The officially official Devuan Forum!

You are not logged in.

#1 2026-07-13 20:30:14

tux_99
Member
Registered: 2025-06-17
Posts: 128  

[SOLVED] dpkg-source: warning: cannot verify inline signature

I just ran "apt upgrade" to install the latest updates on a Devuan Excalibur PC and got the above warning for three packages.
What do I have to do to avoid these warning in future updates, am I missing some "trusted keys" package?

Get:1 wireless-regdb_2026.05.30-1~deb13u1.dsc [2303 B]                                                                                                          
Get:2 wireless-regdb_2026.05.30.orig.tar.xz [32.0 kB]                                                                                                           
Get:3 wireless-regdb_2026.05.30-1~deb13u1.debian.tar.xz [21.2 kB]                                                                                               
Fetched 55.5 kB in 0s (0 B/s)                                                                                                                                   
apt-listdifferences: skipping differences for src:libcaca - differences already seen
apt-listdifferences: skipping differences for src:graphite2 - differences already seen
gpgv: Signature made Mon 11 May 2026 08:14:40 CEST
gpgv:                using RSA key 72E3CB773315DFA2E464743D94532124541922FB
gpgv: Can't check signature: No public key
dpkg-source: warning: cannot verify inline signature for /var/cache/apt/sources/base-files_13.8+deb13u5devuan1.dsc: no acceptable signature found
gpgv: Signature made Mon 06 Jul 2026 07:47:52 CEST
gpgv:                using RSA key 72E3CB773315DFA2E464743D94532124541922FB
gpgv: Can't check signature: No public key
dpkg-source: warning: cannot verify inline signature for /var/cache/apt/sources/base-files_13.8+deb13u6devuan1.dsc: no acceptable signature found
apt-listdifferences: removing old src:base-files 13.8+deb13u5devuan1
apt-listdifferences: skipping differences for src:libass - differences already seen
apt-listdifferences: removing old src:pupnp 1.14.20-1
apt-listdifferences: removing old src:dhcpcd 10.1.0-11+deb13u2
apt-listdifferences: skipping differences for src:libxpm - differences already seen
apt-listdifferences: skipping differences for src:libxml-libxml-perl - differences already seen
apt-listdifferences: removing old src:libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2
gpgv: Signature made Fri 20 Feb 2026 17:05:49 CET
gpgv:                using RSA key AC2B29BD34A6AFDDB3F68F35E7BFC8EC95861109
gpgv: Can't check signature: No public key
dpkg-source: warning: cannot verify inline signature for /var/cache/apt/sources/wireless-regdb_2026.02.04-1~deb13u1.dsc: no acceptable signature found
gpgv: Signature made Wed 10 Jun 2026 00:09:56 CEST
gpgv:                using RSA key AC2B29BD34A6AFDDB3F68F35E7BFC8EC95861109
gpgv: Can't check signature: No public key
dpkg-source: warning: cannot verify inline signature for /var/cache/apt/sources/wireless-regdb_2026.05.30-1~deb13u1.dsc: no acceptable signature found
apt-listdifferences: removing old src:wireless-regdb 2026.02.04-1~deb13u1
apt-listdifferences: skipping differences for src:mesa - differences already seen
apt-listdifferences: removing old src:poppler 25.03.0-5+deb13u3
apt-listdifferences: removing old src:nss 3.110-1+deb13u2
gpgv: Signature made Fri 22 May 2026 10:49:20 CEST
gpgv:                using RSA key 64AA2AB531D56903366BFEF982AA4A243B1E9478
gpgv: Can't check signature: No public key
dpkg-source: warning: cannot verify inline signature for /var/cache/apt/sources/samba_4.22.8+dfsg-0+deb13u2.dsc: no acceptable signature found
gpgv: Signature made Thu 11 Jun 2026 06:36:35 CEST
gpgv:                using RSA key 64AA2AB531D56903366BFEF982AA4A243B1E9478
gpgv: Can't check signature: No public key
dpkg-source: warning: cannot verify inline signature for /var/cache/apt/sources/samba_4.22.10+dfsg-0+deb13u1.dsc: no acceptable signature found
apt-listdifferences: removing old src:samba 4.22.8+dfsg-0+deb13u2

Either the users control the program – or the program controls the users” Richard Stallman

Online

#2 2026-07-14 04:47:02

RedGreen925
Member
Registered: 2024-12-07
Posts: 304  

Re: [SOLVED] dpkg-source: warning: cannot verify inline signature

Who knows if they should be in the devuan-keyring package but they definitely exist.

