Hi, Firstly, many thanks for debian-11. I've been looking forward to the newer bind9 and its dnssec-policy finally making it trivial to implement DNSSEC on a stable system. Yay!
My problem: A day or two ago, I tried to upgrade to debian-11 on a little VM on my laptop and I've run into a problem. I know it wasn't official yet, but I thought I could get away with it. And I wanted to have done it once before upgrading a more important VM. But I would like to get this VM unbroken as well. I wasn't as careful as usual with it (I didn't do the backups mentioned in Release Notes section 4.1.1) but I'm not sure if that would have helped. I added the new the bullseye details to /etc/apt/sources.list but I didn't comment out the existing buster details at the same time. I think that might have been my mistake. Then, I did apt update and got GPG invalid signature errors. And I still get them when I only have the buster details in sources.list and when I only have the bullseye details there. But before, everything was fine. With buster only: deb http://ftp.au.debian.org/debian/ buster main deb-src http://ftp.au.debian.org/debian/ buster main deb http://security.debian.org/debian-security buster/updates main deb-src http://security.debian.org/debian-security buster/updates main deb http://ftp.au.debian.org/debian/ buster-updates main deb-src http://ftp.au.debian.org/debian/ buster-updates main apt update looks like this: Err:1 http://security.debian.org/debian-security buster/updates InRelease At least one invalid signature was encountered. Get:2 http://ftp.au.debian.org/debian buster InRelease [122 kB] Get:3 http://ftp.au.debian.org/debian buster-updates InRelease [51.9 kB] Err:2 http://ftp.au.debian.org/debian buster InRelease At least one invalid signature was encountered. Err:3 http://ftp.au.debian.org/debian buster-updates InRelease At least one invalid signature was encountered. Fetched 174 kB in 0s (452 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 2 packages can be upgraded. Run 'apt list --upgradable' to see them. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security buster/updates InRelease: At least one invalid signature was encountered. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.au.debian.org/debian buster InRelease: At least one invalid signature was encountered. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.au.debian.org/debian buster-updates InRelease: At least one invalid signature was encountered. W: Failed to fetch http://ftp.au.debian.org/debian/dists/buster/InRelease At least one invalid signature was encountered. W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease At least one invalid signature was encountered. W: Failed to fetch http://ftp.au.debian.org/debian/dists/buster-updates/InRelease At least one invalid signature was encountered. W: Some index files failed to download. They have been ignored, or old ones used instead. With bullseye only: deb http://ftp.au.debian.org/debian/ bullseye main contrib non-free deb-src http://ftp.au.debian.org/debian/ bullseye main contrib non-free deb http://security.debian.org/debian-security bullseye-security main contrib non-free deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free deb http://ftp.au.debian.org/debian/ bullseye-updates main contrib non-free deb-src http://ftp.au.debian.org/debian/ bullseye-updates main contrib non-free apt update looks like: Get:1 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB] Err:1 http://security.debian.org/debian-security bullseye-security InRelease At least one invalid signature was encountered. Get:2 http://ftp.au.debian.org/debian bullseye InRelease [113 kB] Get:3 http://ftp.au.debian.org/debian bullseye-updates InRelease [40.1 kB] Err:2 http://ftp.au.debian.org/debian bullseye InRelease At least one invalid signature was encountered. Err:3 http://ftp.au.debian.org/debian bullseye-updates InRelease At least one invalid signature was encountered. Fetched 153 kB in 0s (448 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 1416 packages can be upgraded. Run 'apt list --upgradable' to see them. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security bullseye-security InRelease: At least one invalid signature was encountered. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.au.debian.org/debian bullseye InRelease: At least one invalid signature was encountered. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.au.debian.org/debian bullseye-updates InRelease: At least one invalid signature was encountered. W: Failed to fetch http://ftp.au.debian.org/debian/dists/bullseye/InRelease At least one invalid signature was encountered. W: Failed to fetch http://security.debian.org/debian-security/dists/bullseye-security/InRelease At least one invalid signature was encountered. W: Failed to fetch http://ftp.au.debian.org/debian/dists/bullseye-updates/InRelease At least one invalid signature was encountered. W: Some index files failed to download. They have been ignored, or old ones used instead. Changing security.debian.org to ftp.au.debian.org added this: Err:3 http://ftp.au.debian.org/debian-security bullseye-security Release 404 Not Found [IP: 150.203.164.37 80] Changing http to https (for ftp.au.debian.org) gives TLS certificate errors: Could not handshake: Error in the certificate verification Changing ftp.au.debian.org to deb.debian.org still had the signature errors. Here's what I think the preferred sources.list should be: deb https://deb.debian.org/debian/ bullseye main contrib non-free deb-src https://deb.debian.org/debian/ bullseye main contrib non-free deb https://deb.debian.org/debian-security bullseye-security main contrib non-free deb-src https://deb.debian.org/debian-security bullseye-security main contrib non-free deb https://deb.debian.org/debian/ bullseye-updates main contrib non-free deb-src https://deb.debian.org/debian/ bullseye-updates main contrib non-free (but I want to keep using ftp.au.debian.org if I can) But the apt update output is still bad: Get:1 https://deb.debian.org/debian bullseye InRelease [113 kB] Err:1 https://deb.debian.org/debian bullseye InRelease At least one invalid signature was encountered. Get:2 https://deb.debian.org/debian-security bullseye-security InRelease [44.1 kB] Err:2 https://deb.debian.org/debian-security bullseye-security InRelease At least one invalid signature was encountered. Get:3 https://deb.debian.org/debian bullseye-updates InRelease [40.1 kB] Err:3 https://deb.debian.org/debian bullseye-updates InRelease At least one invalid signature was encountered. Reading package lists... Done W: GPG error: https://deb.debian.org/debian bullseye InRelease: At least one invalid signature was encountered. E: The repository 'https://deb.debian.org/debian bullseye InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. W: GPG error: https://deb.debian.org/debian-security bullseye-security InRelease: At least one invalid signature was encountered. E: The repository 'https://deb.debian.org/debian-security bullseye-security InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. W: GPG error: https://deb.debian.org/debian bullseye-updates InRelease: At least one invalid signature was encountered. E: The repository 'https://deb.debian.org/debian bullseye-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. I just noticed that the bullseye items in sources.list had "contrib non-free" which the buster details didn't include. I removed them and tried again but it didn't help. This is a pure debian stable system. apt-forktracer reported nothing when I started. Now it reports 1682 packages. The time on the VM is correct. The VM disk isn't full (86% used, 950MB free). Any idea what I can do to fix this? Thanks for your time, raf
