Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Problems with apt in a clean stretch install.
1,191 views
Skip to first unread message
Wayne Hartell
Jul 4, 2017, 2:30:04 AM7/4/17
to
Hi all,
I’m a Linux novice and have run into a problem with a clean Stretch install and apt.
I started tinkering with Debian late in the game with Wheezy and have used Jessie pretty much without problem. After setting up some new Stretch systems (amd64) I am running into issues when using apt.
The first set of errors I get from apt when trying to run “update” are:
W: http://ftp.iinet.net.au/debian/debian/dists/stretch-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is not readable by user ‘_apt’ executing apt-key.
W: http://ftp.iinet.net.au/debian/dists/stretch/Release.gpg: The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is not readable by user ‘_apt’ executing apt-key.
W: http://security.debian.org/debian-security/dists/stretch/updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is not readable by user ‘_apt’ executing apt-key.
I managed to solve<?> this error after checking that the permissions on /etc/apt/trusted.gpg were 0600 and edited them to be 0644. (Is this the correct default permission for the file trusted.gpg?)
After that, when I run apt-get update again, I get a list of errors about errors occurring due to signature verification.
e.g., “The repository is not updated and the previous index files will be used. GPG error: http://ftp.iinet.net.au/debian/debian stretch-updates InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY <key>
The above error is an abbreviated hand typed reproduction; not the actual output. I can provide the full list of errors if it helps.
In another thread I read something about ensuring that the “debian-archive-keyring” is installed, and it is, version 2017.5.
I just checked on second clean stretch install and it’s the same situation; same exact problems.
I am wondering what I might be doing wrong?
Regards,
Wayne.
Dejan Jocic
Jul 4, 2017, 3:10:06 AM7/4/17
to
Wayne Hartell
Jul 4, 2017, 3:30:05 AM7/4/17
to
sources).
GPG error: http://deb.debian.org/debian stretch-updates InRelease: The
following signatures couldn't be verified because the public key is not
available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010The
repository 'http://deb.debian.org/debian stretch-updates InRelease' is not
signed.Updating from such a repository can't be done securely, and is
therefore disabled by default.See apt-secure(8) manpage for repository
creation and user configuration details.
Notably, the keys (e.g., 8B48AD6246925553 and 7638D0442B90D010) ARE present
when I run 'apt-key list'.
When I search this forum for these keys (e.g., "8B48AD6246925553") I find
two threads with similar kinds of errors, but no solution on either. I'm
wondering whether I have fallen into some kind of crack perhaps.
I'm not sure why this is happening with all my fresh installs. I am
wondering whether the fact I used a local mirror (ftp.iinet.net.au) during
the install process has anything to do with it. I guess there is one way to
find out.
Another thing I'll mention that may or may not be relevant is that during
the installation I did not (and have not in the past) set up root, instead
preferring to use sudo.
I should also note that I read in another thread that Jimmy Johnson says:
"Also, if you used the live dvd it's screwing up apt gpg-keys and you will
not see updates until the keys are fixed. ", but I didn't install from the
live DVD, I installed from the regular non live DVD, so I don't think this
is relevant.
In the meantime I guess I can experiment with different install
settings/approaches, but I'd rather, of course, find a way to fix an already
installed system.
Cheers.
Felix Miata
Jul 4, 2017, 4:20:05 AM7/4/17
to
Wayne Hartell composed on 2017-07-04 15:46 (UTC+0930):
> ...I managed to solve<?> this error after checking that the permissions on
I have to guess 644 is correct, as that is what is set on the Stretch I have
booted currently (as are all regular files in /etc/apt/), and I've never touched
it myself.
Do you get the same errors running 'apt update' instead of 'apt-get update'?
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
> ...I managed to solve<?> this error after checking that the permissions on
> /etc/apt/trusted.gpg were 0600 and edited them to be 0644. (Is this the
> correct default permission for the file trusted.gpg?)...
I have to guess 644 is correct, as that is what is set on the Stretch I have
booted currently (as are all regular files in /etc/apt/), and I've never touched
it myself.
Do you get the same errors running 'apt update' instead of 'apt-get update'?
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
Dejan Jocic
Jul 4, 2017, 4:20:05 AM7/4/17
to
On 04-07-17, Wayne Hartell wrote:
> >
> >Did you try to change mirror you use in your sources.list?
> >
>
> I did and it doesn't help (I get the same error with multiple different
> sources).
