latest 2-3 weeks I have trouble with update repositories

this error only with liqourix, other repos normally updates
I try reinstall liquorix-keyring, nothing
Back to top

Try updating now, I was actually in the middle of updating my keys but I've been waiting to make sure everyone had the updated liquorix-keyring file before using the new key. Can you run an apt-get update and confirm? On my end I no longer get this message.
Back to top

yes now I don't have this error
big thank's!
Back to top

I get this error now and can't reinstall the key. Can apt ever be rolled back to an earlier version due to the key issues?


Back to top

You can just install the liquorix keyring package manually from here:

liquorix.net/debian/pool/main/l/liquorix-keyring/liquorix-keyring_2016.03.19_all.deb

I will not be rolling back, as that would prevent everyone from accessing the repository.
Back to top

By the way, during some testing and upgrades 2 days ago, I had ongoing issues with liquorix keyrings not working. I had to keep typing in manual 'yes' override during installs.

Need to fix smxi also since debian changed their behavior for non authenticated packages from simple -y to also requiring the explicit command to allow non authenticated packages.

I'd already installed the new keyring, and run an update, at least, I'd installed the keyring metapackage, is it possible that didn't get updated right?
Back to top

No, I just updated the key I signed with too early. If you had not updated the keyring package before then, then you'll get unauthenticated repository errors when trying to pull from liquorix.net since the public key I sign the repository with is not in your apt-get keyring.

Then you would need to run your apt-get update / install liquorix-keyring commands with --allow-unauthenticated. Or you can just pull the deb directly from the site. I don't plan on changing the key again, but it was long overdue and especially highlighted after Debian disabled support for weak keys and weak signatures.
Back to top

security improvements can never be faulted.
Back to top

that's what happens, not sure how to solve that for users, sure you can grab the deb manually, but that's not correct packaging.

Since update fails, the version update fails, which means apt believes the current version is the latest version, which means you can't install the new version via apt. catch 22. Logic loop.

just a note.
Back to top

Good point, apt-get is not even letting you install an unauthenticated package anymore, it fails with this error when running apt-get update:



I think I might have to write an liquorix repo install script you can run with curl, such as, curl liquorix.net/install-liquorix-repo | sudo bash, and have it do all the dirty work, such as installing the key ahead of time and adding the repo to /etc/apt/sources.list.d/* if not already there.

This is how add-apt-repository works on Ubuntu when adding a PPA. It adds the key first before adding 'deb' lines to your sources.

Although, apt-get should have switches for situations like this. It turns out with the latest updates, they decided not to make it optional, which is sad since it makes things significantly more annoying for adding a repository in the sake of security.

When I get some more time I'll write something up and change the instructions on the homepage, until then, we'll have to manually download the keyring from here: liquorix.net/debian/pool/main/l/liquorix-keyring/liquorix-keyring_2016.03.19_all.deb
Back to top