Dev1 Galaxy Forum / [SOLVED] Invalid Signatures

Re: [SOLVED] Invalid Signatures

dummy@example.com (linuxuser) — Fri, 09 Sep 2022 10:50:47 +0000

I understand.

Good to see that Devuan is hosting it's own git, by the way.

Regards.

Re: [SOLVED] Invalid Signatures

dummy@example.com (ralph.ronnquist) — Fri, 09 Sep 2022 10:19:29 +0000

No worries. I didn't think I took offense, but hmm maybe I did. But it is true that I do need to retire off Devuan and that new and more people need to step up and in; not necessarily you of course.

The installer ISOs are built using https://git.devuan.org/devuan/installer-iso.git which has been streamlined into an almost push-button state by now. But, whenever an ISO is built, it relies on the state of the repository at that particular time and it's always possible for some update inconsistency to slip in. It is therefore I think the installer ISOs typically need a broader testing than a single person running through it once.

Re: [SOLVED] Invalid Signatures

dummy@example.com (linuxuser) — Fri, 09 Sep 2022 09:54:17 +0000

ralph.ronnquist wrote:

BTW I'm all for testing software before releasing.
But right now the installer images don't work at all, and the fix seems quite straightforward to me.
Great. Welcome on board!
I'm probably doing things wrong yes, and need to retire.
We can rely on you taking over this?
Just in parenthesis: all the installers do still work fine as long as you avoid network mirror backing during installation. It of course means that you'll end up with a rather minimal system, but it's still one where you can use the manual patching (wget + dpkg) before using the network mirroring/access the first time.

Wow, hold your horses, Ralph, no offense meant ;-)
I have used Devuan without problems for a few years now, and see no reason for you to retire ;-)

Do I understand right, are you the only person supporting the installation part of Devuan ?
I don't know the Devuan community (yet) so please help me out here.

And I guess people who use network installers in expert mode should be able to manage for now.

When do you plan to have the updated install ISO's available ?

Regards.

Re: [SOLVED] Invalid Signatures

dummy@example.com (ralph.ronnquist) — Fri, 09 Sep 2022 09:20:38 +0000

BTW I'm all for testing software before releasing.
But right now the installer images don't work at all, and the fix seems quite straightforward to me.

Great. Welcome on board!
I'm probably doing things wrong yes, and need to retire.
We can rely on you taking over this?

Just in parenthesis: all the installers do still work fine as long as you avoid network mirror backing during installation. It of course means that you'll end up with a rather minimal system, but it's still one where you can use the manual patching (wget + dpkg) before using the network mirroring/access the first time.

Re: [SOLVED] Invalid Signatures

dummy@example.com (linuxuser) — Fri, 09 Sep 2022 08:35:30 +0000

aitor wrote:

linuxuser wrote:
ISO images have to be fixed, though
Quoting Ralph Ronnquist, there is an initial collection of trial installer ISOs that need to be tested in a range of settings at:
https://ido.rrq.id.au/download/

Hi, thanks for your reply

I was able to install by installing the key package, like Morgennebel mentioned.

So what's the problem here ?

Replacing the key works just fine (and should be done), so what has to be tested ?
I don't see it.

BTW I'm all for testing software before releasing.
But right now the installer images don't work at all, and the fix seeems quite straightforward to me.

Regards.

Re: [SOLVED] Invalid Signatures

dummy@example.com (aitor) — Thu, 08 Sep 2022 23:39:59 +0000

linuxuser wrote:

ISO images have to be fixed, though

Quoting Ralph Ronnquist, there is an initial collection of trial installer ISOs that need to be tested in a range of settings at:

https://ido.rrq.id.au/download/

Re: [SOLVED] Invalid Signatures

dummy@example.com (linuxuser) — Thu, 08 Sep 2022 17:38:28 +0000

Hi all,

Tried to install Beowulf networkinstall today.

Could not install, because ISO Image was not updated with the correct signature.

Checked the repos, chimaera installer-iso's are also not updated with the right signature.

Any idea who to contact for this ?

Best regards.

EDIT

Found another post with a possible temporay solution,

https://dev1galaxy.org/viewtopic.php?id=5211

ISO images have to be fixed, though

Re: [SOLVED] Invalid Signatures

dummy@example.com (rolfie) — Wed, 07 Sep 2022 17:42:14 +0000

narad-dev wrote:

No, wget as listed above does not work, because there is no http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb, there only is a http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring-udeb_2022.09.04_all.udeb.

Did the upgrade twice on two of my Daedalus VMs using the wget method, worked out fine with the devuan-keyring_2022.09.04_all.deb package, no udeb required.

Re: [SOLVED] Invalid Signatures

dummy@example.com (fsmithred) — Wed, 07 Sep 2022 15:31:50 +0000

narad-dev wrote:

No, wget as listed above does not work, because there is no http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb,

You must have hit a mirror that wasn't fully updated. If you pick one from the mirror list, you can go to the same directory and find the .deb package.
https://pkgmaster.devuan.org/mirror_list.txt

Re: [SOLVED] Invalid Signatures

dummy@example.com (narad-dev) — Wed, 07 Sep 2022 14:41:25 +0000

No, wget as listed above does not work, because there is no http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb, there only is a http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring-udeb_2022.09.04_all.udeb.
This udeb cannot bei installed with dpkg -i because it would overwrite »/usr/share/keyrings/devuan-archive-keyring.gpg« which is part of packagdevuan-keyring 2017.10.03 .

Solution: download udeb file, purge old devuan keyring, then dpkg -i devuan-keyring-udeb_2022.09.04_all.udeb works.

Re: [SOLVED] Invalid Signatures

dummy@example.com (rolfie) — Wed, 07 Sep 2022 06:27:47 +0000

The wget-method works on Daedalus. Attention: expand the path completely.

Re: [SOLVED] Invalid Signatures

dummy@example.com (narad-dev) — Wed, 07 Sep 2022 05:43:45 +0000

The instructions above did not work fpr Daedalus.
How to fix the issue on Daedalus?

Many thanks in advance for your help.

Re: [SOLVED] Invalid Signatures

dummy@example.com (greenant) — Wed, 07 Sep 2022 04:44:44 +0000

p.s. this worked for me on beowulf:

id=BB23C00C61FC752C
gpg --keyserver keyserver.ubuntu.com --recv-keys ${id} 
gpg --export ${id} | apt-key add -
apt update

Re: [SOLVED] Invalid Signatures

dummy@example.com (ralph.ronnquist) — Sat, 03 Sep 2022 23:12:56 +0000

Note that the full hands-on may also require that the old local InRelease file for the distribution is removed manually, so the sequence of command would thus be (eg for chimaera):

# rm /var/lib/apt/lists/deb.devuan.org_merged_dists_chimaera_InRelease
# apt-get update --allow-unauthenticated --allow-insecure-repositories
# apt-get install devuan-keyring --allow-unauthenticated

Alternatively: Anyone uncomfortable with those command line options should rather download the new keyring directly, eg

# wget http://deb.devuan.org/devuan/pool/main/ … 04_all.deb
# sha256sum devuan-keyring_2022.09.04_all.deb 96c4a206e8dfdc21138ec619687ef9acf36e1524dd39190c040164f37cc3468d
# dpkg -i devuan-keyring_2022.09.04_all.deb

Alternatively: if you have your own method that works, then that is fine too.

Re: [SOLVED] Invalid Signatures

dummy@example.com (brocashelm) — Sat, 03 Sep 2022 18:36:17 +0000

devuan-keyring has already been updated in the repository. This command was provided by Bb|hcb in the IRC channel:
apt update --allow-insecure-repositories && apt install devuan-keyring --allow-unauthenticated