>
> GPG error: http://deb.debian.org/debian stretch-updates InRelease: The
> following signatures couldn't be verified because the public key is not
> available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010The
> repository 'http://deb.debian.org/debian stretch-updates InRelease' is not
> signed.Updating from such a repository can't be done securely, and is
> therefore disabled by default.See apt-secure(8) manpage for repository
> creation and user configuration details.
>
> Notably, the keys (e.g., 8B48AD6246925553 and 7638D0442B90D010) ARE present
> when I run 'apt-key list'.
>
> When I search this forum for these keys (e.g., "8B48AD6246925553") I find
> two threads with similar kinds of errors, but no solution on either. I'm
> wondering whether I have fallen into some kind of crack perhaps.
>
Not sure that it will be helpful, but just a thought. How about
> >
> >Did you try to change mirror you use in your sources.list?
> >
>
> I did and it doesn't help (I get the same error with multiple different
> sources).
>
> GPG error: http://deb.debian.org/debian stretch-updates InRelease: The
> following signatures couldn't be verified because the public key is not
> available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010The
> repository 'http://deb.debian.org/debian stretch-updates InRelease' is not
> signed.Updating from such a repository can't be done securely, and is
> therefore disabled by default.See apt-secure(8) manpage for repository
> creation and user configuration details.
>
> Notably, the keys (e.g., 8B48AD6246925553 and 7638D0442B90D010) ARE present
> when I run 'apt-key list'.
>
> When I search this forum for these keys (e.g., "8B48AD6246925553") I find
> two threads with similar kinds of errors, but no solution on either. I'm
> wondering whether I have fallen into some kind of crack perhaps.
>
reinstalling debian-archive-keyring package?
Dejan Jocic
Jul 4, 2017, 4:30:04 AM7/4/17
to
How about this solution, it worked in similar case:
https://lists.debian.org/debian-user/2017/05/msg00467.html
Wayne Hartell
Jul 4, 2017, 5:20:06 AM7/4/17
to
> Wayne Hartell composed on 2017-07-04 15:46 (UTC+0930):
>
> > ...I managed to solve<?> this error after checking that the
> > permissions on /etc/apt/trusted.gpg were 0600 and edited them to be
> > 0644. (Is this the correct default permission for the file trusted.gpg?)...
>
> I have to guess 644 is correct, as that is what is set on the Stretch I have booted currently (as are all regular files in /etc/apt/), and I've never touched it myself.
>
> Do you get the same errors running 'apt update' instead of 'apt-get update'?
Yes, it seems that I get the same errors that way too.
>
> > ...I managed to solve<?> this error after checking that the
> > permissions on /etc/apt/trusted.gpg were 0600 and edited them to be
> > 0644. (Is this the correct default permission for the file trusted.gpg?)...
>
> I have to guess 644 is correct, as that is what is set on the Stretch I have booted currently (as are all regular files in /etc/apt/), and I've never touched it myself.
>
> Do you get the same errors running 'apt update' instead of 'apt-get update'?
I tried a new clean install test and seem to end up with permissions under /etc/apt/ always as 0600, so I am not sure what is going on. Looks like an issue with a clean install, but I am wondering why it's not coming up more often (unless most people are upgrading from Jessie).
Wayne Hartell
Jul 4, 2017, 5:40:04 AM7/4/17
to
"Reinstallation of debian-archive-keyring is not possible, it cannot be
downloaded."
I tried adding my installation DVD back into the sources, but apt rejects it
with the following:
"The repository 'cdrom://Debian GNU/Linux 9.0.0 _Stretch_ = Official amd64
DVD Binary-1 20170617-13:08] stretch Release' does not have a Release file."
Wayne Hartell
Jul 4, 2017, 5:40:05 AM7/4/17
to
>How about this solution, it worked in similar case:
>
> https://lists.debian.org/debian-user/2017/05/msg00467.html
note that the claim of "solution" was a false alarm.
I will give it a try none the less, since I am clutching at straws now.
FYI - I just tested a brand new clean install, this time NOT using a local
mirror during installation and it's the same problems again. I have to
conclude that there's something wrong with the installation, at least for
the combination of options I am choosing. I may have to go back to Jessie
where I never had these kinds of problems.
Norbert Kiszka
Jul 4, 2017, 5:50:06 AM7/4/17
to
Dnia 2017-07-04, wto o godzinie 19:02 +0930, Wayne Hartell pisze:
1. Comment out DVD repository from /etc/apt/sources.list (add # before
deb cdrom:...).
