Re: debian11 early - apt-get update - At least one invalid signature was encountered
On Sun, Aug 15, 2021 at 08:24:13AM +0200, john doe wrote: > The below assumes that 'sources.list' is set only for bullseye > > Some hints more than an answer: > - Try to remove the gpg keys in '/etc/apt' directory. > - Try to remove the Debian apt-keyring pkg ('$ apt-get --autoremove > purge > $ apt-get update && apt-get full-upgrade > > P.S. > > I would first try the first step and see how it goes > > -- > John Doe Thanks, but removing keys from /etc/apt/trusted.gpg.d didn't help. There is no apt-keyring package. And I couldn't bring myself to uninstall the debian-archive-keyring package because I assumed that would make it impossible to ever install anything ever again. There was an old debian-keyring package that I removed. But nothing helped. Never mind. On another VM with the same sized disk, an upgrade of a fresh debian-10 install got past that point happily, but then ran out of disk when it got to the kernel. So it probably wouldn't have worked anyway (but 1GB spare should have been enough). Another VM with double the disk upgraded fine. And the important VM that matters upgraded fine as well. So it's OK now. Although bind9 crashed in a heap and dumped core and couldn't run, as soon as I got it to DNSSEC-sign all my zones. I wasn't expecting bind9 to crash immediately on debian stable! And it overwrote my carefully crafted and documented zonefiles. I wasn't expecting that either (having read all the documentation on the subject). But that's a discussion for a different mailing list, unless someone here knows what the crashing is about (bind9-9.16.15 + DNSSEC = firetrucks and sirens). :-) I hope I won't have to wait too long for bind9-9.16.19. cheers, raf
Re: debian11 early - apt-get update - At least one invalid signature was encountered
On 8/15/2021 3:46 AM, raf wrote: Hi, Firstly, many thanks for debian-11. I've been looking forward to the newer bind9 and its dnssec-policy finally making it trivial to implement DNSSEC on a stable system. Yay! My problem: A day or two ago, I tried to upgrade to debian-11 on a little VM on my laptop and I've run into a problem. I know it wasn't official yet, but I thought I could get away with it. And I wanted to have done it once before upgrading a more important VM. But I would like to get this VM unbroken as well. I wasn't as careful as usual with it (I didn't do the backups mentioned in Release Notes section 4.1.1) but I'm not sure if that would have helped. I added the new the bullseye details to /etc/apt/sources.list but I didn't comment out the existing buster details at the same time. I think that might have been my mistake. Then, I did apt update and got GPG invalid signature errors. And I still get them when I only have the buster details in sources.list and when I only have the bullseye details there. But before, everything was fine. With buster only: deb http://ftp.au.debian.org/debian/ buster main deb-src http://ftp.au.debian.org/debian/ buster main deb http://security.debian.org/debian-security buster/updates main deb-src http://security.debian.org/debian-security buster/updates main deb http://ftp.au.debian.org/debian/ buster-updates main deb-src http://ftp.au.debian.org/debian/ buster-updates main apt update looks like this: Err:1 http://security.debian.org/debian-security buster/updates InRelease At least one invalid signature was encountered. Get:2 http://ftp.au.debian.org/debian buster InRelease [122 kB] Get:3 http://ftp.au.debian.org/debian buster-updates InRelease [51.9 kB] Err:2 http://ftp.au.debian.org/debian buster InRelease At least one invalid signature was encountered. Err:3 http://ftp.au.debian.org/debian buster-updates InRelease At least one invalid signature was encountered. Fetched 174 kB in 0s (452 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 2 packages can be upgraded. Run 'apt list --upgradable' to see them. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security buster/updates InRelease: At least one invalid signature was encountered. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.au.debian.org/debian buster InRelease: At least one invalid signature was encountered. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.au.debian.org/debian buster-updates InRelease: At least one invalid signature was encountered. W: Failed to fetch http://ftp.au.debian.org/debian/dists/buster/InRelease At least one invalid signature was encountered. W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease At least one invalid signature was encountered. W: Failed to fetch http://ftp.au.debian.org/debian/dists/buster-updates/InRelease At least one invalid signature was encountered. W: Some index files failed to download. They have been ignored, or old ones used instead. With bullseye only: deb http://ftp.au.debian.org/debian/ bullseye main contrib non-free deb-src http://ftp.au.debian.org/debian/ bullseye main contrib non-free deb http://security.debian.org/debian-security bullseye-security main contrib non-free deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free deb http://ftp.au.debian.org/debian/ bullseye-updates main