What exactly did you do (or not do) that was effective (or ineffective)?
I tried to manually install the key:
root@ariag25:/media/cdrom# gpg --keyserver pgp.mit.edu --recv-keys
B5B7720097BB3B58
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this
run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: requesting key 97BB3B58 from hkp server pgp.mit.edu
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 97BB3B58: public key Emdebian Archive Signing Key imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
root@ariag25:/media/cdrom# gpg --armor --export 97BB3B58 | apt-key add -
OK
I also (manually) upgraded to new version (from sid archives):
root@ariag25:~# wget
http://ftp.fi.debian.org/debian/pool/main/e/emdebian-archive-keyring/emdebian-archive-keyring_2.0.5_all.deb
--2015-08-21 12:34:09--
http://ftp.fi.debian.org/debian/pool/main/e/emdebian-archive-keyring/emdebian-archive-keyring_2.0.5_all.deb
Resolving ftp.fi.debian.org (ftp.fi.debian.org)... 130.230.54.99,
2001:708:310:54::99
Connecting to ftp.fi.debian.org (ftp.fi.debian.org)|130.230.54.99|:80...
connected.
HTTP request sent, awaiting response... 200 OK
Length: 6942 (6.8K) [application/x-debian-package]
Saving to: ‘emdebian-archive-keyring_2.0.5_all.deb’
emdebian-archive-keyring_2.0.5_
100%[===] 6.78K
--.-KB/s in 0.02s
2015-08-21 12:34:09 (350 KB/s) - ‘emdebian-archive-keyring_2.0.5_all.deb’ saved
[6942/6942]
root@ariag25:~# dpkg -i emdebian-archive-keyring_2.0.5_all.deb
Selecting previously unselected package emdebian-archive-keyring.
(Reading database ... 78608 files and directories currently installed.)
Preparing to unpack emdebian-archive-keyring_2.0.5_all.deb ...
Unpacking emdebian-archive-keyring (2.0.5) ...
Setting up emdebian-archive-keyring (2.0.5) ...
OK
* What was the outcome of this action?
No difference: the error is absolutely the same.
* What outcome did you expect instead?
I expected to be able to apt-get update with no errors.
I asssume the problem is with key generation (apparently missing the revocation
certificate).
I will install with the --allow-unauthenticated, but that does not seem right,
does it?
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of