2. Try to # apt-get update
3. Check if it work. If not, manualy download latest
debian-archive-keyring for stretch (from repository) and install it like
this: #dpkg -i /path/to/debian-archive-keyring.deb and try again to make
update.
deb cdrom:...).
2. Try to # apt-get update
3. Check if it work. If not, manualy download latest
debian-archive-keyring for stretch (from repository) and install it like
this: #dpkg -i /path/to/debian-archive-keyring.deb and try again to make
update.
Wayne Hartell
Jul 4, 2017, 6:00:05 AM7/4/17
to
> 1. Comment out DVD repository from /etc/apt/sources.list (add # before deb cdrom:...).
> 2. Try to # apt-get update
> 3. Check if it work. If not, manualy download latest debian-archive-keyring for stretch (from repository) and install it like
> this: #dpkg -i /path/to/debian-archive-keyring.deb and try again to make update.
I did this. Here is the full output in case I am missing something pertinent in my previous descriptions of the errors.
> 2. Try to # apt-get update
> 3. Check if it work. If not, manualy download latest debian-archive-keyring for stretch (from repository) and install it like
> this: #dpkg -i /path/to/debian-archive-keyring.deb and try again to make update.
debianuser@masterdebian964:~/Documents$ sudo dpkg -i debian-archive-keyring_2017.5_all.deb
(Reading database ... 126483 files and directories currently installed.)
Preparing to unpack debian-archive-keyring_2017.5_all.deb ...
Unpacking debian-archive-keyring (2017.5) over (2017.5) ...
Setting up debian-archive-keyring (2017.5) ...
debianuser@masterdebian964:~/Documents$ sudo apt-get update
Ign:1 http://deb.debian.org/debian stretch InRelease
Ign:2 http://deb.debian.org/debian stretch/updates InRelease
Get:3 http://deb.debian.org/debian stretch-updates InRelease [88.5 kB]
Hit:4 http://deb.debian.org/debian stretch Release
Ign:3 http://deb.debian.org/debian stretch-updates InRelease
Ign:5 http://deb.debian.org/debian stretch/updates Release
Get:6 http://deb.debian.org/debian stretch Release.gpg [3,108 B]
Ign:6 http://deb.debian.org/debian stretch Release.gpg
Ign:7 http://deb.debian.org/debian stretch/updates/main Sources
Ign:8 http://deb.debian.org/debian stretch/updates/main amd64 Packages
Ign:9 http://deb.debian.org/debian stretch/updates/main all Packages
Ign:10 http://deb.debian.org/debian stretch/updates/main Translation-en_AU
Ign:11 http://deb.debian.org/debian stretch/updates/main Translation-en
Ign:12 http://deb.debian.org/debian stretch/updates/main amd64 DEP-11 Metadata
Ign:13 http://deb.debian.org/debian stretch/updates/main all DEP-11 Metadata
Ign:14 http://deb.debian.org/debian stretch/updates/main DEP-11 64x64 Icons
Ign:7 http://deb.debian.org/debian stretch/updates/main Sources
Ign:8 http://deb.debian.org/debian stretch/updates/main amd64 Packages
Ign:9 http://deb.debian.org/debian stretch/updates/main all Packages
Ign:10 http://deb.debian.org/debian stretch/updates/main Translation-en_AU
Ign:11 http://deb.debian.org/debian stretch/updates/main Translation-en
Ign:12 http://deb.debian.org/debian stretch/updates/main amd64 DEP-11 Metadata
Ign:13 http://deb.debian.org/debian stretch/updates/main all DEP-11 Metadata
Ign:14 http://deb.debian.org/debian stretch/updates/main DEP-11 64x64 Icons
Ign:7 http://deb.debian.org/debian stretch/updates/main Sources
Ign:8 http://deb.debian.org/debian stretch/updates/main amd64 Packages
Ign:9 http://deb.debian.org/debian stretch/updates/main all Packages
Ign:10 http://deb.debian.org/debian stretch/updates/main Translation-en_AU
Ign:11 http://deb.debian.org/debian stretch/updates/main Translation-en
Ign:12 http://deb.debian.org/debian stretch/updates/main amd64 DEP-11 Metadata
Ign:13 http://deb.debian.org/debian stretch/updates/main all DEP-11 Metadata
Ign:14 http://deb.debian.org/debian stretch/updates/main DEP-11 64x64 Icons
Ign:7 http://deb.debian.org/debian stretch/updates/main Sources
Ign:8 http://deb.debian.org/debian stretch/updates/main amd64 Packages
