Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!
Joel Rees wrote: On Fri, Apr 18, 2014 at 1:02 AM, Richard Owlett rowl...@cloud85.net mailto:rowl...@cloud85.net wrote: Joel Rees wrote: On Wed, Apr 16, 2014 at 11:49 PM, Richard Owlett rowl...@cloud85.net mailto:rowl...@cloud85.net mailto:rowl...@cloud85.net mailto:rowl...@cloud85.net wrote: Richard Owlett wrote: [SNIP] [...] root@debian:/home/richard# apt-get install pforth pforth? Mind if I ask why? *LOL* not the part of my post for which I expected a comment. Primarily I needed an easily remembered package that wouldn't be on any of my test installs. I've been interested in FORTH since CPM-80 days. [...] The reason I ask is that doing an apt-get source or install of gforth does not produce any complaints about unrecognized signatures. I wonder why Garbee would have signed pforth himself. I only looked a little ways around, but the key does seem to be his. Maybe it has to do with where pforth is hosted. Did you get similar complaints from anything else? Yes. When I did a spot check to confirm Andrei's suggestion re /etc/apt/apt.conf.d/00trustcdrom APT::Authentication::TrustCDROM true; I saw the problem installing ed. I was using Squeeze 6.0.5 for my tests. I have (but not yet installed) Wheezy 7.1 DVDs. I have a laptop set aside for potentially destructive self education. It's very cluttered at the moment. I plan to repartition and reinstall everything this weekend. I'll then have a test platform for both Squeeze and Wheezy. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53525797.1050...@cloud85.net
Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!
Andrei POPESCU wrote: On Vi, 18 apr 14, 11:08:42, Richard Owlett wrote: Andrei POPESCU wrote: On Jo, 17 apr 14, 11:15:00, Richard Owlett wrote: Yeah BUT ;( I get NO errors or warnings when apt-get uses the physical DVDs from which the loop mounted iso's were created. /etc/apt/apt.conf.d/00trustcdrom: APT::Authentication::TrustCDROM true; Changing that true to false makes loading from the physical DVDs act the same as loading from the loop mounted ISO images. Not elegant nor 'satisfactory', but at least consistent. Is there some documentation on signing aimed at the end-user rather than package creators. I know I'm missing something - just don't know what ;/ Here's what I use: #!/bin/sh # This part generates the minimum necessary files # for an apt repository. # Assumptions: # - this script is run in the directory with packages # - apt-ftparchive is installed (package apt-utils) # - you have a GPG key (the default key is used) # apt seems to require both, even if only one is used apt-ftparchive packages ./ Packages apt-ftparchive packages ./ | gzip Packages.gz apt-ftparchive release ./ Release sudo -u amp gpg --armor --detach-sign --sign --output Release.gpg Release # a sources.list line should look like this # deb file:/directory/with/debs ./ Hope this helps, Andrei Yes - but probably not in the way you expected ;) I started deciphering what your script with aid of man pages. Thus found reference to GNU Privacy Guard. In my reading I had seen lots of abbreviations and acronyms - but never that title *ROFL* What I'm looking for will be one of the many HOWTO's on that subject. Looks like I have at least a week's worth of reading to do. Thank you. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53528814.5000...@cloud85.net
Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!
On Jo, 17 apr 14, 11:15:00, Richard Owlett wrote: Yeah BUT ;( I get NO errors or warnings when apt-get uses the physical DVDs from which the loop mounted iso's were created. /etc/apt/apt.conf.d/00trustcdrom: APT::Authentication::TrustCDROM true; Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!
On Fri, Apr 18, 2014 at 11:39:35AM +0300, Andrei POPESCU wrote: On Jo, 17 apr 14, 11:15:00, Richard Owlett wrote: Yeah BUT ;( I get NO errors or warnings when apt-get uses the physical DVDs from which the loop mounted iso's were created. /etc/apt/apt.conf.d/00trustcdrom: APT::Authentication::TrustCDROM true; What the man said. apt uses 'clever' hack to workaround this in case you're using cdrom: entry in sources.list. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140418125402.GA26676@x101h
Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!
On Fri, Apr 18, 2014 at 1:02 AM, Richard Owlett rowl...@cloud85.net wrote: Joel Rees wrote: On Wed, Apr 16, 2014 at 11:49 PM, Richard Owlett rowl...@cloud85.net mailto:rowl...@cloud85.net wrote: Richard Owlett wrote: [SNIP] [...] root@debian:/home/richard# apt-get install pforth pforth? Mind if I ask why? *LOL* not the part of my post for which I expected a comment. Primarily I needed an easily remembered package that wouldn't be on any of my test installs. I've been interested in FORTH since CPM-80 days. [...] The reason I ask is that doing an apt-get source or install of gforth does not produce any complaints about unrecognized signatures. I wonder why Garbee would have signed pforth himself. I only looked a little ways around, but the key does seem to be his. Maybe it has to do with where pforth is hosted. Did you get similar complaints from anything else? -- Joel Rees Be careful where you see conspiracy. Look first in your own heart.
Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!
Andrei POPESCU wrote: On Jo, 17 apr 14, 11:15:00, Richard Owlett wrote: Yeah BUT ;( I get NO errors or warnings when apt-get uses the physical DVDs from which the loop mounted iso's were created. /etc/apt/apt.conf.d/00trustcdrom: APT::Authentication::TrustCDROM true; Changing that true to false makes loading from the physical DVDs act the same as loading from the loop mounted ISO images. Not elegant nor 'satisfactory', but at least consistent. Is there some documentation on signing aimed at the end-user rather than package creators. I know I'm missing something - just don't know what ;/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53514e0a.6040...@cloud85.net
Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!
On Vi, 18 apr 14, 11:08:42, Richard Owlett wrote: Andrei POPESCU wrote: On Jo, 17 apr 14, 11:15:00, Richard Owlett wrote: Yeah BUT ;( I get NO errors or warnings when apt-get uses the physical DVDs from which the loop mounted iso's were created. /etc/apt/apt.conf.d/00trustcdrom: APT::Authentication::TrustCDROM true; Changing that true to false makes loading from the physical DVDs act the same as loading from the loop mounted ISO images. Not elegant nor 'satisfactory', but at least consistent. Is there some documentation on signing aimed at the end-user rather than package creators. I know I'm missing something - just don't know what ;/ Here's what I use: #!/bin/sh # This part generates the minimum necessary files # for an apt repository. # Assumptions: # - this script is run in the directory with packages # - apt-ftparchive is installed (package apt-utils) # - you have a GPG key (the default key is used) # apt seems to require both, even if only one is used apt-ftparchive packages ./ Packages apt-ftparchive packages ./ | gzip Packages.gz apt-ftparchive release ./ Release sudo -u amp gpg --armor --detach-sign --sign --output Release.gpg Release # a sources.list line should look like this # deb file:/directory/with/debs ./ Hope this helps, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!
On Wed, Apr 16, 2014 at 11:49 PM, Richard Owlett rowl...@cloud85.netwrote: Richard Owlett wrote: [SNIP] [...] root@debian:/home/richard# apt-get install pforth pforth? Mind if I ask why? Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: pforth 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/81.2 kB of archives. After this operation, 291 kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! pforth Install these packages without verification [y/N]? E: Some packages could not be authenticated Yeah. I just installed pforth via synaptic without any messages that I noticed. (Didn't check the logs. Usually, synaptic will through a GUI flag up when you try to install stuff it doesn't know how to verify.) But when I grabbed the source with apt-get source, it told me what it's telling you there. But before it told me that, it told me it couldn't find the public key for the key ID F2CF-01A8. You might want to look around the internet for that root@debian:/home/richard# find /home/richard/tst/dvd1 -name 'debian-archive-keyring_*_all.deb' /home/richard/tst/dvd1/pool/main/d/debian-archive-keyring/ debian-archive-keyring_2010.08.28_all.deb root@debian:/home/richard# dpkg -i /home/richard/tst/dvd1/pool/ main/d/debian-archive-keyring/debian-archive-keyring_2010.08.28_all.deb (Reading database ... 116472 files and directories currently installed.) Preparing to replace debian-archive-keyring 2010.08.28 (using .../debian-archive-keyring_2010.08.28_all.deb) ... Unpacking replacement debian-archive-keyring ... Setting up debian-archive-keyring (2010.08.28) ... gpg: key F42584E6: Lenny Stable Release Key debian-release@lists.debian. org not changed gpg: key 55BE302B: Debian Archive Automatic Signing Key (5.0/lenny) ftpmas...@debian.org not changed gpg: key 6D849617: Debian-Volatile Archive Automatic Signing Key (5.0/lenny) not changed gpg: key B98321F9: Squeeze Stable Release Key debian-rele...@lists.debian.org not changed gpg: key 473041FA: Debian Archive Automatic Signing Key (6.0/squeeze) ftpmas...@debian.org not changed gpg: Total number processed: 5 gpg: unchanged: 5 This key does not seem to be a debian key? (Which raises some questions.) Anyway, the failure to authenticate is due to the missing public key. You could import the key, but you want to know how much you want to trust it before you do that. (So look around the 'net.) [...] Since I pulled down the source, I think I'll take a look at it over the weekend, see if I can tell anything from that. Maybe. -- Joel Rees Be careful where you see conspiracy. Look first in your own heart.
Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!
Hi. On Wed, Apr 16, 2014 at 09:49:23AM -0500, Richard Owlett wrote: root@debian:/home/richard# apt-get install pforth Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: pforth 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/81.2 kB of archives. After this operation, 291 kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! pforth Install these packages without verification [y/N]? E: Some packages could not be authenticated skip root@debian:/home/richard# apt-get update Ign file: squeeze Release.gpg Note those 'Ign' records for each ISO you're using. Debian doesn't sign packages per se, they sign whole repository with usual 'public key - private key' scheme. 'debian-keyring' package provides you with public keys, and of course private keys are kept, well, private. Apt (aptitude, synaptic, whatever tool you're using) will start to complain if: 1) Repository is signed with unknown or untrusted key. See 'apt-key list' output for the list of keys you're trusting. 2) Repository is signed with an expired key. Yes, each key have a lifetime. 3) Repository isn't signed at all. IIRC Debian does not sign the repository they put on 'Official CD's at all, hence this warning you're given. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140417154813.GA6579@x101h
Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!
Joel Rees wrote: On Wed, Apr 16, 2014 at 11:49 PM, Richard Owlett rowl...@cloud85.net mailto:rowl...@cloud85.net wrote: Richard Owlett wrote: [SNIP] [...] root@debian:/home/richard# apt-get install pforth pforth? Mind if I ask why? *LOL* not the part of my post for which I expected a comment. Primarily I needed an easily remembered package that wouldn't be on any of my test installs. I've been interested in FORTH since CPM-80 days. Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: pforth 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/81.2 kB of archives. After this operation, 291 kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! pforth Install these packages without verification [y/N]? E: Some packages could not be authenticated Yeah. I just installed pforth via synaptic without any messages that I noticed. (Didn't check the logs. Usually, synaptic will through a GUI flag up when you try to install stuff it doesn't know how to verify.) Prior to this test I had used Synaptic and got the equivalent error message. For documenting my problem using command line was simpler. But when I grabbed the source with apt-get source, it told me what it's telling you there. But before it told me that, it told me it couldn't find the public key for the key ID F2CF-01A8. You might want to look around the internet for that root@debian:/home/richard# find /home/richard/tst/dvd1 -name 'debian-archive-keyring_*_all.__deb' /home/richard/tst/dvd1/pool/__main/d/debian-archive-keyring/__debian-archive-keyring_2010.__08.28_all.deb root@debian:/home/richard# dpkg -i /home/richard/tst/dvd1/pool/__main/d/debian-archive-keyring/__debian-archive-keyring_2010.__08.28_all.deb (Reading database ... 116472 files and directories currently installed.) Preparing to replace debian-archive-keyring 2010.08.28 (using .../debian-archive-keyring___2010.08.28_all.deb) ... Unpacking replacement debian-archive-keyring ... Setting up debian-archive-keyring (2010.08.28) ... gpg: key F42584E6: Lenny Stable Release Key debian-release@lists.debian.__org mailto:debian-rele...@lists.debian.org not changed gpg: key 55BE302B: Debian Archive Automatic Signing Key (5.0/lenny) ftpmas...@debian.org mailto:ftpmas...@debian.org not changed gpg: key 6D849617: Debian-Volatile Archive Automatic Signing Key (5.0/lenny) not changed gpg: key B98321F9: Squeeze Stable Release Key debian-release@lists.debian.__org mailto:debian-rele...@lists.debian.org not changed gpg: key 473041FA: Debian Archive Automatic Signing Key (6.0/squeeze) ftpmas...@debian.org mailto:ftpmas...@debian.org not changed gpg: Total number processed: 5 gpg: unchanged: 5 This key does not seem to be a debian key? (Which raises some questions.) Anyway, the failure to authenticate is due to the missing public key. You could import the key, but you want to know how much you want to trust it before you do that. (So look around the 'net.) I started with a purchased set of Squeeze (6.0.5) DVDs as I'm on dialup. I have done multiple installs with that set without this problem appearing. The only difference is creating ISO files FROM the DVDs and then loop mounting to be the repository for the apt-get command. I'll have to go find the key and instructions for using it. But that would only be a work-a-round. The ISO file is an image of a WORKING DVD. [...] Since I pulled down the source, I think I'll take a look at it over the weekend, see if I can tell anything from that. Maybe. -- Joel Rees Be careful where you see conspiracy. Look first in your own heart. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/534ffb27.1030...@cloud85.net
Re: Repeatable apt-get WARNING: The following packages cannot be authenticated!
Reco wrote: Hi. On Wed, Apr 16, 2014 at 09:49:23AM -0500, Richard Owlett wrote: root@debian:/home/richard# apt-get install pforth Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: pforth 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/81.2 kB of archives. After this operation, 291 kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! pforth Install these packages without verification [y/N]? E: Some packages could not be authenticated skip root@debian:/home/richard# apt-get update Ign file: squeeze Release.gpg Note those 'Ign' records for each ISO you're using. Debian doesn't sign packages per se, they sign whole repository with usual 'public key - private key' scheme. 'debian-keyring' package provides you with public keys, and of course private keys are kept, well, private. Apt (aptitude, synaptic, whatever tool you're using) will start to complain if: 1) Repository is signed with unknown or untrusted key. See 'apt-key list' output for the list of keys you're trusting. 2) Repository is signed with an expired key. Yes, each key have a lifetime. 3) Repository isn't signed at all. IIRC Debian does not sign the repository they put on 'Official CD's at all, hence this warning you're given. Reco Yeah BUT ;( I get NO errors or warnings when apt-get uses the physical DVDs from which the loop mounted iso's were created. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/534ffe04.7070...@cloud85.net
Repeatable apt-get WARNING: The following packages cannot be authenticated!
Richard Owlett wrote:
[SNIP]
I will try to give enough detail that someone could duplicate
what I've done.
My environment:
1. Lenovo R61 ThinkPad with intentionally no network connectivity
2. 64 GB USB flash drive
3. Set of physical install DVDs (Debian 6.0.5 was all
available when I started)
4. A reasonably typical install of Squeeze using Gnome2 DE
My procedure:
1. Copy DVD 1 of 8 to beginning of flash drive using dd
2. Create an ext2 partition on remainder of drive using
Gparted, labeling it squeeze_dvds
3. Copy each of the 8 DVDs to that partition using dd
I now have files dvd1.iso thru dvd8.iso on that partition.
