Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: Invalid signature  (Read 2372 times)

Offline jyp

  • User
  • Posts: 102
Invalid signature
« on: 2021/09/16, 20:46:47 »
Suddenly happened after du a few hours ago; first ever event of this kind from using siduction as long as it existed.

Code: [Select]
jyp# apt update
Hit:1 http://deb.debian.org/debian unstable InRelease
Hit:2 https://packages.siduction.org/fixes unstable InRelease
Err:2 https://packages.siduction.org/fixes unstable InRelease
  The following signatures were invalid: EXPKEYSIG 15CBD88045C45076 Siduction Repository (The Siduction Repository) <repository@siduction.org>
Hit:3 http://ftp.uni-stuttgart.de/siduction/extra unstable InRelease
Err:3 http://ftp.uni-stuttgart.de/siduction/extra unstable InRelease
  The following signatures were invalid: EXPKEYSIG 15CBD88045C45076 Siduction Repository (The Siduction Repository) <repository@siduction.org>
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.siduction.org/fixes unstable InRelease: The following signatures were invalid: EXPKEYSIG 15CBD88045C45076 Siduction Repository (The Siduction Repository) <repository@siduction.org>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.uni-stuttgart.de/siduction/extra unstable InRelease: The following signatures were invalid: EXPKEYSIG 15CBD88045C45076 Siduction Repository (The Siduction Repository) <repository@siduction.org>
W: Failed to fetch http://ftp.uni-stuttgart.de/siduction/extra/dists/unstable/InRelease  The following signatures were invalid: EXPKEYSIG 15CBD88045C45076 Siduction Repository (The Siduction Repository) <repository@siduction.org>
W: Failed to fetch https://packages.siduction.org/fixes/dists/unstable/InRelease  The following signatures were invalid: EXPKEYSIG 15CBD88045C45076 Siduction Repository (The Siduction Repository) <repository@siduction.org>
W: Some index files failed to download. They have been ignored, or old ones used instead.

I suppose that we have to wait a bit.
Thanks

Offline Balou

  • User
  • Posts: 27
Re: Invalid signature
« Reply #1 on: 2021/09/16, 20:58:33 »
Hi

I can confirm the error. Same Problem

Balou

Offline der_bud

  • User
  • Posts: 1.015
  • member
Re: Invalid signature
« Reply #2 on: 2021/09/16, 21:29:17 »
The GPG key of the repo expired today. It's being worked on. Patience ;)
Du lachst? Wieso lachst du? Das ist doch oft so, Leute lachen erst und dann sind sie tot.

Offline Balou

  • User
  • Posts: 27
Re: Invalid signature
« Reply #3 on: 2021/09/16, 21:47:27 »
as always good work thank you very much :)
Balou

Offline der_bud

  • User
  • Posts: 1.015
  • member
Re: Invalid signature
« Reply #4 on: 2021/09/17, 08:43:46 »
After 10 years, the siduction repo GPG key suddenly expired yesterday. Most of us would need a workaround to get the updated siduction-archive-keyring. There seem two ways so far, either manually getting and installing the .deb or telling apt to trust the 'unsecure' repo once, both as root:

Nach 10 Jahren ist gestern plötzlich der GPG-Key vom Repo abgelaufen. Die meisten werden wohl eine der beiden folgenden Lösungen ausprobieren müssen, um das aktualisierte Paket siduction-archive-keyring zu erhalten, entweder .deb herunterladen und manuell installieren oder apt einmalig das 'unsichere' repo erlauben:


1) wget and install
Code: [Select]
wget https://packages.siduction.org/extra/pool/main/s/siduction-archive-keyring/siduction-archive-keyring_2021.09.16_all.deb && apt install ./siduction-archive-keyring_2021.09.16_all.deb

2) apt allow insecure
Code: [Select]
rm /var/lib/apt/lists/packages.siduction.org_* && apt -o Acquire::AllowInsecureRepositories=true update && apt install siduction-archive-keyring

(confirm with y)

Both are not well tested yet, VOLUNTEERS, PLEASE TEST THIS ;) and confirm here
 Edit:  ^^ 10 hours later both ways are reported to work ^^
« Last Edit: 2021/09/17, 18:05:20 by der_bud »
Du lachst? Wieso lachst du? Das ist doch oft so, Leute lachen erst und dann sind sie tot.

Offline Geier0815

  • User
  • Posts: 544
Re: Invalid signature
« Reply #5 on: 2021/09/17, 09:07:57 »
Code: [Select]
wget https://packages.siduction.org/extra/pool/main/s/siduction-archive-keyring/siduction-archive-keyring_2021.09.16_all.deb && apt install ./siduction-archive-keyring_2021.09.16_all.deb works. apt update runs without error and a dist-upgrade brought me a new kernel. Thanks!

Code: [Select]
wget https://packages.siduction.org/extra/pool/main/s/siduction-archive-keyring/siduction-archive-keyring_2021.09.16_all.deb && apt install ./siduction-archive-keyring_2021.09.16_all.deb funktioniert. apt update lief ohne Fehlermeldungen durch und ein dist-upgrade brachte mir einen neuen Kernel. Danke!
Wenn Windows die Lösung ist...
kann ich dann bitte das Problem zurück haben?

Offline hendrikL

  • Global Moderator
  • User
  • *****
  • Gravatar
  • Posts: 547
Re: Invalid signature
« Reply #6 on: 2021/09/17, 09:12:20 »
Quote
2) apt allow insecure
works too / funktioniert auch

Offline unklarer

  • User
  • Posts: 643
Re: Invalid signature
« Reply #7 on: 2021/09/17, 09:24:30 »
Quote from: der_bud
1) wget and install

done / ok auch hier

Offline pjnsmb

  • User
  • Posts: 84
Re: Invalid signature
« Reply #8 on: 2021/09/17, 09:38:12 »
all good with me too

thanks as always
regards
pjnsmb

Offline Balou

  • User
  • Posts: 27
Re: Invalid signature
« Reply #9 on: 2021/09/17, 09:41:52 »
1) wget and install

done, alles okay

danke

Balou

Offline thebluesman

  • User
  • Posts: 64
Re: Invalid signature
« Reply #10 on: 2021/09/17, 16:31:00 »
Quote
1) wget and install

funzt.


Offline ajavibp

  • User
  • Posts: 110
    • The website of the association where I collaborate.
Re: Invalid signature
« Reply #11 on: 2021/09/17, 18:07:55 »
Working again. Thanks!

Offline jyp

  • User
  • Posts: 102
Re: Invalid signature
« Reply #12 on: 2021/09/17, 18:28:48 »
A few minutes ago, I got a serious warning after running <apt update>
Code: [Select]
jyp# apt update
Reading package lists... Done
E: Could not get lock /var/lib/apt/lists/lock. It is held by process 1325 (packagekitd)
N: Be aware that removing the lock file is not a solution and may break your system.
E: Unable to lock directory /var/lib/apt/lists/

But after applying the suggested cure (wget + install) everything ran smoothly.

Thanks a lot again for the outstanding work.
jyp

Offline brutor

  • User
  • Posts: 23
Re: Invalid signature
« Reply #13 on: 2021/09/17, 21:49:34 »
wget and install runs fine

Offline GoinEasy9

  • User
  • Posts: 508
Re: Invalid signature
« Reply #14 on: 2021/09/19, 07:52:04 »
It seems the install iso's are failing due to the same problem. It's listing out errors trying to reach siduction repos. I tried to wget and then install, that didn't help. Any suggestions?

« Last Edit: 2021/09/20, 05:52:13 by GoinEasy9 »
Linux Counter number 348347