Bug#834973: apt update in sid chroot exits with "repository is not signed"

Joost van Baal-Ilić Sun, 21 Aug 2016 01:09:21 -0700

Package: apt
Version: 1.3~rc2
Severity: important

Dear Maintainer,


   * What led up to the situation?

I've set up a sid chroot, a long time ago.

Running

    gpgv                        2.1.14-5
    debian-archive-keyring      2014.3
    libapt-pkg5.0:amd64         1.3~rc2
    libc6:amd64                 2.23-4


   * What exactly did you do (or not do) that was effective (or
     ineffective)?

 (sid)root@janacopoulos:~# apt update && apt -V dist-upgrade

   * What was the outcome of this action?

This is displayed

 Get:1 http://ftp.nl.debian.org/debian sid InRelease [209 kB]
 Err:1 http://ftp.nl.debian.org/debian sid InRelease
   At least one invalid signature was encountered.
 Reading package lists... Done
 W: GPG error: http://ftp.nl.debian.org/debian sid InRelease: At least one 
invalid signature was encountered.
 E: The repository 'http://httpredir.debian.org/debian sid InRelease' is not 
signed.
 N: Updating from such a repository can't be done securely, and is therefore 
disabled by default.
 N: See apt-secure(8) manpage for repository creation and user configuration 
details.

   * What outcome did you expect instead?

An updated system.


I've also tried to do some debugging:

 wget 'http://ftp.nl.debian.org/debian/dists/sid/InRelease'
 gpg --verify InRelease

gives

 gpg: Signature made недеља, 21. август 2016. 05:22:47  using RSA key ID 
46925553
 gpg: Good signature from "Debian Archive Automatic Signing Key (7.0/wheezy) 
<ftpmas...@debian.org>"
 Primary key fingerprint: A1BD 8E9D 78F7 FE5C 3E65  D8AF 8B48 AD62 4692 5553
 gpg: Signature made недеља, 21. август 2016. 05:22:47  using RSA key ID 
2B90D010
 gpg: Good signature from "Debian Archive Automatic Signing Key (8/jessie) 
<ftpmas...@debian.org>"
 Primary key fingerprint: 126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010


and

 (sid)root@janacopoulos:~# apt -o Debug::Acquire::gpgv=yes update

gives

Get:1 http://ftp.nl.debian.org/debian sid InRelease [209 kB]
0% [Working]inside VerifyGetSigners
0% [1 InRelease gpgv 209 kB]Preparing to exec:  /usr/bin/apt-key --quiet 
--readonly verify --status-fd 3 /tmp/apt.sig.7pzp9M
 /tmp/apt.data.WiZ9eV
gpgv exited with status 1
Summary:
  Good:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey:
  NODATA: no
Err:1 http://ftp.nl.debian.org/debian sid InRelease
  At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://ftp.nl.debian.org/debian sid InRelease: At least one 
invalid signature was encountered.
E: The repository 'http://httpredir.debian.org/debian sid InRelease' is not 
signed.
N: Updating from such a repository can't be done securely, and is therefore 
disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration 
details.

and also

 (sid)root@janacopoulos:~# apt-key verify 
/var/lib/apt/lists/partial/httpredir.debian.org_debian_dists_sid_InRelease

gives

 gpgv: Signature made недеља, 21. август 2016. 03:22:47  using RSA key ID
 gpgv: Good signature from "Debian Archive Automatic Signing Key (7.0/wheezy) 
<ftpmas...@debian.org>"
 gpgv: Signature made недеља, 21. август 2016. 03:22:47  using RSA key ID
 gpgv: Good signature from "Debian Archive Automatic Signing Key (8/jessie) 
<ftpmas...@debian.org>"


Thanks for your time!

Bye,

Joost

Bug#834973: apt update in sid chroot exits with "repository is not signed"

Reply via email to