Bug#1003865: GPG error: http://deb.debian.org/debian sid InRelease: The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster)
also here the error occurs with all Linux installations that use apt-cacher-ng as apt proxy. As a workaround, it helps to deactivate the caching of the InRelease files so that they are always fetched directly. ## /etc/apt-cacher-ng/acng.conf DontCacheResolved: .*InRelease ## Regards Klaus
Bug#1003865: GPG error: http://deb.debian.org/debian sid InRelease: The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster)
Adding more data... I have been seeing this on bookworm (both the machine running "apt update" and the machine running apt-cacher-ng): W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease: The following signatures were invalid: BADSIG 0E98404D386FA1D9 Debian Archive Automatic Signing Key (11/bullseye) E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is not signed. On Fri, 28 Jan 2022 20:45:00 +0530 Pirate Praveen wrote: > I have seen this on another sid chroot. So I had to remove > /var/lib/apt/* inside the chroot and debrepo/dists directory in > apt-cacher-ng's cache directory. I'm not sure if it can be fixed in > apt-cacher-ng. The above workaround has fixed it for me... for now. peace & happiness, martin
Bug#1003865: GPG error: http://deb.debian.org/debian sid InRelease: The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster)
On 19 Jan 2022 21:40:18 +0530 Pirate Praveen wrote: > On Wed, 19 Jan 2022 02:47:56 +0530 Pirate Praveen > wrote: > > >Based on the fact that autobuilding of unstable is still continuing and > > >there haven't been any reports of this issue on either #d-devel or > > >debian-devel@lists, it seems unlikely that there's a general issue > > >here, rather than something more local to your environment. > > > > May be related to apt-cacher-ng (though I tried with apt-cacher-ng > > disabled without fixing this issue). > I'm having/seeing this issue for ~1 week now and it very much looks like it is caused by apt-cacher-ng. I don't know why it popped up now as usually/normally it works. # debootstrap --arch arm64 sid /home/diederik/tmp/debootstrap/sysbase-sid-arm64 http://:3142/deb.debian.org/debian I: Target architecture can be executed I: Retrieving InRelease I: Checking Release signature E: Invalid Release signature (key id 648ACFD622F3D138) # debootstrap --arch arm64 sid /home/diederik/tmp/debootstrap/sysbase-sid-arm64 http://deb.debian.org/debian I: Target architecture can be executed I: Retrieving InRelease I: Checking Release signature I: Valid Release signature (key id A7236886F3CCCAAD148A27F80E98404D386FA1D9) Interestingly enough, this only happens when specifying 'sid': # debootstrap --arch arm64 testing /home/diederik/tmp/debootstrap/sysbase-bookworm-arm64 http://:3142/deb.debian.org/debian I: Target architecture can be executed I: Retrieving InRelease I: Checking Release signature I: Valid Release signature (key id A7236886F3CCCAAD148A27F80E98404D386FA1D9) > sudo rm -rf /var/lib/apt/* > > fixed the issue (sharing in case someone someone searches for the same > error) Do you do that on the host machine or on the machine running apt-cacher-ng? I have a device running acng in my LAN which all (other) devices use, but I also have one running on my main PC when repeatedly building images. signature.asc Description: This is a digitally signed message part.
Bug#1003865: GPG error: http://deb.debian.org/debian sid InRelease: The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster)
On Wed, 19 Jan 2022 02:47:56 +0530 Pirate Praveen wrote: I have seen at least one forum posting on the same error when searching for it so its likely more common https://www.nixcraft.com/t/signatures-were-invalid-badsig-648acfd622f3d138-debian-archive-automatic-signing-key-10-buster/4025 May be related to apt-cacher-ng (though I tried with apt-cacher-ng disabled without fixing this issue). When I encounter similar errors from time to time (once a year or so) I consider them as "caching artefacts" and fix them by having apt "reinitialize" the corresponding package source: first comment the line in sources.list (or rename the snippet in sources.list.d to *.list.off), run apt-get update (or whatever you like instead) to "forget" the source, enable it again, apt-get update again and the error is gone. Actually I cannot remember having ever seen that as a piuparts failure (and that does a lot of apt-get update), only once in a while on my main machine which has everything from oldoldstable to experimental with 4 foreign architectures available ... Andreas
