Forum › Forums › New users › New Users and General Questions › apt update fails – repo not signed [solved]
- This topic has 28 replies, 7 voices, and was last updated Jan 8-8:51 pm by olsztyn.
-
AuthorPosts
-
January 7, 2021 at 10:11 pm #49292Member
olsztyn
::olsztyn, anticapitalista didn’t provide links to use in apt as a repository source, but for you to see the Release.gpg (that is the file which contains a string of characters that your system checks to see if the repo is signed). It is a PGP signature.
When apt check a repository, i compares the signature from the repo and the one saved in your system, to see if they match and to check if it has reached its “expiration date”.
The error seen by the thread OP is related to the GPG key not matching, not being found or for it reaching the expiration date.Thanks Xecure for this explanation. I did understand though that anti did not necessarily mean to switch repos to the ones he quoted. I just took these as an opportunity to test, relying on the fact they conform to the requirements of Synaptic, but also hoping these are more updated so I could use after some testing…
Post the output of inxi -r
$ inxi -r
Repos:
Active apt repos in: /etc/apt/sources.list
1: deb http://la.mxrepo.com/antix/buster/dists/buster/ buster main
Active apt repos in: /etc/apt/sources.list.d/antix.list
1: deb http://la.mxrepo.com/antix/buster/ buster main nonfree nosystemd
Active apt repos in: /etc/apt/sources.list.d/buster-backports.list
1: deb http://deb.debian.org/debian/ buster-backports main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list
1: deb http://ftp.us.debian.org/debian/ buster-updates main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/debian.list
1: deb http://ftp.us.debian.org/debian/ buster main contrib non-free
2: deb http://security.debian.org/ buster/updates main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/google-chrome.list
1: deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
Active apt repos in: /etc/apt/sources.list.d/google-earth-pro.list
1: deb [arch=amd64] http://dl.google.com/linux/earth/deb/ stable main
Active apt repos in: /etc/apt/sources.list.d/megasync.list
1: deb https://mega.nz/linux/MEGAsync/Debian_10.0/ ./
No active apt repos in: /etc/apt/sources.list.d/onion.list
No active apt repos in: /etc/apt/sources.list.d/various.list
demo@antix1:~Thanks again and best Regards…
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersJanuary 7, 2021 at 10:13 pm #49293Forum Admin
Dave
::timezone / clock issues?
Computers are like air conditioners. They work fine until you start opening Windows. ~Author Unknown
January 7, 2021 at 10:28 pm #49296Forum Admin
anticapitalista
::@olsztyn – Are YOU getting these repo not signed errors? If so, post the output of sudo apt update
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
January 7, 2021 at 10:45 pm #49298Memberolsztyn
::timezone / clock issues?
Thanks Dave for pointing to my time being off. I have just corrected time…
However Synaptic still rejects the test repository quoted by anti with what appears the same error message:
”
The repository ‘http://ftp.debian.org/debian/dists/Debian10.7 buster Release’ does not have a Release file.
”Are YOU getting these repo not signed errors?
For these repos I am not getting ‘unsigned’ error, just the Release file error.
I think, as I remember from prior testing the unsigned error was for primary antiX/MX repo:
http://la.mxrepo.com/antix/buster/
I can confirm shortly, if still the same…
Update: This no longer seems to be an issue… No complaints from Synaptic pertaining to mxrepo, just the above one, among many others…
Thanks again and best Regards.- This reply was modified 2 years, 4 months ago by olsztyn.
- This reply was modified 2 years, 4 months ago by olsztyn.
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersJanuary 8, 2021 at 2:11 pm #49362Forum Admin
anticapitalista
::Here is the problem
Active apt repos in: /etc/apt/sources.list
1: deb http://la.mxrepo.com/antix/buster/dists/buster/ buster mainRemove that entry.
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
January 8, 2021 at 2:56 pm #49372Memberolsztyn
::When apt check a repository, i compares the signature from the repo and the one saved in your system, to see if they match and to check if it has reached its “expiration date”.
The error seen by the thread OP is related to the GPG key not matching, not being found or for it reaching the expiration date.
For antix linux case, all PGP signatures in your system come from the package antix-archive-keyring (if I am not mistaken). This package adds the corresponding PGP key to /etc/apt/trusted.gpg.d/ for APT signing verification.
