GPG errors from apt update
Robert Dobbs
security server?
W: GPG error: http://security.debian.org stable/updates Release: The
following signatures were invalid: BADSIG 010908312D230C5F Debian Archive
Automatic Signing Key (2006) <ftpm...@debian.org>
W: GPG error: http://security.debian.org testing/updates Release: The
following signatures were invalid: BADSIG 010908312D230C5F Debian Archive
Automatic Signing Key (2006) <ftpm...@debian.org>
_________________________________________________________________
Check the weather nationwide with MSN Search: Try it now!
http://search.msn.com/results.aspx?q=weather&FORM=WLMTAG
--
To UNSUBSCRIBE, email to debian-secu...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Robert Dobbs
Failed to fetch
http://ftp.us.debian.org/debian/dists/unstable/main/binary-i386/Packages.bz2
MD5Sum mismatch
Failed to fetch
http://ftp.us.debian.org/debian/dists/unstable/non-free/binary-i386/Packages.bz2
MD5Sum mismatch
_________________________________________________________________
Get real-time traffic reports with Windows Live Local Search
http://local.live.com/default.aspx?v=2&cp=42.336065~-109.392273&style=r&lvl=4&scene=3712634&trfc=1
Davide Prina
> W: GPG error: http://security.debian.org stable/updates Release: The
> following signatures were invalid: BADSIG 010908312D230C5F Debian
have you update that key before?
# gpg --keyserver pgp.mit.edu --recv-keys 010908312D230C5F
# gpg --armor --export 010908312D230C5F | apt-key add -
Ciao
Davide
--
Dizionari: http://linguistico.sourceforge.net/wiki
Esci dall'illegalità: utilizza OpenOffice.org:
http://linguistico.sourceforge.net/wiki/doku.php?id=UsaOOo
Non autorizzo la memorizzazione del mio indirizzo su outlook
Robert Dobbs
Why is the key not in debian-keyring package?
-JR
_________________________________________________________________
Get the new Windows Live Messenger!
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
Davide Prina
Robert Dobbs wrote:
> I cannot do it because of my company's firewall.
you can go to a keyring site and download the key from here
> Why is the key not in debian-keyring package?
key is updated each year ... but next update will be in January (I think)
Ciao
Davide
--
Dizionari: http://linguistico.sourceforge.net/wiki
Browser: http://www.mozilla.org/products/firefox
GNU/Linux User: 302090: http://counter.li.org
Non autorizzo la memorizzazione del mio indirizzo su outlook
Robert Dobbs
I had to manually add the /usr/share/keyrings/debian-keyring.* keyrings to
~root/.gnupg/gpg.conf, then extract the keys and add with apt-key.
Shouldn't this be automatic?
But it does not matter. I still get the same error on `apt-get update`:
W: GPG error: http://security.debian.org stable/updates Release: The
following signatures were invalid: BADSIG 010908312D230C5F Debian Archive
Automatic Signing Key (2006) <ftpm...@debian.org>
W: GPG error: http://security.debian.org testing/updates Release: The
following signatures were invalid: BADSIG 010908312D230C5F Debian Archive
Automatic Signing Key (2006) <ftpm...@debian.org>
Mark
>From: Davide Prina <davide...@gmail.com>
>To: debian-...@lists.debian.org
>Subject: Re: GPG errors from apt update
>Date: Thu, 31 Aug 2006 19:59:23 +0200
>
_________________________________________________________________
Get real-time traffic reports with Windows Live Local Search
http://local.live.com/default.aspx?v=2&cp=42.336065~-109.392273&style=r&lvl=4&scene=3712634&trfc=1
Daniel Leidert
> That key is in debian-keyring, but was not in apt.
> I had to manually add the /usr/share/keyrings/debian-keyring.* keyrings to
> ~root/.gnupg/gpg.conf, then extract the keys and add with apt-key.
There is no need to add them to root's gpg.conf. The necessary key can
be easily extracted without such an action (IMO).