root@9600k:~# gpg --keyserver keyserver.ubuntu.com --search-key 72E3CB773315DFA2E464743D94532124541922FB
gpg: data source: http://185.125.188.26:11371
(1)	Devuan Repository (Primary Devuan signing key) <repository@devuan.org>
	  2048 bit RSA key 94532124541922FB, created: 2014-12-02
Keys 1-1 of 1 for "72E3CB773315DFA2E464743D94532124541922FB".  Enter number(s), N)ext, or Q)uit > q
gpg: error searching keyserver: Operation cancelled
gpg: keyserver search failed: Operation cancelled
root@9600k:~# gpg --keyserver keyserver.ubuntu.com --search-key AC2B29BD34A6AFDDB3F68F35E7BFC8EC95861109
gpg: data source: http://185.125.188.26:11371
(1)	Ben Hutchings <bwh@kernel.org>
	Ben Hutchings (DOB: 1977-01-11)
	Ben Hutchings <benh@debian.org>
	Ben Hutchings <ben@decadent.org.uk>
	  4096 bit RSA key E7BFC8EC95861109, created: 2009-07-12
Keys 1-1 of 1 for "AC2B29BD34A6AFDDB3F68F35E7BFC8EC95861109".  Enter number(s), N)ext, or Q)uit > q
gpg: error searching keyserver: Operation cancelled
gpg: keyserver search failed: Operation cancelled
root@9600k:~# gpg --keyserver keyserver.ubuntu.com --search-key 64AA2AB531D56903366BFEF982AA4A243B1E9478
gpg: data source: http://185.125.188.26:11371
(1)	Michael Tokarev <mjt@debian.org>
	Michael Tokarev <mjt@corpit.ru>
	Michael Tokarev <mjt@tls.msk.ru>
	  4096 bit RSA key 61AD3D98ECDF2C8E, created: 2024-04-24
Keys 1-1 of 1 for "64AA2AB531D56903366BFEF982AA4A243B1E9478".  Enter number(s), N)ext, or Q)uit > q
gpg: error searching keyserver: Operation cancelled
gpg: keyserver search failed: Operation cancelled

Though I fail to see why you need the src packages to update your install as that is what it fails on.

root@9600k:~# apt update
Get:1 http://gnlug.org/pub/devuan/merged excalibur InRelease [48.0 kB]
Hit:2 https://brave-browser-apt-release.s3.brave.com stable InRelease          
Get:3 https://dl.google.com/linux/chrome-stable/deb stable InRelease [1,825 B] 
Hit:4 https://xlibre-debian.github.io/devuan main InRelease                    
Hit:5 https://updates.signal.org/desktop/apt xenial InRelease                  
Get:6 http://gnlug.org/pub/devuan/merged excalibur-backports InRelease [38.4 kB]
Get:7 https://dl.google.com/linux/chrome-stable/deb stable/main amd64 Packages [1,218 B]
Get:8 http://gnlug.org/pub/devuan/merged excalibur-proposed-updates InRelease [38.3 kB]
Get:9 http://gnlug.org/pub/devuan/merged excalibur-updates InRelease [37.6 kB] 
Get:10 http://gnlug.org/pub/devuan/merged excalibur-security InRelease [37.9 kB]
Get:11 http://gnlug.org/pub/devuan/merged excalibur-backports/main amd64 Packages [268 kB]
Get:12 http://gnlug.org/pub/devuan/merged excalibur-proposed-updates/main amd64 Packages [45.8 kB]
Get:13 https://packages.microsoft.com/repos/edge-stable stable InRelease [3,590 B]
Get:14 https://packages.microsoft.com/repos/edge-stable stable/main amd64 Packages [41.8 kB]
Hit:17 https://mkvtoolnix.download/debian trixie InRelease                     
Hit:15 https://apt.benthetechguy.net/debian trixie InRelease
Hit:16 http://tde-mirror.yosemite.net/trinity/deb/trinity-r14.1.x excalibur InRelease
Fetched 562 kB in 2s (360 kB/s)
13 packages can be upgraded. Run 'apt list --upgradable' to see them.

Even enabling the deb-src here does not produce the same error you are getting.

