Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1031053: extrepo-data: Problem updating apt database for spotify (invalid key)
170 views
Skip to first unread message
Carlos Henrique Lima Melara
Feb 10, 2023, 6:20:04 PM2/10/23
to
Source: extrepo-data
Version: 1.0.3
Severity: normal
X-Debbugs-Cc: charle...@riseup.net
Dear Maintainer, hi.
I'm using extrepo for managing a couple repos - thanks for your work!
I'm trying to apt update but I keep getting the following errors:
Hit:1 https://deb.debian.org/debian testing InRelease
Hit:2 http://repository.spotify.com stable InRelease
Err:2 http://repository.spotify.com stable InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7A3A762FAFD4A51F
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repository.spotify.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7A3A762FAFD4A51F
W: Failed to fetch http://repository.spotify.com/dists/stable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7A3A762FAFD4A51F
W: Some index files failed to download. They have been ignored, or old ones used instead.
The only problem I could find was checking the gpg key from
/var/lib/extrepo/keys/spotify.asc:
root@cezanne:~# gpg --show-key /var/lib/extrepo/keys/spotify.asc
gpg: invalid armor header: mQINBGNyEIMBEADYyd1k7ItqwpSVEzmwWd7uk0MgUlByGJ/8utgxeEX9QrYiResE\n
pub rsa4096 2022-11-14 [SC] [expires: 2024-02-07]
E27409F51D1B66337F2D2F417A3A762FAFD4A51F
uid Spotify Public Repository Signing Key <t...@spotify.com>
Note the invalid armor header. I think (but I could be wrong) that's the
problem because I've dowloaded the same key from spotify website and
used it (via changing the Signed-Of field to point to it) with success.
If you need any more info or youo think I should report this bug against
other package, please, let me know.
Cheers,
Charles
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-3-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Version: 1.0.3
Severity: normal
X-Debbugs-Cc: charle...@riseup.net
Dear Maintainer, hi.
I'm using extrepo for managing a couple repos - thanks for your work!
I'm trying to apt update but I keep getting the following errors:
Hit:1 https://deb.debian.org/debian testing InRelease
Hit:2 http://repository.spotify.com stable InRelease
Err:2 http://repository.spotify.com stable InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7A3A762FAFD4A51F
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repository.spotify.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7A3A762FAFD4A51F
W: Failed to fetch http://repository.spotify.com/dists/stable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7A3A762FAFD4A51F
W: Some index files failed to download. They have been ignored, or old ones used instead.
The only problem I could find was checking the gpg key from
/var/lib/extrepo/keys/spotify.asc:
root@cezanne:~# gpg --show-key /var/lib/extrepo/keys/spotify.asc
gpg: invalid armor header: mQINBGNyEIMBEADYyd1k7ItqwpSVEzmwWd7uk0MgUlByGJ/8utgxeEX9QrYiResE\n
pub rsa4096 2022-11-14 [SC] [expires: 2024-02-07]
E27409F51D1B66337F2D2F417A3A762FAFD4A51F
uid Spotify Public Repository Signing Key <t...@spotify.com>
Note the invalid armor header. I think (but I could be wrong) that's the
problem because I've dowloaded the same key from spotify website and
used it (via changing the Signed-Of field to point to it) with success.
If you need any more info or youo think I should report this bug against
other package, please, let me know.
Cheers,
Charles
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-3-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
0 new messages