Bug#834973: apt update in sid chroot exits with "repository is not signed"
Package: apt
Version: 1.3~rc2
Severity: important
Dear Maintainer,
* What led up to the situation?
I've set up a sid chroot, a long time ago.
Running
gpgv 2.1.14-5
debian-archive-keyring 2014.3
libapt-pkg5.0:amd64 1.3~rc2
libc6:amd64 2.23-4
* What exactly did you do (or not do) that was effective (or
ineffective)?
(sid)root@janacopoulos:~# apt update && apt -V dist-upgrade
* What was the outcome of this action?
This is displayed
Get:1 http://ftp.nl.debian.org/debian sid InRelease [209 kB]
Err:1 http://ftp.nl.debian.org/debian sid InRelease
At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://ftp.nl.debian.org/debian sid InRelease: At least one invalid signature was encountered.
E: The repository 'http://httpredir.debian.org/debian sid InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
* What outcome did you expect instead?
An updated system.
I've also tried to do some debugging:
wget 'http://ftp.nl.debian.org/debian/dists/sid/InRelease'
gpg --verify InRelease
gives
gpg: Signature made недеља, 21. август 2016. 05:22:47 using RSA key ID 46925553
gpg: Good signature from "Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>"
Primary key fingerprint: A1BD 8E9D 78F7 FE5C 3E65 D8AF 8B48 AD62 4692 5553
gpg: Signature made недеља, 21. август 2016. 05:22:47 using RSA key ID 2B90D010
gpg: Good signature from "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>"
Primary key fingerprint: 126C 0D24 BD8A 2942 CC7D F8AC 7638 D044 2B90 D010
and
(sid)root@janacopoulos:~# apt -o Debug::Acquire::gpgv=yes update
gives
Get:1 http://ftp.nl.debian.org/debian sid InRelease [209 kB]
0% [Working]inside VerifyGetSigners
0% [1 InRelease gpgv 209 kB]Preparing to exec: /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.7pzp9M
/tmp/apt.data.WiZ9eV
gpgv exited with status 1
Summary:
Good:
Bad:
Worthless:
SoonWorthless:
NoPubKey:
NODATA: no
Err:1 http://ftp.nl.debian.org/debian sid InRelease
At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://ftp.nl.debian.org/debian sid InRelease: At least one invalid signature was encountered.
E: The repository 'http://httpredir.debian.org/debian sid InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
and also
(sid)root@janacopoulos:~# apt-key verify /var/lib/apt/lists/partial/httpredir.debian.org_debian_dists_sid_InRelease
gives
gpgv: Signature made недеља, 21. август 2016. 03:22:47 using RSA key ID
gpgv: Good signature from "Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>"
gpgv: Signature made недеља, 21. август 2016. 03:22:47 using RSA key ID
gpgv: Good signature from "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>"
Thanks for your time!
Bye,
Joost
Reply to: