Re: apt-get invalid signature again
On Sat, Jan 28, 2006 at 11:38:56PM -0500, Joey Hess wrote: > Joey Hess wrote: > > Ross Boylan wrote: > > > Starting last night I see > > > W: GPG error: http://localhost sarge/updates Release: The following > > > signatures were invalid: BADSIG F1D53D8C4F368D5D Debian Archive Automatic > > > Signing Key (2005) <[EMAIL PROTECTED]> > > > > > > Anyone know what's up? I don't see messages about this latest > > > occurrence. > > > > The sarge security updates repository has a still valid signature from > > the 2005 key. > > > > A broken cache could certianly cause your problem. > > I managed to reproduce your problem. security.debian.org is on round > robin dns, and one of the mirrors is not updating. If apt downloads some > (but not all) files from this mirror, it will detect a bad signature. > Thanks for tracking that down. Is there a work-around? Ross -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-get invalid signature again
Joey Hess wrote: > Ross Boylan wrote: > > Starting last night I see > > W: GPG error: http://localhost sarge/updates Release: The following > > signatures were invalid: BADSIG F1D53D8C4F368D5D Debian Archive Automatic > > Signing Key (2005) <[EMAIL PROTECTED]> > > > > Anyone know what's up? I don't see messages about this latest > > occurrence. > > The sarge security updates repository has a still valid signature from > the 2005 key. > > A broken cache could certianly cause your problem. I managed to reproduce your problem. security.debian.org is on round robin dns, and one of the mirrors is not updating. If apt downloads some (but not all) files from this mirror, it will detect a bad signature. -- see shy jo signature.asc Description: Digital signature
Re: apt-get invalid signature again
Ross Boylan wrote: > Starting last night I see > W: GPG error: http://localhost sarge/updates Release: The following > signatures were invalid: BADSIG F1D53D8C4F368D5D Debian Archive Automatic > Signing Key (2005) <[EMAIL PROTECTED]> > > Anyone know what's up? I don't see messages about this latest > occurrence. The sarge security updates repository has a still valid signature from the 2005 key. A broken cache could certianly cause your problem. -- see shy jo signature.asc Description: Digital signature
Re: apt-get invalid signature again
On Sat, Jan 28, 2006 at 11:43:04PM +, Andrew M.A. Cater wrote: > On Sat, Jan 28, 2006 at 10:15:33AM -0800, Ross Boylan wrote: > > Starting last night I see > > W: GPG error: http://localhost sarge/updates Release: The following > > signatures were invalid: BADSIG F1D53D8C4F368D5D Debian Archive Automatic > > Signing Key (2005) <[EMAIL PROTECTED]> > > > > Anyone know what's up? I don't see messages about this latest > > occurrence. > > > > I'm a little frustrated how frequently this seems to happen; all these > > false positives (I'm assuming that's what the latest is) undercut the > > value of the security system. > > > apt-get install debian-archive-keyring > > apt-key update > > and you should be OK. You may also want to look at the Debian Secure-APT > HOWTO on the Debian wiki at wiki.debian.org > > As somebody said, this is because you haven't got the 2006 key > installed. This should only happen once a year or so: the fact > that secure apt was only really introduced in September/October > means that we've seemingly hit teething problems twice in six months :) I already have 2005 and 2006 keys installed. I installed debian-archive-keyring, but neither the error nor the output of apt-key list changes. The relevant entries from the latter are # apt-key list /etc/apt/trusted.gpg pub 1024R/1DB114E0 2004-01-15 [expired: 2005-01-27] uid Debian Archive Automatic Signing Key (2004) <[EMAIL PROTECTED]> pub 1024D/4F368D5D 2005-01-31 [expires: 2006-01-31] uid Debian Archive Automatic Signing Key (2005) <[EMAIL PROTECTED]> pub 1024D/2D230C5F 2006-01-03 [expires: 2007-02-07] uid Debian Archive Automatic Signing Key (2006) <[EMAIL PROTECTED]> I had a feeling the secure repository might have separate keys, but I can't see any sign this is the case on the security wiki or http://security.debian.org. I'm not sure if the identifying string in the error messages should match one of the ones above. The warning refers to F1D53D8C4F368D5D, which isn't even the same number of digits as shown above. Further, it concerns the 2005 key, which I have and which is valid for a few more days. I'm running apt 0.6.43.1 on a mixed testing/unstable system. I remember I ran into a key that was bad on one of the machines that responds to debian.org requests; maybe this is similar? Or perhaps some glitch introduced by apt-cacher? Ross -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-get invalid signature again
On Sat, Jan 28, 2006 at 10:15:33AM -0800, Ross Boylan wrote: > Starting last night I see > W: GPG error: http://localhost sarge/updates Release: The following > signatures were invalid: BADSIG F1D53D8C4F368D5D Debian Archive Automatic > Signing Key (2005) <[EMAIL PROTECTED]> > > Anyone know what's up? I don't see messages about this latest > occurrence. > > I'm a little frustrated how frequently this seems to happen; all these > false positives (I'm assuming that's what the latest is) undercut the > value of the security system. > apt-get install debian-archive-keyring apt-key update and you should be OK. You may also want to look at the Debian Secure-APT HOWTO on the Debian wiki at wiki.debian.org As somebody said, this is because you haven't got the 2006 key installed. This should only happen once a year or so: the fact that secure apt was only really introduced in September/October means that we've seemingly hit teething problems twice in six months :) HTH, Andy > I'm using apt-cacher, with sarge/updates pointing to > deb http://localhost:3142/security.debian.org/ sarge/updates main contrib > non-free > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-get invalid signature again
Hello Ross Boylan (<[EMAIL PROTECTED]>) wrote: > Starting last night I see > W: GPG error: http://localhost sarge/updates Release: The following > signatures were invalid: BADSIG F1D53D8C4F368D5D Debian Archive > Automatic Signing Key (2005) <[EMAIL PROTECTED]> The old 2005 key has been replaced, did you import the new key for 2006 already? best regards Andreas Janssen -- Andreas Janssen <[EMAIL PROTECTED]> PGP-Key-ID: 0xDC801674 ICQ #17079270 Registered Linux User #267976 http://www.andreas-janssen.de/debian-tipps-sarge.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
apt-get invalid signature again
Starting last night I see W: GPG error: http://localhost sarge/updates Release: The following signatures were invalid: BADSIG F1D53D8C4F368D5D Debian Archive Automatic Signing Key (2005) <[EMAIL PROTECTED]> Anyone know what's up? I don't see messages about this latest occurrence. I'm a little frustrated how frequently this seems to happen; all these false positives (I'm assuming that's what the latest is) undercut the value of the security system. I'm using apt-cacher, with sarge/updates pointing to deb http://localhost:3142/security.debian.org/ sarge/updates main contrib non-free -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]