root@9600k:~# nano /etc/apt/sources.list.d/devuan.sources 
root@9600k:~# apt update
Hit:1 http://gnlug.org/pub/devuan/merged excalibur InRelease
Hit:2 http://gnlug.org/pub/devuan/merged excalibur-backports InRelease         
Hit:3 https://brave-browser-apt-release.s3.brave.com stable InRelease          
Hit:4 https://xlibre-debian.github.io/devuan main InRelease                    
Hit:5 http://gnlug.org/pub/devuan/merged excalibur-proposed-updates InRelease  
Hit:6 https://dl.google.com/linux/chrome-stable/deb stable InRelease           
Hit:7 https://updates.signal.org/desktop/apt xenial InRelease                  
Hit:8 http://gnlug.org/pub/devuan/merged excalibur-updates InRelease           
Hit:9 https://packages.microsoft.com/repos/edge-stable stable InRelease        
Hit:10 http://gnlug.org/pub/devuan/merged excalibur-security InRelease         
Get:11 http://gnlug.org/pub/devuan/merged excalibur/main Sources [10.6 MB]     
Hit:13 https://mkvtoolnix.download/debian trixie InRelease                     
Get:14 http://gnlug.org/pub/devuan/merged excalibur/non-free-firmware Sources [6,572 B]
Get:15 http://gnlug.org/pub/devuan/merged excalibur/non-free Sources [76.4 kB]
Get:16 http://gnlug.org/pub/devuan/merged excalibur/contrib Sources [51.9 kB]
Get:17 http://gnlug.org/pub/devuan/merged excalibur-backports/non-free-firmware Sources [3,208 B]
Get:18 http://gnlug.org/pub/devuan/merged excalibur-backports/main Sources [201 kB]
Get:19 http://gnlug.org/pub/devuan/merged excalibur-backports/contrib Sources [6,228 B]
Get:20 http://gnlug.org/pub/devuan/merged excalibur-backports/non-free Sources [1,448 B]
Get:21 http://gnlug.org/pub/devuan/merged excalibur-proposed-updates/main Sources [76.9 kB]
Get:22 http://gnlug.org/pub/devuan/merged excalibur-updates/main Sources [2,792 B]
Hit:12 https://apt.benthetechguy.net/debian trixie InRelease                   
Hit:23 http://tde-mirror.yosemite.net/trinity/deb/trinity-r14.1.x excalibur InRelease
Fetched 11.1 MB in 1s (7,957 kB/s)             
13 packages can be upgraded. Run 'apt list --upgradable' to see them.

My devuan.sources for you to try with to see if the error persists.

root@9600k:~# cat /etc/apt/sources.list.d/devuan.sources 
## Devuan 6 excalibur
## The new style method of using repositories to install software.
## This /etc/apt/sources.list.d/devuan.sources is new style and location file
## The /etc/apt/old.style.sources.list contains the same as this.
## https://linuxconfig.org/ubuntus-repository-configuration-ubuntu-sources-have-moved-to-etc-apt-sources-list-d-ubuntu-sources

## Normal excalibur sources
Types: deb deb-src
URIs: http://gnlug.org/pub/devuan/merged 
Suites: excalibur excalibur-backports excalibur-proposed-updates  excalibur-updates
Components: main non-free contrib non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/devuan-archive-keyring.gpg
Architectures: amd64

## excalibur security sources
Types: deb
URIs: http://gnlug.org/pub/devuan/merged
Suites: excalibur-security
Components: main non-free contrib non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/devuan-archive-keyring.gpg
Architectures: amd64

Offline

#3 Yesterday 20:14:29

tux_99
Member
Registered: 2025-06-17
Posts: 128  

Re: [SOLVED] dpkg-source: warning: cannot verify inline signature

I think I figured this out, it was apparently caused by 'apt-listchanges' and/or 'apt-listdifferences'.

I uninstalled these two packages and the problem seems to have disappeared, I have no idea what or who installed them to begin with (whether it was me or whether they got installed as a 'suggestion' from some other package).

Last edited by tux_99 (Yesterday 20:14:43)


Either the users control the program – or the program controls the users” Richard Stallman

Online

#4 Today 02:30:27

RedGreen925
Member
Registered: 2024-12-07
Posts: 304  

Re: [SOLVED] dpkg-source: warning: cannot verify inline signature

I think I figured this out, it was apparently caused by 'apt-listchanges' and/or 'apt-listdifferences'.

I would go with the listdifferences as the listchanges have never caused a single problem for me in the many many years I have used it, never heard of the listdifferences until this thread.

zeus@9600k:~$ apt-cache policy apt-listchanges
apt-listchanges:
  Installed: 4.8
  Candidate: 4.8
  Version table:
 *** 4.8 990
        990 http://gnlug.org/pub/devuan/merged excalibur/main amd64 Packages
        100 /var/lib/dpkg/status
zeus@9600k:~$ apt-cache policy apt-listdifferences
apt-listdifferences:
  Installed: (none)
  Candidate: 1.20230122
  Version table:
     1.20230122 990
        990 http://gnlug.org/pub/devuan/merged excalibur/main amd64 Packages

Offline

#5 Today 20:44:54

tux_99
Member
Registered: 2025-06-17
Posts: 128  

Re: [SOLVED] dpkg-source: warning: cannot verify inline signature

Good to know, then I could reinstall 'apt-listchanges should I ever need it, but right now I see no reason for it.


Either the users control the program – or the program controls the users” Richard Stallman

Online

Board footer