4. Create mount points with
mkdir /home/richard/tst/dvd1
thru
mkdir /home/richard/tst/dvd8
5. Loop mount the files with
mount -t iso9660 -o ro,loop /media/squeeze_dvds/dvd1.iso
/home/richard/tst/dvd1
thru
mount -t iso9660 -o ro,loop /media/squeeze_dvds/dvd8.iso
/home/richard/tst/dvd8
6. Replace contents of /etc/apt/sources.list with
deb file:/home/richard/tst/dvd1 squeeze contrib main
thru
deb file:/home/richard/tst/dvd7 squeeze contrib main
deb file:/home/richard/tst/dvd8 squeeze main
NOTE - {no contrib files exist on last DVD}
7. In Synaptic type Ctrl+R to reload package information
8. Install desired additional packages
*UNRESOLVED PROBLEM*
When marking a package as to install, a warning message is
triggered saying the package cannot be authenticated. I don't
understand. I assumed that by copying with dd all relevant
information would be available.
Google search not very useful. Lots of hits on the general
structure of repositories and creating personally signed private
repositories. Only fount one hit relevant to diagnosing error
message when repository is apparently fully legitimate clone of
official repo.
I found a thread titled How to use the debian installation iso
for installing packages using aptitude. The relevant diagnostic
suggestions began near end of
https://lists.debian.org/debian-user/2013/08/msg00554.html .
I found no indication that the problem was ever resolved.
Suggestions please.
Below is transcript of following suggestions from that and
subsequent posts.
*NOTE* I've inserted blank lines to make it more readable
root@debian:/home/richard# mount -t iso9660 -o ro,loop
/media/squeeze_dvds/dvd1.iso /home/richard/tst/dvd1
root@debian:/home/richard# mount -t iso9660 -o ro,loop
/media/squeeze_dvds/dvd2.iso /home/richard/tst/dvd2
root@debian:/home/richard# mount -t iso9660 -o ro,loop
/media/squeeze_dvds/dvd3.iso /home/richard/tst/dvd3
root@debian:/home/richard# mount -t iso9660 -o ro,loop
/media/squeeze_dvds/dvd4.iso /home/richard/tst/dvd4
root@debian:/home/richard# mount -t iso9660 -o ro,loop
/media/squeeze_dvds/dvd5.iso /home/richard/tst/dvd5
root@debian:/home/richard# mount -t iso9660 -o ro,loop
/media/squeeze_dvds/dvd6.iso /home/richard/tst/dvd6
root@debian:/home/richard# mount -t iso9660 -o ro,loop
/media/squeeze_dvds/dvd7.iso /home/richard/tst/dvd7
root@debian:/home/richard# mount -t iso9660 -o ro,loop
/media/squeeze_dvds/dvd8.iso /home/richard/tst/dvd8
root@debian:/home/richard# apt-get install pforth
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
pforth
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/81.2 kB of archives.
After this operation, 291 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
pforth
Install these packages without verification [y/N]?
E: Some packages could not be authenticated
root@debian:/home/richard# find /home/richard/tst/dvd1 -name
'debian-archive-keyring_*_all.deb'
/home/richard/tst/dvd1/pool/main/d/debian-archive-keyring/debian-archive-keyring_2010.08.28_all.deb
root@debian:/home/richard# dpkg -i
/home/richard/tst/dvd1/pool/main/d/debian-archive-keyring/debian-archive-keyring_2010.08.28_all.deb
(Reading database ... 116472 files and directories currently
installed.)
Preparing to replace debian-archive-keyring 2010.08.28 (using
.../debian-archive-keyring_2010.08.28_all.deb) ...
Unpacking replacement debian-archive-keyring ...