You add a source to /etc/apt/sources.list.d/ (for example, antix.list). When apt does a packagelist update (sudo apt update)
It reads the different sources, sends a request to access Release and Release.gpg files, checks if the Release.gpg file matches the PGP key in your system and “confirms” the signature, and then adds the information of Release to the list of available packages to be downloaded. This is how it verifies that the repo is secure and OK.@ Xecure:
I just want to thank you for this clear explanation of the mechanism in repo validity check. I missed to thank you for this the first time around…
There is something to learn for me each day…
Greatly appreciate.Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersJanuary 8, 2021 at 3:21 pm #49373Memberolsztyn
::Here is the problem
Active apt repos in: /etc/apt/sources.list
1: deb http://la.mxrepo.com/antix/buster/dists/buster/ buster main
Remove that entry.Thank you anti…
This entry was freshly added when I was testing. Following your above advice I started fresh, without this entry and attempted to add the repository from your post, namely the same as before http://ftp.debian.org/debian/dists/Debian10.7/.
This resulted in exactly the same rejection error by Synaptic:
”
The repository ‘http://ftp.debian.org/debian/dists/Debian10.7 buster Release’ does not have a Release file.
”
Fresh:
$ inxi -r
Repos:
No active apt repos in: /etc/apt/sources.list
Active apt repos in: /etc/apt/sources.list.d/antix.list
1: deb http://la.mxrepo.com/antix/buster/ buster main nonfree nosystemd
Active apt repos in: /etc/apt/sources.list.d/buster-backports.list
1: deb http://deb.debian.org/debian/ buster-backports main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list
1: deb http://ftp.us.debian.org/debian/ buster-updates main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/debian.list
1: deb http://ftp.us.debian.org/debian/ buster main contrib non-free
2: deb http://security.debian.org/ buster/updates main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/google-chrome.list
1: deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
Active apt repos in: /etc/apt/sources.list.d/google-earth-pro.list
1: deb [arch=amd64] http://dl.google.com/linux/earth/deb/ stable main
Active apt repos in: /etc/apt/sources.list.d/megasync.list
1: deb https://mega.nz/linux/MEGAsync/Debian_10.0/ ./
No active apt repos in: /etc/apt/sources.list.d/onion.list
No active apt repos in: /etc/apt/sources.list.d/various.list
demo@antix1:~This is a quite intriguing issue for me to investigate but I do not want to waste more of your precious time for me. So if this error does not happen for other users it remains for me to dig into this, especially got an excellent description of repo validity check mechanism from Xecure.
Thanks again and best Regards…
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersJanuary 8, 2021 at 3:49 pm #49375Forum Admin
anticapitalista
::Why do you want to add that line to the repos list? It doesn’t do anything except give errors.
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
January 8, 2021 at 6:01 pm #49381Memberolsztyn
::Why do you want to add that line to the repos list? It doesn’t do anything except give errors.
This repo was one of two you quoted as equivalent in one of preceding posts. There was no particular need for me to add this repo except for testing integrity of these repos, many of which, particularly the ones listed by the originator of this thread seem to have issues.
If there is no benefit, such as updated versions of packages in the debian 10.7 marked repo, I do not need it, so such one is for testing of integrity only.The issue raised by the original poster is pertinent in general to my testing, whether this repository or another. Namely if repositories tend to be exhibiting issues unacceptable to Synaptic, then it seems it is beyond capacity of user to fix them.
So it seems to me when antiX is being upgraded, then at some point the update to repositories should be done. If the issue with new repositories being rejected by Synaptic is the case then how we go about ensuring that the overall update is composed of consistent set of configuration?
Perhaps I am being too theoretical here. Perhaps a common approach is to run upgrade and whatever you end up is what it is. But for complete integrity one would like to understand when the resulting system has perfect integrity or just appears to work fine…
Again, I did not mean to take much of your time on this. I was just concerned with issues reported by the originator of this thread…
Thanks again and best Regards…Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersJanuary 8, 2021 at 6:14 pm #49383Forum Admin
anticapitalista
::I repeat what I posted earlier.
According to the repo managers of MX and antiX, they are signed. Don’t you believe me?
All of them were working fine with signed release files until … covid19.
We have zero influence over the repos, except for the antiX/MX ones.Thank you…
Unfortunately even the main one, controlled by antiX/MX seems to be unsigned:
http://la.mxrepo.com/antix/buster/
Just to mention…
Thanks and Regards…According to the repo managers of MX and antiX, they are signed
https://forum.mxlinux.org/viewtopic.php?f=94&t=60502&hilit=signed+repos&start=10#p598961
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
January 8, 2021 at 7:03 pm #49385Moderator
Brian Masinick
::Yes, anticapitalista, I can see the signatures as clearly as can be at the link:
http://la.mxrepo.com/antix/buster/dists/buster/InRelease
precisely as you have indicated.Please check again; I confirm (and believe) what anticapitalista has repeated.