Ign:9 http://deb.debian.org/debian stretch/updates/main all Packages
Ign:10 http://deb.debian.org/debian stretch/updates/main Translation-en_AU
Ign:11 http://deb.debian.org/debian stretch/updates/main Translation-en
Ign:12 http://deb.debian.org/debian stretch/updates/main amd64 DEP-11 Metadata
Ign:13 http://deb.debian.org/debian stretch/updates/main all DEP-11 Metadata
Ign:14 http://deb.debian.org/debian stretch/updates/main DEP-11 64x64 Icons
Ign:7 http://deb.debian.org/debian stretch/updates/main Sources
Ign:8 http://deb.debian.org/debian stretch/updates/main amd64 Packages
Ign:9 http://deb.debian.org/debian stretch/updates/main all Packages
Ign:10 http://deb.debian.org/debian stretch/updates/main Translation-en_AU
Ign:11 http://deb.debian.org/debian stretch/updates/main Translation-en
Ign:12 http://deb.debian.org/debian stretch/updates/main amd64 DEP-11 Metadata
Ign:13 http://deb.debian.org/debian stretch/updates/main all DEP-11 Metadata
Ign:14 http://deb.debian.org/debian stretch/updates/main DEP-11 64x64 Icons
Err:7 http://deb.debian.org/debian stretch/updates/main Sources
404 Not Found [IP: 52.85.41.44 80]
Ign:8 http://deb.debian.org/debian stretch/updates/main amd64 Packages
Ign:9 http://deb.debian.org/debian stretch/updates/main all Packages
Ign:10 http://deb.debian.org/debian stretch/updates/main Translation-en_AU
Ign:11 http://deb.debian.org/debian stretch/updates/main Translation-en
Ign:12 http://deb.debian.org/debian stretch/updates/main amd64 DEP-11 Metadata
Ign:13 http://deb.debian.org/debian stretch/updates/main all DEP-11 Metadata
Ign:14 http://deb.debian.org/debian stretch/updates/main DEP-11 64x64 Icons
Fetched 91.6 kB in 33s (2,733 B/s)
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian stretch-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: The repository 'http://deb.debian.org/debian stretch-updates InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://deb.debian.org/debian stretch/updates Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1 NO_PUBKEY EF0F382A1A7B6500
W: The repository 'http://deb.debian.org/debian stretch Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch http://deb.debian.org/debian/dists/stretch/updates/main/source/Sources 404 Not Found [IP: 52.85.41.44 80]
E: Some index files failed to download. They have been ignored, or old ones used instead.
Norbert Kiszka
Jul 4, 2017, 6:10:06 AM7/4/17
to
> W: GPG error: http://deb.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1 NO_PUBKEY EF0F382A1A7B6500
> W: The repository 'http://deb.debian.org/debian stretch Release' is not signed.
> N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
> N: See apt-secure(8) manpage for repository creation and user configuration details.
> E: Failed to fetch http://deb.debian.org/debian/dists/stretch/updates/main/source/Sources 404 Not Found [IP: 52.85.41.44 80]
> E: Some index files failed to download. They have been ignored, or old ones used instead.
>
>
Read this:
> W: The repository 'http://deb.debian.org/debian stretch Release' is not signed.
> N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
> N: See apt-secure(8) manpage for repository creation and user configuration details.
> E: Failed to fetch http://deb.debian.org/debian/dists/stretch/updates/main/source/Sources 404 Not Found [IP: 52.85.41.44 80]
> E: Some index files failed to download. They have been ignored, or old ones used instead.
>
>
https://unix.stackexchange.com/questions/75807/no-public-key-available-on-apt-get-update
Dejan Jocic
Jul 4, 2017, 6:10:06 AM7/4/17
to
On 04-07-17, Wayne Hartell wrote:
Also, many people did do clean install of Jessie. Though, it is annoying
bug for sure. But it is probably not so widespread. Perhaps you could
give it a shot on a clean install with root enabled from start, you can
always allow sudo for your user after that?
Phil Wyett
Jul 4, 2017, 6:30:08 AM7/4/17
to
This issue seems to be created by 'synaptic'.