Setting up debian-archive-keyring (2010.08.28) ...
gpg: key F42584E6: Lenny Stable Release Key
debian-rele...@lists.debian.org not changed
gpg: key 55BE302B: Debian Archive Automatic Signing Key
(5.0/lenny) ftpmas...@debian.org not changed
gpg: key 6D849617: Debian-Volatile Archive Automatic Signing Key
(5.0/lenny) not changed
gpg: key B98321F9: Squeeze Stable Release Key
debian-rele...@lists.debian.org not changed
gpg: key 473041FA: Debian Archive Automatic Signing Key
(6.0/squeeze) ftpmas...@debian.org not changed
gpg: Total number processed: 5
gpg: unchanged: 5
root@debian:/home/richard# dpkg --status debian-archive-keyring
Package: debian
The following packages cannot be authenticated
I'm working on the development of the next version of Swift Linux (http://www.swiftlinux.org , http://github.com/swiftlinux). I'm now finding that when I try to add packages in a script with the apt-get install -y package command, I get an error messages WARNING: The following packages cannot be authenticated! and There are problems and -y was used without --force-yes. I know that I could add packages manually, but the two reasons not to are: 1. I'm using these apt-get install y package commands in scripts. 2. I know that I can use the --force-yes option, but is this actually safe? A Google search yields more information than I can understand, but it sounds like my authentication key is not up-to-date. How do I resolve this matter WITHOUT throwing security under the bus? -- Jason Hsu jhsu802...@jasonhsu.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110406192831.e0f72964.jhsu802...@jasonhsu.com
Re: The following packages cannot be authenticated
I'm not familiar with the SwiftLinux project. guess you'll have to manually update your keys. see this wiki page for instructions. http://wiki.debian.org/SecureApt Cheers, Tao -- http://huangtao.me/ http://www.google.com/profiles/UniIsland School of Mathematical Science, Peking University -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTinq4O8yP6=nopu1zesp22fr6jm...@mail.gmail.com
Custom repository and WARNING: The following packages cannot be authenticated!
Get:1 http://security.debian.org etch/updates Release.gpg [189B] Get:2 http://ftp.us.debian.org etch Release.gpg [189B] Hit http://security.debian.org etch/updates Release Hit http://ftp.us.debian.org etch Release Get:3 http://debian-multimedia.org etch Release.gpg [189B] Ign http://security.debian.org etch/updates/main Packages/DiffIndex Hit http://ftp.us.debian.org etch/main Packages/DiffIndex Ign http://security.debian.org etch/updates/contrib Packages/DiffIndex Ign http://security.debian.org etch/updates/non-free Packages/DiffIndex Hit http://debian-multimedia.org etch Release Hit http://ftp.us.debian.org etch/non-free Packages/DiffIndex Hit http://ftp.us.debian.org etch/contrib Packages/DiffIndex Hit http://ftp.us.debian.org etch/main Sources/DiffIndex Hit http://ftp.us.debian.org etch/non-free Sources/DiffIndex Hit http://ftp.us.debian.org etch/contrib Sources/DiffIndex Hit http://security.debian.org etch/updates/main Packages Hit http://security.debian.org etch/updates/contrib Packages Ign http://debian-multimedia.org etch/main Packages/DiffIndex Hit http://security.debian.org etch/updates/non-free Packages Hit http://debian-multimedia.org etch/main Packages Fetched 191B in 1s (140B/s) Reading package lists... Done The lines that read http://install1; are for my repository. Notice that apt-get does in fact (claim to) download my Release.gpg file. 5) But when I go to install a package from my repository, I get the following error: # apt-get install tiem-exim4-workstation-cfg Reading package lists... Done Building dependency tree... Done The following extra packages will be installed: tiem-exim4-common-cfg The following NEW packages will be installed: tiem-exim4-common-cfg tiem-exim4-workstation-cfg 0 upgraded, 2 newly installed, 0 to remove and 23 not upgraded. Need to get 0B/26.2kB of archives. After unpacking 258kB of additional disk space will be used. Do you want to continue [Y/n]? WARNING: The following packages cannot be authenticated! tiem-exim4-common-cfg tiem-exim4-workstation-cfg Install these packages without verification [y/N]? Some sources claim that running apt-get update will solve this problem, but it doesn't seem to make a difference for me. Can anyone see what I've got wrong? I totally don't understand... Thanks for your help, Michael peek -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: WARNING: The following packages cannot be authenticated!