On Mon, Jun 22, 2020, at 11:36 PM, John Paul Adrian Glaubitz wrote: > On 6/23/20 8:27 AM, Rick Thomas wrote: > > Unfortunately, as you can see, I still get the warning. > > > > I have a vague recollection of seeing something somewhere (I know -- I'm > > sorry I can't be > > more specific) that the version of apt in Jessie doesn't respond to > > "Check-Valid-Until". > > Can anyone confirm or deny this? > > Did you set the setting in /etc/apt/apt.conf or in your sources.list? > The latter doesn't > work. > > If setting it in apt.conf doesn't work, try setting > "APT::Get::AllowUnauthenticated "true";": > > > https://askubuntu.com/questions/74345/how-do-i-bypass-ignore-the-gpg-signature-checks-of-apt > > > I wonder if it is possible to get the Release file re-signed with an > > up-to-date key? > > As those files have been archived, it isn't possible. But you could run your > own > mirror, copy all packages and add a new Release file plus signature.
I tried setting it in sources.list. As you noted, it didn't work. So I created a file in /etc/apt/apt.conf.d/ as follows: > root@grey:~# cat /etc/apt/apt.conf.d/25ignoreexpired > APT::Get::AllowUnauthenticated "true"; > root@grey:~# Then tried > root@grey:~# apt update > Ign http://archive.debian.org jessie InRelease > Get:1 http://archive.debian.org jessie Release.gpg [2420 B] > Hit http://archive.debian.org jessie Release > Ign http://archive.debian.org jessie Release > <snip...> > W: GPG error: http://archive.debian.org jessie Release: The following > signatures were invalid: KEYEXPIRED 1587841717 And it still isn't working... /-: Rick PS: Thanks very much for the quick replies!
