You are not logged in.
Pages: 1
Hello fellow Devuaners
I a new to Devuan, but not new to linux or Debian, I installed Chimeara a month ago and have had no problems until I tried to update today.
Apt reported the following error
Get:1 http://deb.devuan.org/merged chimaera InRelease [33.9 kB]
Get:2 http://deb.devuan.org/merged chimaera-updates InRelease [26.5 kB]
Err:1 http://deb.devuan.org/merged chimaera InRelease
The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
Get:3 http://deb.devuan.org/merged chimaera-security InRelease [26.5 kB]
Err:2 http://deb.devuan.org/merged chimaera-updates InRelease
The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
Err:3 http://deb.devuan.org/merged chimaera-security InRelease
The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
Fetched 86.9 kB in 3s (25.5 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.devuan.org/merged chimaera InRelease: The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.devuan.org/merged chimaera-updates InRelease: The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.devuan.org/merged chimaera-security InRelease: The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
W: Failed to fetch http://deb.devuan.org/merged/dists/chimaera/InRelease The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
W: Failed to fetch http://deb.devuan.org/merged/dists/chimaera-updates/InRelease The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
W: Failed to fetch http://deb.devuan.org/merged/dists/chimaera-security/InRelease The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) <repository@devuan.org>
W: Some index files failed to download. They have been ignored, or old ones used instead
It is asking for updated GPG key ?
dpkg -i devuan-keyring_2022.09.04_all.deb
Sorry I Did not read the solved posts
Last edited by prizm02 (2022-09-03 18:36:06)
Offline
devuan-keyring has already been updated in the repository. This command was provided by Bb|hcb in the IRC channel:
apt update --allow-insecure-repositories && apt install devuan-keyring --allow-unauthenticated
Last edited by brocashelm (2022-09-03 19:09:39)
Offline
Note that the full hands-on may also require that the old local InRelease file for the distribution is removed manually, so the sequence of command would thus be (eg for chimaera):
# rm /var/lib/apt/lists/deb.devuan.org_merged_dists_chimaera_InRelease
# apt-get update --allow-unauthenticated --allow-insecure-repositories
# apt-get install devuan-keyring --allow-unauthenticated
Alternatively: Anyone uncomfortable with those command line options should rather download the new keyring directly, eg
# sha256sum devuan-keyring_2022.09.04_all.deb 96c4a206e8dfdc21138ec619687ef9acf36e1524dd39190c040164f37cc3468d
# dpkg -i devuan-keyring_2022.09.04_all.deb
Alternatively: if you have your own method that works, then that is fine too.
Offline
p.s. this worked for me on beowulf:
id=BB23C00C61FC752C
gpg --keyserver keyserver.ubuntu.com --recv-keys ${id}
gpg --export ${id} | apt-key add -
apt update
Offline
The instructions above did not work fpr Daedalus.
How to fix the issue on Daedalus?
Many thanks in advance for your help.
Last edited by narad-dev (2022-09-07 05:44:06)
Offline
The wget-method works on Daedalus. Attention: expand the path completely.
Offline
No, wget as listed above does not work, because there is no http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb, there only is a http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring-udeb_2022.09.04_all.udeb.
This udeb cannot bei installed with dpkg -i because it would overwrite »/usr/share/keyrings/devuan-archive-keyring.gpg« which is part of packagdevuan-keyring 2017.10.03 .
Solution: download udeb file, purge old devuan keyring, then dpkg -i devuan-keyring-udeb_2022.09.04_all.udeb works.
Offline
No, wget as listed above does not work, because there is no http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb,
You must have hit a mirror that wasn't fully updated. If you pick one from the mirror list, you can go to the same directory and find the .deb package.
https://pkgmaster.devuan.org/mirror_list.txt
Offline
No, wget as listed above does not work, because there is no http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb, there only is a http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring-udeb_2022.09.04_all.udeb.
Did the upgrade twice on two of my Daedalus VMs using the wget method, worked out fine with the devuan-keyring_2022.09.04_all.deb package, no udeb required.
Offline
Hi all,
Tried to install Beowulf networkinstall today.
Could not install, because ISO Image was not updated with the correct signature.
Checked the repos, chimaera installer-iso's are also not updated with the right signature.
Any idea who to contact for this ?
Best regards.
EDIT
Found another post with a possible temporay solution,
https://dev1galaxy.org/viewtopic.php?id=5211
ISO images have to be fixed, though
Last edited by linuxuser (2022-09-08 18:09:46)
Offline
ISO images have to be fixed, though
Quoting Ralph Ronnquist, there is an initial collection of trial installer ISOs that need to be tested in a range of settings at:
If you work systematically, things will come by itself (Lev D. Landau)
Offline
linuxuser wrote:ISO images have to be fixed, though
Quoting Ralph Ronnquist, there is an initial collection of trial installer ISOs that need to be tested in a range of settings at:
Hi, thanks for your reply
I was able to install by installing the key package, like Morgennebel mentioned.
So what's the problem here ?
Replacing the key works just fine (and should be done), so what has to be tested ?
I don't see it.
BTW I'm all for testing software before releasing.
But right now the installer images don't work at all, and the fix seeems quite straightforward to me.
Regards.
Offline
BTW I'm all for testing software before releasing.
But right now the installer images don't work at all, and the fix seems quite straightforward to me.
Great. Welcome on board!
I'm probably doing things wrong yes, and need to retire.
We can rely on you taking over this?
Just in parenthesis: all the installers do still work fine as long as you avoid network mirror backing during installation. It of course means that you'll end up with a rather minimal system, but it's still one where you can use the manual patching (wget + dpkg) before using the network mirroring/access the first time.
Offline
BTW I'm all for testing software before releasing.
But right now the installer images don't work at all, and the fix seems quite straightforward to me.Great. Welcome on board!
I'm probably doing things wrong yes, and need to retire.
We can rely on you taking over this?Just in parenthesis: all the installers do still work fine as long as you avoid network mirror backing during installation. It of course means that you'll end up with a rather minimal system, but it's still one where you can use the manual patching (wget + dpkg) before using the network mirroring/access the first time.
Wow, hold your horses, Ralph, no offense meant ;-)
I have used Devuan without problems for a few years now, and see no reason for you to retire ;-)
Do I understand right, are you the only person supporting the installation part of Devuan ?
I don't know the Devuan community (yet) so please help me out here.
And I guess people who use network installers in expert mode should be able to manage for now.
When do you plan to have the updated install ISO's available ?
Regards.
Offline
No worries. I didn't think I took offense, but hmm maybe I did. But it is true that I do need to retire off Devuan and that new and more people need to step up and in; not necessarily you of course.
The installer ISOs are built using https://git.devuan.org/devuan/installer-iso.git which has been streamlined into an almost push-button state by now. But, whenever an ISO is built, it relies on the state of the repository at that particular time and it's always possible for some update inconsistency to slip in. It is therefore I think the installer ISOs typically need a broader testing than a single person running through it once.
Offline
I understand.
Good to see that Devuan is hosting it's own git, by the way.
Regards.
Offline
Pages: 1