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/02/07 14:41, Ron Johnson wrote: On 02/02/07 14:06, Andrew Sackville-West wrote: On Fri, Feb 02, 2007 at 01:53:44PM -0600, Ron Johnson wrote: Hi, Running Sid. debian-archive-keyring is already the newest version, and nothing out of the ordinary seems expired. Attached is the output from apt-key. which package? I saw this from debian-multimedia a couple times in the last couple of days but it has since cleared up automagically... Every package I tried to upgrade. All from: ftp://mirrors.kernel.org unstable/main Well, it magically resolved itself. Now there are missing files, though. Seems there is an issue with this mirror. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFxNedS9HxQb37XmcRAqqDAJ0Sf9CriqQ7cKh3f3NeviQ763rCfgCdFo4b PFm7bTUHlW0ZpkWP+lBIrGM= =T7Ps -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: WARNING: The following packages cannot be authenticated!
On Sat, Feb 03, 2007 at 12:42:37PM -0600, Ron Johnson wrote: On 02/02/07 14:41, Ron Johnson wrote: On 02/02/07 14:06, Andrew Sackville-West wrote: On Fri, Feb 02, 2007 at 01:53:44PM -0600, Ron Johnson wrote: Hi, Running Sid. debian-archive-keyring is already the newest version, and nothing out of the ordinary seems expired. Attached is the output from apt-key. which package? I saw this from debian-multimedia a couple times in the last couple of days but it has since cleared up automagically... Every package I tried to upgrade. All from: ftp://mirrors.kernel.org unstable/main Well, it magically resolved itself. Now there are missing files, though. Seems there is an issue with this mirror. I've seen some mirrors issues too. especially with debian.midco.net. meh. who knows. sorry I can't help more. A signature.asc Description: Digital signature
WARNING: The following packages cannot be authenticated!
Hi, Running Sid. debian-archive-keyring is already the newest version, and nothing out of the ordinary seems expired. Attached is the output from apt-key. Googled around, but only see pages from June-2006. Have searched thru the last 4 months of d-u archives, but no joy. Anyone have a hint? TIA, Ron # apt-key update gpg: key 1DB114E0: Debian Archive Automatic Signing Key (2004) [EMAIL PROTECTED] not changed gpg: key 4F368D5D: Debian Archive Automatic Signing Key (2005) [EMAIL PROTECTED] not changed gpg: key B5F5BBED: Debian AMD64 Archive Key debian-amd64@lists.debian.org not changed gpg: key 2D230C5F: Debian Archive Automatic Signing Key (2006) [EMAIL PROTECTED] not changed gpg: key 6070D3A1: Debian Archive Automatic Signing Key (4.0/etch) [EMAIL PROTECTED] not changed gpg: Total number processed: 5 gpg: unchanged: 5 # apt-key list /etc/apt/trusted.gpg pub 1024R/1DB114E0 2004-01-15 [expired: 2005-01-27] uid Debian Archive Automatic Signing Key (2004) [EMAIL PROTECTED] pub 1024D/4F368D5D 2005-01-31 [expired: 2006-01-31] uid Debian Archive Automatic Signing Key (2005) [EMAIL PROTECTED] pub 2048R/C88CEDF6 2005-07-19 [expired: 2006-03-16] uid sigcpu.org Archive Signing Key (2005-2) [EMAIL PROTECTED] pub 1024D/1F41B907 1999-10-03 uid Christian Marillat [EMAIL PROTECTED] uid Christian Marillat [EMAIL PROTECTED] sub 1536g/C28DCC42 1999-10-03 sub 1024D/5D3877A7 2002-08-26 pub 1024D/2D230C5F 2006-01-03 [expires: 2007-02-07] uid Debian Archive Automatic Signing Key (2006) [EMAIL PROTECTED] pub 1024D/B5F5BBED 2005-04-24 uid Debian AMD64 Archive Key debian-amd64@lists.debian.org sub 2048g/34FC6FE5 2005-04-24 pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01] uid Debian Archive Automatic Signing Key (4.0/etch) [EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature
Re: WARNING: The following packages cannot be authenticated!