--
Brian MasinickJanuary 8, 2021 at 7:44 pm #49391Memberolsztyn
::For these repos I am not getting ‘unsigned’ error, just the Release file error.
I think, as I remember from prior testing the unsigned error was for primary antiX/MX repo:
http://la.mxrepo.com/antix/buster/
I can confirm shortly, if still the same…
Update: This no longer seems to be an issue… No complaints from Synaptic pertaining to mxrepo, just the above one, among many others…
Thanks again and best Regards.As I reported (quote directly above), mxrepo does not have issues (any longer..). No ‘unsigned’ issue as it is now or Release file issue reported by Synaptic.
So I have no reason to not believe you as I already confirmed in my post quoted above.
The ‘unsigned’ issue with mxrepo was reported by Synaptic at some point in the past but is no longer the case.
Case closed on this.
I do not want to dwell on this subject if it invokes defensive responses rather than constructively looking at what Synaptic reports. So merely relying on what some repo manager is telling does not constitute a proof sufficient to disregard response from Synaptic.
Just to stress again: The reason for my continuing this thread, which was originated by someone else reporting these issues, is not a fault-finding but my care to do sufficient due diligence to ensure integrity of repositories.
If due diligence is not welcome, I accept this too. This will not change my opinion that antiX is a great system.
Thanks again and Regards…Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersJanuary 8, 2021 at 8:04 pm #49392Member
Xecure
::I think there is a big misunderstanding here. I will try and help clear it up.
The original poster did NOT mention any of the antiX/MX managed repositories, but the external mirror
http://mxlinux.mirrors.uk2.net/packages/antix/buster
as you can see in the first thread.
At some point last year there was a signing error that was fixed in the same week (I confirmed the error, anticapitalista checked it and it was fixed).
There is NO INTEGRITY (badly chosen word, by the way) problem with the official antiX/MX repo mirrors.If you read carefully anticapitalista’s #49268 response, you will see that the mirrors tested were:
http://la.mxrepo.com/antix/buster buster http://debian.ipacct.com/debian buster/mainThe first, antiX repo mirror, the second Debian repo mirror.
Then, anticapitalista provided two links NOT FOR APT but for YOU to open in the browser and see the RELEASE and signed files, confirming that, in the same way that the official Debian repo was signed, so was the antiX repo. I think you misunderstood this links and wanted to use them as repo links, which isn’t how they work. Adding them to “Synaptic” will not do anything because they were for you to read, not APT nor synaptic, but for you to see that both the Debian repo and antiX repo were signed in similar way.You effort to add them to synaptic is useless because those links are not APT source.list repo mirrors. I tried to clear the confusion, but it seems I did a poor job at it.
So, in conclusion, there is no INTEGRITY problem with the antiX/MX servers. I think you confused some different concepts and concluded things prematurely.
Hopefully this thread can be cleared and everyone happily continue what they were doing.
Regards to all parties involved.
PD: Synaptic doesn’t really do the repo checks, but has APT do them. Adding repos to synaptic adds them (I believe) to /etc/apt/sources.list and then gets APT to check the repo and outputs the APT error (if any). That is it.
- This reply was modified 2 years, 4 months ago by Xecure. Reason: Forgotten links
antiX Live system enthusiast.
General Live Boot Parameters for antiX.January 8, 2021 at 8:51 pm #49402Memberolsztyn
::Thank you Xecure for taking the time and care to put these in the precise perspective. Greatly appreciated.
It was not my intent to indicate there is a problem with integrity of antiX/MX repo servers. All I was bringing up is was that some repos were accepted and some other rejected by Synaptic, as originally reported by the originator of this thread. Which ones were managed by antiX/MX team versus which were mirrors was not my objective to distinguish.PD: Synaptic doesn’t really do the repo checks, but has APT do them. Adding repos to synaptic adds them (I believe) to /etc/apt/sources.list and then gets APT to check the repo and outputs the APT error (if any). That is it.
Thank you for this info as well. So Synaptic invokes APT to check repos and outputs error. So my attributing this entire process to Synaptic was not precise, I admit. This process of invoking APT in the background by Synaptic seems nicely insulated from the user.
I want to thank you and anti again for taking your precious time to respond.
Best Regards…Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_Parameters -
AuthorPosts
- You must be logged in to reply to this topic.