> Shouldn't this be automatic?
It is. But the keyrings are in debian-archive-keyring (because the did
not make it into debian-keyring for months - no idea why).
> But it does not matter. I still get the same error on `apt-get update`:
>
> W: GPG error: http://security.debian.org stable/updates Release: The
> following signatures were invalid: BADSIG 010908312D230C5F Debian Archive
> Automatic Signing Key (2006) <ftpm...@debian.org>
> W: GPG error: http://security.debian.org testing/updates Release: The
> following signatures were invalid: BADSIG 010908312D230C5F Debian Archive
> Automatic Signing Key (2006) <ftpm...@debian.org>
Just install the mentioned debian-archive-keyring package and run
'apt-key update'. Probably you fetched the wrong key:
$ gpg --no-default-keyring --keyring /usr/share/keyrings/debian-role-keys.gpg --list-keys
does not list the 2006er archive key.
Regards, Daniel
Robert Dobbs
>From: Daniel Leidert <daniel.le...@gmx.net>
>Date: Fri, 01 Sep 2006 01:30:51 +0200
>
>
>Just install the mentioned debian-archive-keyring package and run
>'apt-key update'. Probably you fetched the wrong key:
>
>$ gpg --no-default-keyring --keyring
>/usr/share/keyrings/debian-role-keys.gpg --list-keys
>
>does not list the 2006er archive key.
I had debian-archive-keyring installed already. I still get the error. But
it is sporadic -- usually if I wait a few hours or switch direct to klecker
(or back if klecker gives the error) (or to and from ftp.us and the
frontiernet mirror) and try update again, it is fine, without any changes to
keys on my part.
I realize this resembles an old issue that is easily dismissed, but it is
different from that problem, which was reported in January and which I fixed
then by installing debian-archive-keyring and it worked for a long time.
These sporadic errors started mid-June of this year. What's going on?
_________________________________________________________________
All-in-one security and maintenance for your PC. Get a free 90-day trial!
http://www.windowsonecare.com/trial.aspx?sc_cid=msn_hotmail
Sam Morris
> That key is in debian-keyring, but was not in apt.
>
> I had to manually add the /usr/share/keyrings/debian-keyring.* keyrings to
> ~root/.gnupg/gpg.conf, then extract the keys and add with apt-key.
>
> Shouldn't this be automatic?
>
> But it does not matter. I still get the same error on `apt-get update`:
>
> W: GPG error: http://security.debian.org stable/updates Release: The
> following signatures were invalid: BADSIG 010908312D230C5F Debian Archive
> Automatic Signing Key (2006) <ftpm...@debian.org>
> W: GPG error: http://security.debian.org testing/updates Release: The
> following signatures were invalid: BADSIG 010908312D230C5F Debian Archive
> Automatic Signing Key (2006) <ftpm...@debian.org>
Isn't BADSIG indicative of a bad signature rather than a missing key?
--
Sam Morris
http://robots.org.uk/
PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078
Hedges, Mark
>
> I had debian-archive-keyring installed already. I still get
> the error. But it is sporadic -- usually if I wait a few
> hours or switch direct to klecker (or back if klecker gives
> the error) (or to and from ftp.us and the frontiernet mirror)
> and try update again, it is fine, without any changes to keys
> on my part.
>
> I realize this resembles an old issue that is easily
> dismissed, but it is different from that problem, which was
> reported in January and which I fixed then by installing
> debian-archive-keyring and it worked for a long time.
> These sporadic errors started mid-June of this year. What's going on?
I hear you. I have been trying to get someone to pay attention too.
To test this, I just deleted all of my keys with apt-key, removed
the debian-keyring and debian-archive-keyring packages, reinstalled
those packages (said 2006 key was imported), then tried apt-get update.
This time, the sporadic nature of the problem is clearly demonstrated.