contrib non-free deb-src http://ftp.au.debian.org/debian/ bullseye-updates main contrib non-free apt update looks like: Get:1 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB] Err:1 http://security.debian.org/debian-security bullseye-security InRelease At least one invalid signature was encountered. Get:2 http://ftp.au.debian.org/debian bullseye InRelease [113 kB] Get:3 http://ftp.au.debian.org/debian bullseye-updates InRelease [40.1 kB] Err:2 http://ftp.au.debian.org/debian bullseye InRelease At least one invalid signature was encountered. Err:3 http://ftp.au.debian.org/debian bullseye-updates InRelease At least one invalid signature was encountered. Fetched 153 kB in 0s (448 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 1416 packages can be upgraded. Run 'apt list --upgradable' to see them. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error:
debian11 early - apt-get update - At least one invalid signature was encountered
Hi, Firstly, many thanks for debian-11. I've been looking forward to the newer bind9 and its dnssec-policy finally making it trivial to implement DNSSEC on a stable system. Yay! My problem: A day or two ago, I tried to upgrade to debian-11 on a little VM on my laptop and I've run into a problem. I know it wasn't official yet, but I thought I could get away with it. And I wanted to have done it once before upgrading a more important VM. But I would like to get this VM unbroken as well. I wasn't as careful as usual with it (I didn't do the backups mentioned in Release Notes section 4.1.1) but I'm not sure if that would have helped. I added the new the bullseye details to /etc/apt/sources.list but I didn't comment out the existing buster details at the same time. I think that might have been my mistake. Then, I did apt update and got GPG invalid signature errors. And I still get them when I only have the buster details in sources.list and when I only have the bullseye details there. But before, everything was fine. With buster only: deb http://ftp.au.debian.org/debian/ buster main deb-src http://ftp.au.debian.org/debian/ buster main deb http://security.debian.org/debian-security buster/updates main deb-src http://security.debian.org/debian-security buster/updates main deb http://ftp.au.debian.org/debian/ buster-updates main deb-src http://ftp.au.debian.org/debian/ buster-updates main apt update looks like this: Err:1 http://security.debian.org/debian-security buster/updates InRelease At least one invalid signature was encountered. Get:2 http://ftp.au.debian.org/debian buster InRelease [122 kB] Get:3 http://ftp.au.debian.org/debian buster-updates InRelease [51.9 kB] Err:2 http://ftp.au.debian.org/debian buster InRelease At least one invalid signature was encountered. Err:3 http://ftp.au.debian.org/debian buster-updates InRelease At least one invalid signature was encountered. Fetched 174 kB in 0s (452 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 2 packages can be upgraded. Run 'apt list --upgradable' to see them. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security buster/updates InRelease: At least one invalid signature was encountered. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.au.debian.org/debian buster InRelease: At least one invalid signature was encountered. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.au.debian.org/debian buster-updates InRelease: At least one invalid signature was encountered. W: Failed to fetch http://ftp.au.debian.org/debian/dists/buster/InRelease At least one invalid signature was encountered. W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease At least one invalid signature was encountered. W: Failed to fetch http://ftp.au.debian.org/debian/dists/buster-updates/InRelease At least one invalid signature was encountered. W: Some index files failed to download. They have been ignored, or old ones used instead. With bullseye only: deb http://ftp.au.debian.org/debian/ bullseye main contrib non-free deb-src http://ftp.au.debian.org/debian/ bullseye main contrib non-free deb http://security.debian.org/debian-security bullseye-security main contrib non-free deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free deb http://ftp.au.debian.org/debian/ bullseye-updates main contrib non-free deb-src http://ftp.au.debian.org/debian/ bullseye-updates main contrib non-free apt update looks like: Get:1 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB] Err:1 http://security.debian.org/debian-security bullseye-security InRelease At least one invalid signature was encountered. Get:2 http://ftp.au.debian.org/debian bullseye InRelease [113 kB] Get:3 http://ftp.au.debian.org/debian bullseye-updates InRelease [40.1 kB] Err:2 http://ftp.au.debian.org/debian bullseye InRelease At least one invalid signature was encountered. Err:3 http://ftp.au.debian.org/debian bullseye-updates InRelease At least one invalid signature was encountered. Fetched 153 kB in 0s (448 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 1416 packages can be upgraded. Run 'apt list --upgradable' to see them. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security bullseye-security InRelease: At least one invalid signature was