On Wed, 2020-12-16 at 19:06 +0100, John Paul Adrian Glaubitz wrote: > Hi! > > For some reason, apt is ignoring the "check-valid-until" flag for me, no > matter whether > I'm passing that option in /etc/apt/sources.list or on the command line > (see below). > > Does anyone have any idea what I'm missing? > > PS: Please CC me, I'm not subscribed to debian-devel. > > Thanks, > Adrian > > ======================================================================== > =============== > > (sid-powerpc-sbuild2)root@kapitsa:/# cat /etc/apt/sources.list > # binary default
> [...] > #deb [check-valid-until=no] > http://snapshot.debian.org/archive/debian-ports/20190428T083118Z/ unstable > main > > deb [check-valid-until=no] > http://snapshot.debian.org/archive/debian-ports/20190428T083118Z/ unstable > main > deb [check-valid-until=no] > http://snapshot.debian.org/archive/debian-ports/20201014T042941Z/ unstable > main > > ##deb [arch=all] http://snapshot.debian.org/archive/debian/20190731T151946Z/ > unstable main > > [...] > > Hit:10 http://ftp.ports.debian.org/debian-ports experimental InRelease > Err:7 http://snapshot.debian.org/archive/debian-ports/20190428T083118Z > unstable InRelease > > > The following signatures were invalid: EXPKEYSIG DA1B2CEA81DCBC61 Debian > Ports Archive Automatic Signing Key (2019) < > ftpmas...@ports-master.debian.org> > Reading package lists... Done > W: GPG error: > http://snapshot.debian.org/archive/debian-ports/20190428T083118Z unstable > InRelease: The following signatures were invalid: EXPKEYSIG DA1B2CEA81DCBC61 > Debian Ports Archive Automatic Signing Key (2019) < > ftpmas...@ports-master.debian.org> > E: The repository ' > http://snapshot.debian.org/archive/debian-ports/20190428T083118Z unstable > InRelease' is not signed. > N: Updating from such a repository can't be done securely, and is therefore > disabled by default. > N: See apt-secure(8) manpage for repository creation and user configuration > details. There's something else happening here. See, the error isn't for a repository that's lapsed its check-valid-until date: That error would look like this: > E: Release file for > http://snapshot.debian.org/archive/debian/20190428T083118Z/dists/unstable/InRelease > is expired (invalid since 591d 20h 48min 38s). Updates for this > repository will not be applied. Instead, the issue is that the GPG key is also expired. Debian-ports has a much shorter duration on their keys than the main archive: only a year. That means apt-secure can't verify it, and thus considers it insecure, and refuses to update. The solution is to use allow-insecure=yes as well. Calum
signature.asc
Description: This is a digitally signed message part