I have ftp.us stable, testing and unstable + security stable and testing
in my sources.list. I only got 1 error:
W: GPG error: http://ftp.us.debian.org testing Release: The following
signatures were invalid: BADSIG 010908312D230C5F Debian Archive
Automatic Signing Key (2006) <ftpm...@debian.org>
But then, I tried apt-get update about 5 minutes later with NO CHANGES
and
got these erorrs:
Failed to fetch
http://ftp.us.debian.org/debian/dists/testing/main/binary-i386/PackagesI
ndex MD5Sum mismatch
Failed to fetch
http://ftp.us.debian.org/debian/dists/testing/contrib/binary-i386/Packag
esIndex MD5Sum mismatch
Reading package lists... Done
W: Couldn't stat source package list http://ftp.us.debian.org
testing/main Packages
(/var/lib/apt/lists/ftp.us.debian.org_debian_dists_testing_main_binary-i
386_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ftp.us.debian.org
testing/contrib Packages
(/var/lib/apt/lists/ftp.us.debian.org_debian_dists_testing_contrib_binar
y-i386_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ftp.us.debian.org
testing/main Packages
(/var/lib/apt/lists/ftp.us.debian.org_debian_dists_testing_main_binary-i
386_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ftp.us.debian.org
testing/contrib Packages
(/var/lib/apt/lists/ftp.us.debian.org_debian_dists_testing_contrib_binar
y-i386_Packages) - stat (2 No such file or directory)
So, will someone take this seriously?
Mark
PLEASE IGNORE THE CORPORATE SIGNATURE BELOW. THE PUBLIC IS THE INTENDED
RECIPIENT(S).
--------------------
This email message is for the sole use of the intended recipient(s) and
may contain privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message.
Hedges, Mark
Now I tried update again with no further changes and it is totally
fubar:
Failed to fetch
http://ftp.us.debian.org/debian/dists/testing/main/binary-i386/Packages.
bz2 MD5Sum mismatch
es.bz2 MD5Sum mismatch
Failed to fetch
http://ftp.us.debian.org/debian/dists/stable/main/binary-i386/Packages.g
z MD5Sum mismatch
Failed to fetch
http://ftp.us.debian.org/debian/dists/stable/non-free/binary-i386/Packag
es.gz MD5Sum mismatch
Failed to fetch
http://ftp.us.debian.org/debian/dists/stable/contrib/binary-i386/Package
s.gz MD5Sum mismatch
Reading package lists... Done
W: Couldn't stat .....
Does anyone know what's going on?
Stephen Gran
> > So, will someone take this seriously?
>
> Now I tried update again with no further changes and it is totally
> fubar:
It sounds like the mirror is toast. Please mail the mirror admins. I
don't have an email address off hand, sorry, but it should be either on
the mirrors page or the organization page of debian.org.
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sg...@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
Simon Valiquette
Hash: RIPEMD160
Stephen Gran un jour écriva:
>
> It sounds like the mirror is toast. Please mail the mirror admins.
> I don't have an email address off hand, sorry, but it should be
> either on the mirrors page or the organization page of debian.org.
Behind ftp.us.debian.org, there is actually 4 mirrors, so there is
not any specific email address about it except maybe the Debian mirror
mailing list. Could it be a problem with only one of those mirrors?
Here the 4 servers deserving ftp.us.debian.org if you wish to check
them individually:
ike.egr.msu.edu
archive.progeny.com
debian-mirror.mirror.umn.edu
mirrors1.kernel.org
Could it be something about bad synchronization between those
servers? I don't think it should happens under normal circumstances,
especially with the 2-stages mirroring scheme, but it might be worth
to verify.