If you you 'apt' in the terminal, you will be fine.
If you use 'software-properties-gtk' to adjust repositories, you will
be fine.
The issue is created if you run 'synaptic' and then adjust
repositories via 'Settings -> Repositories. A soon as you do this a
file '/etc/apt/trusted.gpg' is created and it is this that is throwing
everything off.
Output:
philwyett@ks-skywalker:~$ synaptic-pkexec
ERROR:root:Cannot import UbuntuDrivers: No module named
'UbuntuDrivers'
gpg: keybox '/etc/apt/trusted.gpg' created
ERROR:root:Cannot import UbuntuDrivers: No module named
'UbuntuDrivers'
gpg: keybox '/etc/apt/trusted.gpg' created
It is the last line that is the issue. If you run 'software-
properties-gtk' and adjust repositories, the file is not created.
Quick remedy:
sudo rm -f /etc/apt/trusted.gpg
Now run 'synaptic' or 'apt' as usual. If you run 'synaptic', do not
use the menu option 'Settings -> Repositories.
This could probably do with a bug raising.
Regards
Phil
--
Playing the game for the games sake.
Web: https://kathenas.org
Twitter: kathenasorg
Instagram: kathenasorg
Michael Lange
Jul 4, 2017, 6:40:05 AM7/4/17
to
Hi,
here (Jessie) /etc/apt/trusted.gpg is 0600. I never touched this file, so
I guess this is standard. The other files in /etc/apt appear to be 0644.
Since root can read/write the file anyway, I don't believe that the
permissions could cause the OP's problem, though.
Regards
Michael
.-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-.
Madness has no purpose. Or reason. But it may have a goal.
-- Spock, "The Alternative Factor", stardate 3088.7
I guess this is standard. The other files in /etc/apt appear to be 0644.
Since root can read/write the file anyway, I don't believe that the
permissions could cause the OP's problem, though.
Regards
Michael
.-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-.
Madness has no purpose. Or reason. But it may have a goal.
-- Spock, "The Alternative Factor", stardate 3088.7
Wayne Hartell
Jul 4, 2017, 6:50:05 AM7/4/17
to
I don't have enough experience nor understanding of Linux to know whether it's a bug or dumb user and though I suspect the latter, I feel like there's a chance it could be the former.
SDA
Jul 4, 2017, 7:00:05 AM7/4/17
to
On Tue, Jul 04, 2017 at 08:17:53PM +0930, Wayne Hartell wrote:
Er ... sorry that last email should read ".... Phil Wyett's suggestion" in
this thread.
Er ... sorry that last email should read ".... Phil Wyett's suggestion" in
this thread.
SDA
Jul 4, 2017, 7:00:05 AM7/4/17
to
On Tue, Jul 04, 2017 at 08:17:53PM +0930, Wayne Hartell wrote:
> Thanks. Yeah I have tried importing keys (even though they already exist
> as confirmed with 'apt-key list' and it makes no difference. All the keys
> complained about are already present.
>
> I don't have enough experience nor understanding of Linux to know whether it's a bug or dumb user and though I suspect the latter, I feel like there's a chance it could be the former.
Did you try Phil Hartnell's suggestion? It sounds promising - In fact I had
> as confirmed with 'apt-key list' and it makes no difference. All the keys
> complained about are already present.
>
> I don't have enough experience nor understanding of Linux to know whether it's a bug or dumb user and though I suspect the latter, I feel like there's a chance it could be the former.
this exact issue on a relatives computer, and I'm going to try his
suggestion later on. The sequence of events he describes sounds relevant to
the situation I experienced, so worth a shot methinks. Please advise us how
it goes.
Jimmy Johnson
Jul 4, 2017, 7:00:06 AM7/4/17
to
9.1-live-dvd install, I had to same problem using it. The problem does
not occur using the net-install. I have not tested any other installers
but the rc3-live did not seem to have the problem, cause I used it and
installed software with no problem.
Cheers,
--
Jimmy Johnson
Debian Stretch - KDE Plasma 5.8.6 at sda13
Registered Linux User #380263
Norbert Kiszka
Jul 4, 2017, 7:10:05 AM7/4/17
to
> > Read this:
> >
> > https://unix.stackexchange.com/questions/75807/no-public-key-available-on-apt-get-update
> >
>
> Thanks. Yeah I have tried importing keys (even though they already exist as confirmed with 'apt-key list' and it makes no difference. All the keys complained about are already present.
