Bug#855970: [debian-archive-keyring] The release repository of testing (Stretch), and security updates repository too, have three misiing public keys

[Łukasz Konieczny]

I had to reinstall the OS because of that issue. I didn't want to use 
installation without package management working properly. Obviously now 
I can't send any information, because I have properly working system. 
Please close this bug.


Maybe it was stupidity to reinstall the OS, but I'm an average user and 
coudn't handle this problem in the other way.



Thank you for the support.

Łukasz

Bug#855970: [debian-archive-keyring] The release repository of testing (Stretch), and security updates repository too, have three misiing public keys

[Adam D. Barratt]

On Fri, 2017-02-24 at 10:13 +0100, Łukasz Konieczny wrote:
> Output of the command in attached file. Seems like everything OK. I 
> don't know what happens.
> 
> [I'm sending this again, I have forgotten about the second mail address 
> specific to this bug.]

That looks okay at first glance. (fwiw, you don't need to be root to run
the gpg command).

Please could you also send the output of "ls
-ltr /etc/apt/trusted.gpg.d/" on the affected machine?

Regards,

Adam

Bug#855970: [debian-archive-keyring] The release repository of testing (Stretch), and security updates repository too, have three misiing public keys

[Łukasz Konieczny]

Output of the command in attached file. Seems like everything OK. I 
don't know what happens.


[I'm sending this again, I have forgotten about the second mail address 
specific to this bug.]



panlukasz@BlackMachine:~$ su
Hasło: 
root@BlackMachine:panlukasz# gpg --keyring 
/usr/share/keyrings/debian-archive-keyring.gpg --list-keys 8B48AD6246925553
pub   rsa4096 2012-04-27 [SC] [expires: 2020-04-25]
  A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553
uid   [ unknown] Debian Archive Automatic Signing Key (7.0/wheezy) 


pub   rsa4096 2012-04-27 [SC] [expires: 2020-04-25]
  A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553
uid   [ unknown] Debian Archive Automatic Signing Key (7.0/wheezy) 


root@BlackMachine:panlukasz# 


























   

   

   

Bug#855970: [debian-archive-keyring] The release repository of testing (Stretch), and security updates repository too, have three misiing public keys

[Adam D. Barratt]

Control: severity -1 normal
Control: tags -1 -security +moreinfo

On Thu, 2017-02-23 at 22:30 +0100, Łukasz Konieczny wrote:
> Package: debian-archive-keyring
> Version: 2014.3
> Severity: serious
> Tags: security
> X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
> 
> --- Please enter the report below this line. ---
> The release repository of testing (Stretch), and security updates 
> repository too, have three misiing public keys. Terminal output of 
> apt-get update is attached to this mail. Some text is in Polish language.

The keys are certainly in the package, so I'm not sure why your apt
isn't seeing them.

What does

gpg --keyring /usr/share/keyrings/debian-archive-keyring.gpg --list-keys 
8B48AD6246925553

produce on your system?

Regards,

Adam

Bug#855970: [debian-archive-keyring] The release repository of testing (Stretch), and security updates repository too, have three misiing public keys

[Łukasz Konieczny]

Package: debian-archive-keyring
Version: 2014.3
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org

--- Please enter the report below this line. ---
The release repository of testing (Stretch), and security updates 
repository too, have three misiing public keys. Terminal output of 
apt-get update is attached to this mail. Some text is in Polish language.


--- System information. ---
Architecture:
Kernel: Linux 4.9.0-1-amd64

Debian Release: 9.0
500 testing ftp.pl.debian.org

--- Package information. ---
Depends (Version) | Installed
==-+-===
gpgv | 2.1.18-3


Recommends (Version) | Installed
=-+-===
gnupg | 2.1.18-3


Package's Suggests field is empty.
root@BlackMachine:Pobrane# apt-get update
Pobieranie:1 http://ftp.pl.debian.org/debian stretch InRelease [184 kB]
Pobieranie:2 http://security.debian.org/debian-security stretch/updates 
InRelease [62,9 kB]
Ign:1 http://ftp.pl.debian.org/debian stretch InRelease   
Ign:2 http://security.debian.org/debian-security stretch/updates InRelease
Pobrano 247 kB w 0s (325 kB/s)
Czytanie list pakietów... Gotowe
W: Błąd GPG: http://ftp.pl.debian.org/debian stretch InRelease: Następujące 
podpisy nie mogły zostać zweryfikowane z powodu braku klucza publicznego: 
NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: The repository 'http://ftp.pl.debian.org/debian stretch InRelease' is not 
signed.
N: Data from such a repository can't be authenticated and is therefore 
potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration 
details.
W: Błąd GPG: http://security.debian.org/debian-security stretch/updates 
InRelease: Następujące podpisy nie mogły zostać zweryfikowane z powodu braku 
klucza publicznego: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
W: The repository 'http://security.debian.org/debian-security stretch/updates 
InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore 
potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration 
details.
root@BlackMachine:Pobrane#