On Wed, May 31, 2017 at 07:45:51PM +1000, Peter Miller wrote: > > What about /etc/apt/trusted.gpg > > > trusted.gpg: GPG keybox database version 1, created-at Fri Apr 28 07:45:49 > 2017, last-maintained Fri Apr 28 07:45:49 2017
That's your problem. Run gpg --no-default-keyring --keyring /etc/apt/trusted.gpg > /etc/apt/trusted.gpg.new mv /etc/apt/trusted.gpg.new /etc/apt/trusted.gpg To convert the keybox file back to a key ring. > > > > > What you can do is manually run apt-key verify for an InRelease file, e.g.: > > > > /usr/bin/apt-key verify > > /var/lib/apt/lists/deb.debian.org_debian_dists_unstable_InRelease > > > > No can do. Closest is: > > root@pete:/var/lib/apt/lists# /usr/bin/apt-key verify > /var/lib/apt/lists/debian.mirror.digitalpacific.com.au_debian_dists_stretch_Release > gpgv: Signature made Tue 23 May 2017 06:42:01 AEST > gpgv: using RSA key 8B48AD6246925553 > gpgv: Can't check signature: No public key > gpgv: Signature made Tue 23 May 2017 06:42:01 AEST > gpgv: using RSA key 7638D0442B90D010 > gpgv: Can't check signature: No public key > root@pete:/var/lib/apt/lists# > [...] > So, I don't understand what to compare, or what to download, or where from. The idea was to download an InRelease file from a Debian mirror, and run apt-key verify on it to see error messages. -- Debian Developer - deb.li/jak | jak-linux.org - free software dev | Ubuntu Core Developer | When replying, only quote what is necessary, and write each reply directly below the part(s) it pertains to ('inline'). Thank you.