On Fri, Feb 02, 2007 at 01:53:44PM -0600, Ron Johnson wrote: Hi, Running Sid. debian-archive-keyring is already the newest version, and nothing out of the ordinary seems expired. Attached is the output from apt-key. which package? I saw this from debian-multimedia a couple times in the last couple of days but it has since cleared up automagically... A Googled around, but only see pages from June-2006. Have searched thru the last 4 months of d-u archives, but no joy. Anyone have a hint? TIA, Ron # apt-key update gpg: key 1DB114E0: Debian Archive Automatic Signing Key (2004) [EMAIL PROTECTED] not changed gpg: key 4F368D5D: Debian Archive Automatic Signing Key (2005) [EMAIL PROTECTED] not changed gpg: key B5F5BBED: Debian AMD64 Archive Key debian-amd64@lists.debian.org not changed gpg: key 2D230C5F: Debian Archive Automatic Signing Key (2006) [EMAIL PROTECTED] not changed gpg: key 6070D3A1: Debian Archive Automatic Signing Key (4.0/etch) [EMAIL PROTECTED] not changed gpg: Total number processed: 5 gpg: unchanged: 5 # apt-key list /etc/apt/trusted.gpg pub 1024R/1DB114E0 2004-01-15 [expired: 2005-01-27] uid Debian Archive Automatic Signing Key (2004) [EMAIL PROTECTED] pub 1024D/4F368D5D 2005-01-31 [expired: 2006-01-31] uid Debian Archive Automatic Signing Key (2005) [EMAIL PROTECTED] pub 2048R/C88CEDF6 2005-07-19 [expired: 2006-03-16] uid sigcpu.org Archive Signing Key (2005-2) [EMAIL PROTECTED] pub 1024D/1F41B907 1999-10-03 uid Christian Marillat [EMAIL PROTECTED] uid Christian Marillat [EMAIL PROTECTED] sub 1536g/C28DCC42 1999-10-03 sub 1024D/5D3877A7 2002-08-26 pub 1024D/2D230C5F 2006-01-03 [expires: 2007-02-07] uid Debian Archive Automatic Signing Key (2006) [EMAIL PROTECTED] pub 1024D/B5F5BBED 2005-04-24 uid Debian AMD64 Archive Key debian-amd64@lists.debian.org sub 2048g/34FC6FE5 2005-04-24 pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01] uid Debian Archive Automatic Signing Key (4.0/etch) [EMAIL PROTECTED] signature.asc Description: Digital signature
Re: WARNING: The following packages cannot be authenticated!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/02/07 14:06, Andrew Sackville-West wrote: On Fri, Feb 02, 2007 at 01:53:44PM -0600, Ron Johnson wrote: Hi, Running Sid. debian-archive-keyring is already the newest version, and nothing out of the ordinary seems expired. Attached is the output from apt-key. which package? I saw this from debian-multimedia a couple times in the last couple of days but it has since cleared up automagically... Every package I tried to upgrade. All from: ftp://mirrors.kernel.org unstable/main -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFw6IAS9HxQb37XmcRAqmdAKCvdHI7Ei9AzAq1wZYgfLR5lASjcACgwBFE 19kgrfHLfJZf9uGz3oUYar4= =0R6x -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