>
> I don't have enough experience nor understanding of Linux to know whether it's a bug or dumb user and though I suspect the latter, I feel like there's a chance it could be the former.
>
Hmmm I use Jessie for last years, with no any experience with Strech
> >
> > https://unix.stackexchange.com/questions/75807/no-public-key-available-on-apt-get-update
> >
>
> Thanks. Yeah I have tried importing keys (even though they already exist as confirmed with 'apt-key list' and it makes no difference. All the keys complained about are already present.
>
> I don't have enough experience nor understanding of Linux to know whether it's a bug or dumb user and though I suspect the latter, I feel like there's a chance it could be the former.
>
yet. But I feel you have some problem(s) with sources.list or with apt
file(s) privileges somehow/somewhere.
In this link before, there is something more - did You try to install
debian-keyring (before was debian-archive-keyring)?
Phil Wyett
Jul 4, 2017, 7:20:04 AM7/4/17
to
Additional info. Why via synaptic the 'trusted.gpg' file is being
created needs investigation.
The file is a 32 byte file (way to small to be a valid key) is not
even viewable by normal key view methods i.e.
gpg -k /etc/apt/trusted.gpg
or
gpg -K /etc/apt/trusted.gpg
/me has the feeling the file is just garbage.
Wayne Hartell
Jul 4, 2017, 7:20:04 AM7/4/17
to
> > > Read this:
> > >
> > > https://unix.stackexchange.com/questions/75807/no-public-key-availab
There doesn't seem to be a debian-keyring package under stretch (only debian-archive-keyring).
I'm following some other leads and will report back how I go. I do very much appreciate your assistance.
> > >
> > > https://unix.stackexchange.com/questions/75807/no-public-key-availab
> > > le-on-apt-get-update
> > >
> >
> > Thanks. Yeah I have tried importing keys (even though they already exist as confirmed with 'apt-key list' and it makes no difference. All the keys complained about are already present.
> >
> > I don't have enough experience nor understanding of Linux to know whether it's a bug or dumb user and though I suspect the latter, I feel like there's a chance it could be the former.
> >
>
> Hmmm I use Jessie for last years, with no any experience with Strech yet. But I feel you have some problem(s) with sources.list or with apt
> file(s) privileges somehow/somewhere.
>
> In this link before, there is something more - did You try to install debian-keyring (before was debian-archive-keyring)?
I had no problems under Jessie and have used it on multiple systems. This seems to be a new issue with Stretch.
> > >
> >
> > Thanks. Yeah I have tried importing keys (even though they already exist as confirmed with 'apt-key list' and it makes no difference. All the keys complained about are already present.
> >
> > I don't have enough experience nor understanding of Linux to know whether it's a bug or dumb user and though I suspect the latter, I feel like there's a chance it could be the former.
> >
>
> Hmmm I use Jessie for last years, with no any experience with Strech yet. But I feel you have some problem(s) with sources.list or with apt
> file(s) privileges somehow/somewhere.
>
> In this link before, there is something more - did You try to install debian-keyring (before was debian-archive-keyring)?
There doesn't seem to be a debian-keyring package under stretch (only debian-archive-keyring).
I'm following some other leads and will report back how I go. I do very much appreciate your assistance.
Wayne Hartell
Jul 4, 2017, 7:20:04 AM7/4/17
to
> Out of the head, but you did check install media with MD5 or SHA sums?
> Also, many people did do clean install of Jessie. Though, it is annoying
bug for sure. But it is probably not so widespread. Perhaps you could give
it a shot on a clean install with root enabled from start, you can always
allow sudo for your user after that?
Yes I did verify using SHA-256.
> Also, many people did do clean install of Jessie. Though, it is annoying
bug for sure. But it is probably not so widespread. Perhaps you could give
it a shot on a clean install with root enabled from start, you can always
allow sudo for your user after that?
f0a87f42ba0090314a4d3e45afe43d7fe7c115305bed266fe51a650c58cf3cab
debian-9.0.0-amd64-DVD-1.iso
My clean installs of Jessie never had any problems; just clean stretch
installs.
If I can't find any other solution I will try a clean install with root
enabled, though if the DVD is the culprit (as per Jimmy Johnson) I may be
best off installing 8.8 and doing a net upgrade.