Simon Valiquette
http://gulus.USherbrooke.ca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Linux PPC)
iD8DBQFE96xfJPE+P+aMAJIRA448AJ423Wn32g6MgB6fM+yDCytZ2wiXtgCeNMkp
RkaffrOc1zYvs1gWLCQKuJQ=
=xJSd
-----END PGP SIGNATURE-----
Sam Morris
> But then, I tried apt-get update about 5 minutes later with NO CHANGES
> and got these erorrs:
>
> Failed to fetch
> http://ftp.us.debian.org/debian/dists/testing/main/binary-i386/PackagesI
> ndex MD5Sum mismatch
$ host ftp.us.debian.org
ftp.us.debian.org has address 128.101.240.212
ftp.us.debian.org has address 204.152.191.7
ftp.us.debian.org has address 216.37.55.114
ftp.us.debian.org has address 35.9.37.225
It would be helpful if apt-get informed the user of which server it is
having problems with to ease the tasks of troubleshooting and
contacting the correct mirror admin.
--
Sam Morris
http://robots.org.uk/
PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078
Robert Dobbs
>From: "Sam Morris" <s...@robots.org.uk>
>Date: Fri, 1 Sep 2006 10:11:30 +0000 (UTC)
>
>On Thu, 31 Aug 2006 16:52:06 -0700, Hedges, Mark wrote:
> > But then, I tried apt-get update about 5 minutes later with NO CHANGES
> > and got these erorrs:
> >
> > Failed to fetch
> > http://ftp.us.debian.org/debian/dists/testing/main/binary-i386/PackagesI
> > ndex MD5Sum mismatch
> > [...]
>
>$ host ftp.us.debian.org
>ftp.us.debian.org has address 128.101.240.212
>ftp.us.debian.org has address 204.152.191.7
>ftp.us.debian.org has address 216.37.55.114
>ftp.us.debian.org has address 35.9.37.225
>
>It would be helpful if apt-get informed the user of which server it is
>having problems with to ease the tasks of troubleshooting and
>contacting the correct mirror admin.
I think the problem is deeper than that.
Since June I've gotten sporadic errors with both the main archives and the
security archives. Sometimes I switch the security URL direct to the UNM or
klecker (xs4all) and it will work, then later it won't, so I switch back.
Sometimes I switch the main archive to the frontiernet mirror and it will
work for a while, then it will break, then I switch back and it will be
fine, etc.
I am almost guaranteed to get these errors at least once a day.
I think it is an issue with the signing process and the mirror updates in
general, not with any particular mirror.
I'm surprised more people haven't reported these problems. Maybe they were
ignored because they did resemble the older problem with the signing key so
closely.
_________________________________________________________________
Search from any web page with powerful protection. Get the FREE Windows Live
Toolbar Today! http://get.live.com/toolbar/overview
Jim Popovitch
Hash: SHA1
Robert Dobbs wrote:
> I'm surprised more people haven't reported these problems. Maybe they
> were ignored because they did resemble the older problem with the
> signing key so closely.
I do recall seeing something similar to what you describe, but it was
only once and it was some time ago. Have you tried sniffing the
network traffic to see what is occurring?
- -Jim P.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE+HQsMyG7U7lo69MRAi8WAKC2c+1qDAH2Q3ScnNr6medBs2pa/wCgkFPV
hKLK7l/S8lXcMYlqPWBopm4=
=K2Q9
-----END PGP SIGNATURE-----
Robert Dobbs
>From: Jim Popovitch <jim...@yahoo.com>
>Date: Fri, 01 Sep 2006 13:55:56 -0400
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Robert Dobbs wrote:
> > I'm surprised more people haven't reported these problems. Maybe they
> > were ignored because they did resemble the older problem with the
> > signing key so closely.
>
>I do recall seeing something similar to what you describe, but it was
>only once and it was some time ago. Have you tried sniffing the
>network traffic to see what is occurring?
I'm pretty sure it isn't my computer that causes the problem.
You know what, I took the other advice and put the URL's in for each of the
hosts that ftp.us links to. At the moment, at least, the problems seem to
be on the mirrors1.kernel.org and the progeny mirror.
But that still doesn't explain the sporadic problems with the security
archives.
_________________________________________________________________
All-in-one security and maintenance for your PC. Get a free 90-day trial!
http://www.windowsonecare.com/trial.aspx?sc_cid=msn_hotmail