Debian Gpg Error Lenny
Contents |
Fri, 8 Nov 2013 10:46:45 +0000 Message-id: <20131108104645.GB18990@darac.org.uk> In-reply-to:
Debian Apt-get Update Gpg Error No_pubkey
update to correct these problems > > > My source list looks like this: > > deb http://archive.debian.org/debian-security lenny/updates main contrib > deb http://archive.debian.org/debian-volatile lenny/volatile main contrib > deb http://archive.debian.org/debian/ lenny main contrib non-free > deb http://archive.debian.org/debian-security lenny/updates main contrib > deb http://archive.debian.org/debian-volatile lenny/volatile main contrib > > > When I try to get an debian gpg key updated keyring: > > apt-get install debian-archive-keyring > Reading package lists... Done > Building dependency tree > Reading state information... Done > debian-archive-keyring is already the newest version. > > > It tells me it is already up to date. > > How can I get keyring that is not expired so I can up date this machine. I'm not entirely sure you can. As you know, Lenny is an old release. The packages were signed with a key that had a limited validity (I believe the point of doing that is to minimise the amount of time an attacker has to brute-force they key. If they can't crack it before it expires, then there's no point in attempting any further cracks). To use a new key (i.e. one that has not expired), all the package-lists in the Lenny repository would have to be re-signed using that key. Basically, you'd be updating an obsolete release. However, if we look back at your out
------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages ------------------------ Load Save SlideShow SecureApt All about secure apt In recent releases, Debian has been using strong crypto to validate downloaded packages. This is commonly called "secure apt" (or ubuntu gpg "apt-secure") and was implemented in Apt version 0.6 in 2003, which Debian migrated to
Linux Gpg
in 2005. Since the documentation (here and here) is fairly slim on how this all works from an administrator's point of
Gentoo Gpg
view, this document will try to explain in detail how secure apt works and how to use it. This article discusses things at a relatively high level. For details on the format of the files https://lists.debian.org/debian-user/2013/11/msg00389.html Debian repositories please refer to the RepositoryFormat page. For detailed information on commands please refer to the man pages of the tools. Contents All about secure apt Basic concepts Secure apt groundwork: checksums Signed Release files How apt uses Release.gpg How to tell apt what to trust How to find and add a key How to tell if the key is safe Debian archive key expiry How to manually check for https://wiki.debian.org/SecureApt package's integrity Other problems Setting up a secure apt repository History Comments and questions Basic concepts Here are a few basic concepts that you'll need to understand for the rest of this document. A secure hash function (a type of checksum) is a method of taking a file and boiling it down to a reasonably short number that will uniquely identify the content of the file, even if people are deliberately trying to create a pair of different files with the same checksum or create a new file that matches a previous checksum. APT was originally designed around MD5 but people have since managed to construct collisions and so support for newer hash functions has been added. Public key cryptography is based on pairs of keys, a public key and a private key. The public key is given out to the world; the private key must be kept a secret. Anyone possessing the public key can encrypt a message so that it can only be read by someone possessing the private key. It's also possible to use a private key to sign a file, not encrypt it. If a private key is used to sign a file, then anyone who has the public key can check that the fil
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us http://serverfault.com/questions/7145/what-should-i-do-when-i-got-the-keyexpired-error-message-after-an-apt-get-update Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site http://www.mepiscommunity.org/forum/viewtopic.php?t=34417 for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top What should I do when I got the KEYEXPIRED error message after an apt-get update? up vote 20 down vote favorite 11 While updating my packages on a debian based system by gpg error a sudo apt-get update I've got that error message : Reading package lists... Done W: GPG error: ftp://ftp.fr.debian.org stable/non-US Release: The following signatures were invalid: KEYEXPIRED 1138684904 What should I do to fix this ? linux debian share|improve this question edited May 24 '09 at 7:04 Zoredache 94.7k22184317 asked May 11 '09 at 19:58 paulgreg 1,94931931 add a comment| 6 Answers 6 active oldest votes up vote 34 down vote +50 To find any expired repository keys and their IDs, use apt-key as follows: apt-key list debian gpg error | grep expired You will get a result similar to the following: pub 4096R/BE1DB1F1 2011-03-29 [expired: 2014-03-28] The key ID is the bit after the / i.e. BE1DB1F1 in this case. To update the key, run sudo apt-key adv --recv-keys --keyserver keys.gnupg.net BE1DB1F1 Note: Updating the key will obviously not work if the package maintainer has not (yet) uploaded a new key. In that case there is little you can do other than contacting the maintainer, filing a bug against your distribution etc. share|improve this answer edited Nov 4 '15 at 20:50 answered Jul 24 '14 at 23:44 kynan 69356 that does not work for me, after the command for updating the key, the key is still expired. –Karl Forner Nov 6 '14 at 12:20 @KarlForner was adding the key successful? –kynan Nov 7 '14 at 10:18 yes it was successful. –Karl Forner Nov 7 '14 at 14:08 @KarlForner Note that if the package maintainer has not uploaded a new key this will of course have no effect and there's nothing you can do in this case (still my instructions are correct). –kynan Nov 7 '14 at 14:11 ok, kynan, thanks anyway –Karl Forner Nov 7 '14 at 14:22 | show 4 more comments up vote 6 down vote You need to get the newer key and add it, at which point apt will detect it and not complain. This shouldn't normally happen, but it sometimes does. What you really need is to know the hex code
topics Search The team FAQ Login Register Board index MEPIS - DEVELOPMENT INACTIVE, SUPPORTED BY THIS COMMUNITY General Regulars Search Unanswered topics Active topics Archive Repositories -- GPG Error Here is where users who have been using MEPIS awhile and know the basics of linux and MEPIS can ask questions. Post Reply Print view Search Advanced search 10 posts • Page 1 of 1 Message Author joany Forum Veteran Posts: 6123 Joined: Mon Feb 12, 2007 1:45 pm Archive Repositories -- GPG Error Quote #1 Postby joany » Tue Mar 12, 2013 7:53 am I switched over to the archive mirrors a while ago when Debian stopped supporting Lenny. Lately, I've been getting the following GPG errors when doing an apt-get update:Code: Select allW: GPG error: http://archive.debian.org lenny/updates Release: The following signatures were invalid: KEYEXPIRED 1356982504
W: GPG error: http://archive.debian.org lenny/volatile Release: The following signatures were invalid: KEYEXPIRED 1358963195
I know how to fix the "normal" GPG error when the signature key is missing. However, these messages say the signature keys expired. After Googling this, it seems the original keys were set to expire on 12/31/12:http://www.debian.org/News/2009/20090523Can I fix this error or do I have to wait for Debian to do it? (It doesn't look like they will.) MX-14; 3.12-0.bpo.1-686-pae kernel using 4GB RAM2.4GHz AMD Athlon 4600+ NVidia GeForce 6150 LE; 304.121 Display DriverYou didn't slow down because you're old; you're old because you slowed down. Top kmathern Forum Veteran Posts: 9194 Age: 58 Joined: Wed Jul 12, 2006 2:26 pm Re: Archive Repositories -- GPG Error Quote #2 Postby kmathern » Tue Mar 12, 2013 8:45 am Disable the lenny/updates & lenny/volatile repos. I think everything that was in those two repos when Lenny was obsoleted was rolled into the main Lenny repo anyway. Top joany Forum Veteran Posts: 6123 Joined: Mon Feb 12, 2007 1:45 pm Re: Archive Repositories -- GPG Error Quote #3 Postby joany » Tue Mar 12, 2013 9:04 am kmathern wrote:Disable the lenny/updates & lenny/volatile repos. I think everything that