Re: [Trisquel-users] Kernel Source package signature signed with unknown key 0x92D284CF33C66596
1) Why does apt-get source fetch a different source package to the one named in the arg? Because the name of the source package is usually not the name of the binary package. And one source package could result in many binary packages. For example, when searching for packages on http://packages.trisquel.info/ this is why you have the option to search for "source package names." Or why, when viewing a binary package, there is a link to the (differently named) source package. For example: Notice how http://packages.trisquel.info/belenos/emacs has a link called: [ Source: emacs-defaults ] in the upper left. So when you use apt-get source you should be plugging in the name of the source package but it seems smart enough to figure out the proper thing when you don't. :)
[Trisquel-users] Kernel Source package signature signed with unknown key 0x92D284CF33C66596
Two things I don't understand:- 1) Why does apt-get source fetch a different source package to the one named in the arg? 2) Why can't key 0x92D284CF33C66596 be found? $ apt-get source linux-image-3.13.0-76-generic Reading package lists... Done Building dependency tree Reading state information... Done Picking 'linux' as source package instead of 'linux-image-3.13.0-76-generic' ... Need to get 124 MB of source archives. Get:1 http://es.archive.trisquel.info/trisquel/ belenos-updates/main linux 3.13.0-77.121+7.0trisquel2 (dsc) [7,481 B] Get:2 http://es.archive.trisquel.info/trisquel/ belenos-updates/main linux 3.13.0-77.121+7.0trisquel2 (tar) [124 MB] Fetched 124 MB in 2min 3s (1,008 kB/s) gpgv: Signature made Tue 02 Feb 2016 00:43:48 GMT using RSA key ID 33C66596 gpgv: Can't check signature: public key not found dpkg-source: warning: failed to verify signature on ./linux_3.13.0-77.121+7.0trisquel2.dsc dpkg-source: info: extracting linux in linux-3.13.0 dpkg-source: info: unpacking linux_3.13.0-77.121+7.0trisquel2.tar.gz $ gpg2 --verify linux_3.13.0-77.121+7.0trisquel2.dsc gpg: Signature made Tue 02 Feb 2016 00:43:48 GMT gpg:using RSA key 0x92D284CF33C66596 gpg: Can't check signature: No public key $ torsocks gpg2 --keyserver jirk5u4osbsr34t5.onion --recv-keys 0x92D284CF33C66596 gpg: requesting key 0x92D284CF33C66596 from hkp server jirk5u4osbsr34t5.onion gpgkeys: key 92D284CF33C66596 not found on keyserver gpg: no valid OpenPGP data found. gpg: Total number processed: 0
Re: [Trisquel-users] Kernel Source package signature signed with unknown key 0x92D284CF33C66596
Thanks @jxself, good explanation. Is there a standard procedure for reporting the fact that the package downloaded by `apt-get source linux` (linux_3.13.0-77.121+7.0trisquel2) is signed with a key (0x92D284CF33C66596) for which no public cert appears to be available?