After upgrading aptly to newest version (0.9.7), the error disappear.
The only changes I noticed are the inclusion of the SHA512 sums in the files
and the creation of the content-arch.gz
Original Message
Subject: apt-secure / apt-get update gpg signature invalid
Local Time: January 13, 2017 9:57 AM
UTC Time: January 13, 2017 8:57 AM
From: cont...@arkade.info
To: debian-user@lists.debian.org <debian-user@lists.debian.org>
Hello,
After setting up a new apt repository with aptly, signing the repository and
adding the public gpg key to the apt keyring, I encounter a failure during the
`apt update` command:
Err:3 http://#REPO_URL#/#NAME# #DISTRIBUTION# InRelease The following
signatures were invalid: #KEY_ID# Hit:4 http://apt.postgresql.org/pub/repos/apt
sid-pgdg InRelease Reading package lists... Done W: GPG error:
http://#REPO_URL#/#NAME# #DISTRIBUTION# InRelease: The following signatures
were invalid: #KEY_ID# E: The repository 'http://#REPO_URL#/#NAME#
#DISTRIBUTION# InRelease' is not signed. N: Updating from such a repository
can't be done securely, and is therefore disabled by default. N: See
apt-secure(8) manpage for repository creation and user configuration details.
And yet the signature and the gpg keys are good. I succeed to verify the gpg
signature on the InRelease file:
curl http://#REPO_URL#/InRelease | gpg --keyring /etc/apt/trusted.gpg --verify
gpg: Signature made Wed 11 Jan 2017 04:01:23 PM CET gpg: using RSA key #KEY_ID#
gpg: Good signature from "#DESCRIPTION_GPG_KEY#" [unknown] gpg: WARNING: This
key is not certified with a trusted signature! gpg: There is no indication that
the signature belongs to the owner. Primary key fingerprint:
#GOOD_KEY_FINGERPRINT#
I also verified the Release and Release.gpg file and they seem correct to me.
I tried to find what's done during the apt update with a strace -o /tmp/strace
-ff apt update then grep:
grep 'apt.*key' ./strace* ./strace.29829:execve("/usr/bin/apt-key",
["/usr/bin/apt-key", "--quiet", "--readonly", "verify", "--status-fd", "3",
"/tmp/apt.sig.ORUwxh", "/tmp/apt.data.kKXyrN"], [/* 28 vars */]) = 0
./strace.29829:open("/usr/bin/apt-key", O_RDONLY) = 4
./strace.29888:execve("/usr/bin/apt-key", ["/usr/bin/apt-key", "--quiet",
"--readonly", "verify", "--status-fd", "3", "/tmp/apt.sig.utRWBD",
"/tmp/apt.data.Fo1Lka"], [/* 28 vars */]) = 0
./strace.29888:open("/usr/bin/apt-key", O_RDONLY) = 4
./strace.29947:execve("/usr/bin/apt-key", ["/usr/bin/apt-key", "--quiet",
"--readonly", "verify", "--status-fd", "3", "/tmp/apt.sig.ug6xiV",
"/tmp/apt.data.Yv4zFs"], [/* 28 vars */]) = 0
./strace.29947:open("/usr/bin/apt-key", O_RDONLY) = 4
./strace.30006:execve("/usr/bin/apt-key", ["/usr/bin/apt-key", "--quiet",
"--readonly", "verify", "--status-fd", "3", "/tmp/apt.sig.QSyrCg",
"/tmp/apt.data.LK9DGO"], [/* 28 vars */]) = 0
./strace.30006:open("/usr/bin/apt-key", O_RDONLY) = 4
How can I debug and fix this error?
Thanks