Re: Missing public keys in aptitude
Hello Daniel B. ([EMAIL PROTECTED]) wrote: Florian Kulzer wrote: David Kirchner wrote: On 2/2/06, Andreas Janssen [EMAIL PROTECTED] wrote: man apt-secure, man apt-key Neither are found on my Sarge install, and I don't see them in aptitude. Probably because you use Sarge, and apt in Sarge doesn't check the GPG signatures of the Release files. It only checks the md5sums of the Package files (which are stored in the Release file). If you use Sarge (without backported apt from somewhere else!), this problem shouldn'd occur, because not only apt-key, but the whole GPG stuff is not implemented in your apt. debmirror seems to be a different issue, however. It looks like debmirror from Sarge /does/ check GPG signatures, and you probably can solve the problem by importing the matching keys using gpg. Install the 2006 archive signing key. This has been explained plenty of times on the list, search the archive if you need a longer explanation. I've been watching the list, reading most of these threads. I've seen plenty of people having trouble with it but few solutions. Can you send a link to the archived post that includes a solution? The original message by Joey Hess: http://lists.debian.org/debian-user/2006/01/msg00291.html That is not a link that includes a solution--that message says to use the command apt-key, which, as David pointed out, does not exist in Sarge. David also didn't say /he/ had the problem. By the way, if you take a closer look, you will see that the OP in the thread mentioned above uses unstable. best regards Andreas Janssen -- Andreas Janssen [EMAIL PROTECTED] PGP-Key-ID: 0xDC801674 ICQ #17079270 Registered Linux User #267976 http://www.andreas-janssen.de/debian-tipps-sarge.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Missing public keys in aptitude
Andreas Janssen wrote: ...If you use Sarge (without backported apt from somewhere else!), this problem shouldn'd occur, because not only apt-key, but the whole GPG stuff is not implemented in your apt. debmirror seems to be a different issue, however. It looks like debmirror from Sarge /does/ check GPG signatures, and you probably can solve the problem by importing the matching keys using gpg. Oh, okay. Can you point me to how to import keys into gpg (e.g., which commands man page/info page/etc says how to import and maybe how debmirror might be querying gpg for the key)? Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Missing public keys in aptitude
On Fri, Feb 03, 2006 at 10:46:49AM -0500, Daniel B. wrote : Oh, okay. Can you point me to how to import keys into gpg (e.g., which commands man page/info page/etc says how to import and maybe how debmirror might be querying gpg for the key)? # Install debian key # Solution 1 - from pgp key server gpg --keyserver wwwkeys.eu.pgp.net --recv-keys keyid gpg --armor --export keyid | apt-key add - # Solution 2 - from debian server wget http://ftp-master.debian.org/ziyi_key_2005.asc -O - | apt-key add - wget http://ftp-master.debian.org/ziyi_key_2006.asc -O - | apt-key add - Regards -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Missing public keys in aptitude
Yann Lejeune wrote: On Fri, Feb 03, 2006 at 10:46:49AM -0500, Daniel B. wrote : Oh, okay. Can you point me to how to import keys into gpg (e.g., which commands man page/info page/etc says how to import and maybe how debmirror might be querying gpg for the key)? # Install debian key # Solution 1 - from pgp key server gpg --keyserver wwwkeys.eu.pgp.net --recv-keys keyid gpg --armor --export keyid | apt-key add - # Solution 2 - from debian server wget http://ftp-master.debian.org/ziyi_key_2005.asc -O - | apt-key add - wget http://ftp-master.debian.org/ziyi_key_2006.asc -O - | apt-key add - Regards I think that these things don't work for the people using Sarge and debmirror; at least that is the impression I got from the reaction to my earlier post. (The fact that this question was inserted into a thread about aptitude in Sid makes it more difficult to give an appropriate answer, of course.) So let me try again: It seems to me (man debmirror, search for key) that debmirror expects to find the archive signing key in the public keyring of the user which runs it, i.e. ~/.gnupg/pubring.gpg Therefore I think it will be enough to import the signing key with gpg: gpg --keyserver keyring.debian.org --recv-keys 2D230C5F (with 2D230C5F being the key ID of the 2006 archive signing key), as long as you run this command as the same user who will later run debmirror. I hope this works. Regards, Florian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Missing public keys in aptitude - SOLVED (Sarge debmirror case)
Florian Kulzer wrote: Yann Lejeune wrote: ... ... gpg --armor --export keyid | apt-key add - ... wget http://ftp-master.debian.org/ziyi_key_2005.asc -O - | apt-key add - wget http://ftp-master.debian.org/ziyi_key_2006.asc -O - | apt-key add - ... I think that these things don't work for the people using Sarge and debmirror; ... Right -- apt-key does not (seem to) exist in Sarge. (The fact that this question was inserted into a thread about aptitude in Sid makes it more difficult to give an appropriate answer, of course.) (Yeah, it does seem to have jumped from my debmirror-in-sarge thread to this one.) So let me try again: It seems to me (man debmirror, search for key) that debmirror expects to find the archive signing key in the public keyring of the user which runs it, i.e. ~/.gnupg/pubring.gpg Therefore I think it will be enough to import the signing key with gpg: gpg --keyserver keyring.debian.org --recv-keys 2D230C5F (with 2D230C5F being the key ID of the 2006 archive signing key), as long as you run this command as the same user who will later run debmirror. I hope this works. Yes, that seems to have worked (with the modification that for Sarge it's the key with ID 4F368D5D (Debian Archive Automatic Signing Key (2005) [EMAIL PROTECTED]). When will I need to get a new key (regarding Sarge)? For example, if/when 3.1r2 is created, will its Release.gpg file be signed using the 2005 key (the key that was current when Sarge was first released (3.1r0)), or will it be signed using the key that is current when 3.1r2 is released? Thanks, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Missing public keys in aptitude - SOLVED (Sarge debmirror case)
