Page: 1, 2  Next

debian sid "W: gpgv:/var/lib/apt/lists/liquorix.net_debian_dists_sid_InRelease" [+SOLUTION]
fremantle
Status: Interested
Joined: 01 Dec 2015
Posts: 15
Reply Quote
latest 2-3 weeks I have trouble with update repositories
:: Code ::
W: gpgv:/var/lib/apt/lists/liquorix.net_debian_dists_sid_InRelease: The repository is insufficiently signed by key 70C4F178C4AC36D29A3B52F03EFF4F272FB2CD80 (weak digest)

this error only with liqourix, other repos normally updates
I try reinstall liquorix-keyring, nothing
Back to top
damentz
Status: Assistant
Joined: 09 Sep 2008
Posts: 1117
Reply Quote
Try updating now, I was actually in the middle of updating my keys but I've been waiting to make sure everyone had the updated liquorix-keyring file before using the new key. Can you run an apt-get update and confirm? On my end I no longer get this message.
Back to top
fremantle
Status: Interested
Joined: 01 Dec 2015
Posts: 15
Reply Quote
yes now I don't have this error
big thank's!
Back to top
DeepDayze
Status: Contributor
Joined: 21 May 2009
Posts: 128
Reply Quote
I get this error now and can't reinstall the key. Can apt ever be rolled back to an earlier version due to the key issues?

:: Code ::
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://liquorix.net/debian sid InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9AE4078033F8024D
W: Failed to fetch http://liquorix.net/debian/dists/sid/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9AE4078033F8024D

Back to top
damentz
Status: Assistant
Joined: 09 Sep 2008
Posts: 1117
Reply Quote
You can just install the liquorix keyring package manually from here:

liquorix.net/debian/pool/main/l/liquorix-keyring/liquorix-keyring_2016.03.19_all.deb

I will not be rolling back, as that would prevent everyone from accessing the repository.
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4124
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
By the way, during some testing and upgrades 2 days ago, I had ongoing issues with liquorix keyrings not working. I had to keep typing in manual 'yes' override during installs.

Need to fix smxi also since debian changed their behavior for non authenticated packages from simple -y to also requiring the explicit command to allow non authenticated packages.

I'd already installed the new keyring, and run an update, at least, I'd installed the keyring metapackage, is it possible that didn't get updated right?
Back to top
damentz
Status: Assistant
Joined: 09 Sep 2008
Posts: 1117
Reply Quote
No, I just updated the key I signed with too early. If you had not updated the keyring package before then, then you'll get unauthenticated repository errors when trying to pull from liquorix.net since the public key I sign the repository with is not in your apt-get keyring.

Then you would need to run your apt-get update / install liquorix-keyring commands with --allow-unauthenticated. Or you can just pull the deb directly from the site. I don't plan on changing the key again, but it was long overdue and especially highlighted after Debian disabled support for weak keys and weak signatures.
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4124
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
security improvements can never be faulted.
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4124
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
:: Code ::
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://liquorix.net/debian unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9AE4078033F8024D
W: Failed to fetch http://liquorix.net/debian/dists/unstable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9AE4078033F8024D


that's what happens, not sure how to solve that for users, sure you can grab the deb manually, but that's not correct packaging.

Since update fails, the version update fails, which means apt believes the current version is the latest version, which means you can't install the new version via apt. catch 22. Logic loop.

just a note.
Back to top
damentz
Status: Assistant
Joined: 09 Sep 2008
Posts: 1117
Reply Quote
Good point, apt-get is not even letting you install an unauthenticated package anymore, it fails with this error when running apt-get update:

:: Code ::
The repository is not updated and the previous index files will be used.


I think I might have to write an liquorix repo install script you can run with curl, such as, curl liquorix.net/install-liquorix-repo | sudo bash, and have it do all the dirty work, such as installing the key ahead of time and adding the repo to /etc/apt/sources.list.d/* if not already there.

This is how add-apt-repository works on Ubuntu when adding a PPA. It adds the key first before adding 'deb' lines to your sources.

Although, apt-get should have switches for situations like this. It turns out with the latest updates, they decided not to make it optional, which is sad since it makes things significantly more annoying for adding a repository in the sake of security.

When I get some more time I'll write something up and change the instructions on the homepage, until then, we'll have to manually download the keyring from here: liquorix.net/debian/pool/main/l/liquorix-keyring/liquorix-keyring_2016.03.19_all.deb
Back to top
Display posts from previous:   
Page: 1, 2  Next
All times are GMT - 8 Hours