Daniel Barclay wrote: Florian Kulzer wrote: [...] Therefore I think it will be enough to import the signing key with gpg: gpg --keyserver keyring.debian.org --recv-keys 2D230C5F (with 2D230C5F being the key ID of the 2006 archive signing key), as long as you run this command as the same user who will later run debmirror. I hope this works. Yes, that seems to have worked (with the modification that for Sarge it's the key with ID 4F368D5D (Debian Archive Automatic Signing Key (2005) [EMAIL PROTECTED]). Thanks for pointing that out. I had not even considered that the 2005 key might also be missing. An important thing to keep in mind if somebody asks that question again - which will probably happen in a few days ;) When will I need to get a new key (regarding Sarge)? For example, if/when 3.1r2 is created, will its Release.gpg file be signed using the 2005 key (the key that was current when Sarge was first released (3.1r0)), or will it be signed using the key that is current when 3.1r2 is released? As far as I understand it, the signing process is automated, therefore I would expect that all new security updates to Sarge will be signed with the 2006 archive key. Furthermore, the 2005 key expired 3 days ago. If Etch is released as planned then the next key update will be handled automatically in January 2007 (using the 2006 key to validate the new 2007 key). Regards, Florian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Missing public keys in aptitude
When I update package list (with u) in aptitude I get a lot of error like: GPG error http://ftp.debian.org the following signatures have not been verified because the public key is not available NO_PUBKEY some numbers I read something about apt-secure, but I didn't fin the aswer... What shall I do to fix this problem? Thnx PAolo -- if you have a minute to spend pleas visit my photogrphy site: http://mypic.altervista.org
Re: Missing public keys in aptitude
On Thu, Feb 02, 2006 at 03:56:45PM +0100, Paolo Pantaleo wrote: When I update package list (with u) in aptitude I get a lot of error like: GPG error http://ftp.debian.org the following signatures have not been verified because the public key is not available NO_PUBKEY some numbers I read something about apt-secure, but I didn't fin the aswer... What shall I do to fix this problem? Lot's of people are reporting problems with the keys. First step would be to check that the package debian-keyring is installed. If that doesn't solve it search the archives for the last few days. /M -- Magnus Therning(OpenPGP: 0xAB4DFBA4) [EMAIL PROTECTED] http://therning.org/magnus Software is not manufactured, it is something you write and publish. Keep Europe free from software patents, we do not want censorship by patent law on written works. Do not meddle in the affairs of Wizards, for they are subtle and quick to anger. -- J.R.R Tolkien pgpJXXmyRK2K2.pgp Description: PGP signature
Re: Missing public keys in aptitude
Hello Paolo Pantaleo ([EMAIL PROTECTED]) wrote: When I update package list (with u) in aptitude I get a lot of error like: GPG error http://ftp.debian.org the following signatures have not been verified because the public key is not available NO_PUBKEY some numbers I read something about apt-secure, but I didn't fin the aswer... What shall I do to fix this problem? man apt-secure, man apt-key Install the 2006 archive signing key. This has been explained plenty of times on the list, search the archive if you need a longer explanation. best regards Andreas Janssen -- Andreas Janssen [EMAIL PROTECTED] PGP-Key-ID: 0xDC801674 ICQ #17079270 Registered Linux User #267976 http://www.andreas-janssen.de/debian-tipps-sarge.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Missing public keys in aptitude
On 2/2/06, Andreas Janssen [EMAIL PROTECTED] wrote: man apt-secure, man apt-key Neither are found on my Sarge install, and I don't see them in aptitude. Install the 2006 archive signing key. This has been explained plenty of times on the list, search the archive if you need a longer explanation. I've been watching the list, reading most of these threads. I've seen plenty of people having trouble with it but few solutions. Can you send a link to the archived post that includes a solution?
Re: Missing public keys in aptitude
David Kirchner wrote: On 2/2/06, Andreas Janssen [EMAIL PROTECTED] wrote: man apt-secure, man apt-key Neither are found on my Sarge install, and I don't see them in aptitude. Install the 2006 archive signing key. This has been explained plenty of times on the list, search the archive if you need a longer explanation. I've been watching the list, reading most of these threads. I've seen plenty of people having trouble with it but few solutions. Can you send a link to the archived post that includes a solution? The original message by Joey Hess: http://lists.debian.org/debian-user/2006/01/msg00291.html If this procedure does not work for you then you might have to switch temporarily to another Debian mirror. (There were complaints a few days ago that some of the mirrors were not fully synchronized or something, which seems to cause additional problems with the signatures.) Regards, Florian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Missing public keys in aptitude
Florian Kulzer wrote: David Kirchner wrote: On 2/2/06, Andreas Janssen [EMAIL PROTECTED] wrote: man apt-secure, man apt-key Neither are found on my Sarge install, and I don't see them in aptitude. Install the 2006 archive signing key. This has been explained plenty of times on the list, search the archive if you need a longer explanation. I've been watching the list, reading most of these threads. I've seen plenty of people having trouble with it but few solutions. Can you send a link to the archived post that includes a solution? The original message by Joey Hess: http://lists.debian.org/debian-user/2006/01/msg00291.html That is not a link that includes a solution--that message says to use the command apt-key, which, as David pointed out, does not exist in Sarge. Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]