Wayne Hartell
Jul 4, 2017, 7:20:04 AM7/4/17
to
> The OP did not say, but I believe the problem is coming from a 9.1-live-dvd install, I had to same problem using it. The problem does not occur using the net-install. I have not tested any other installers but the rc3-live did not seem to have the problem, cause I > used it and installed software with no problem.
>
> Cheers,
> --
> Jimmy Johnson
> Debian Stretch - KDE Plasma 5.8.6 at sda13 Registered Linux User #380263
Hi Jimmy,
>
> Cheers,
> --
> Jimmy Johnson
> Debian Stretch - KDE Plasma 5.8.6 at sda13 Registered Linux User #380263
I saw one of your previous posts regarding the live cd/dvd.
I used the following to install, but not sure if this is the live dvd you refer to (I thought there was a difference between a regular install dvd and a live dvd?).
f0a87f42ba0090314a4d3e45afe43d7fe7c115305bed266fe51a650c58cf3cab debian-9.0.0-amd64-DVD-1.iso
My keys (using apt-key list) seem to be present, but then I am not experienced enough to know 100% for sure what I am looking at. Certainly the keys complained about are listed.
Regards,
Wayne.
Wayne Hartell
Jul 4, 2017, 7:30:05 AM7/4/17
to
> Er ... sorry that last email should read ".... Phil Wyett's suggestion" in
this thread.
Yes, trying Phil's suggestion and will report back once I have had the time
this thread.
to explore it properly (several systems now exhibiting this problem). As a
teaser, it seems that even software-properties-gtk creates the trusted.gpg
file, but even with that file deleted (as per Phil) and sticking to the
terminal and apt-get, I get the same key related errors. In fact if I use
software-properties-gtk it seems to jam up on "Refeshing software cache"...
has been going on one machine now over 30 minutes.
Phil Wyett
Jul 4, 2017, 7:40:06 AM7/4/17
to
I do not use the main server. I switched 'software-properties-gtk' to
use it and I also get a hang at the what seems the end of the 'reload'
process. In the terminal I see:
Traceback (most recent call last):
File "/usr/lib/python3/dist-
packages/softwareproperties/gtk/DialogCacheOutdated.py", line 86, in
on_pktask_finish
results = self._pktask.generic_finish(result)
GLib.Error: pk-client-error-quark: E: The repository 'http://deb.debia
n.org/debian stretch/updates Release' does not have a Release file.
W: Updating from such a repository can't be done securely, and is
therefore disabled by default.
W: See apt-secure(8) manpage for repository creation and user
configuration details.
(319)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-
packages/softwareproperties/gtk/DialogCacheOutdated.py", line 89, in
on_pktask_finish
Gtk.ButtonsType.CANCEL, _("Error while refreshing cache"))
File "/usr/lib/python3/dist-packages/gi/overrides/__init__.py", line
326, in new_init
return super_init_func(self, **new_kwargs)
File "/usr/lib/python3/dist-packages/gi/overrides/Gtk.py", line 537,
in __init__
self._init(*args, **new_kwargs)
File "/usr/lib/python3/dist-packages/gi/overrides/__init__.py", line
326, in new_init
return super_init_func(self, **new_kwargs)
File "/usr/lib/python3/dist-packages/gi/overrides/__init__.py", line
326, in new_init
return super_init_func(self, **new_kwargs)
TypeError: could not convert value for property `transient_for' from
DialogCacheOutdated to GtkWindow
Using a mirror such as bytemark.co.uk, results in no issues here.
Jimmy Johnson
Jul 4, 2017, 8:20:05 AM7/4/17
to
I have not tested that install dvd. But I did have problems with the
live-dvd, I've used rc3 and it was great, maybe try it or use the zip
file I attached to my other post for a quick fix, just extract and copy
to /etc.
Wayne Hartell
Jul 4, 2017, 10:30:07 AM7/4/17
to
FYI - I see the same exceptions as you in the terminal when running 'software-properties-gtk'.
On a laptop that I have set up for my wife (time to get her into Debian!) I was able to solve the issue just now by doing the following:
1. sudo -rm -f /etc/apt/trusted.gpg
[Thanks for this step!]
2. sudo apt-get update
[generated errors]
Err:15 http://ftp.iinet.net.au/debian/debian stretch/updates/non-free Sources
404 Not Found
[Perhaps this expected with non-free sources]
A bunch of stuff (only seen on this laptop) about 'Symlinking final file /var/lib/apt/lists <...> failed - pkgAcqIndex::StageDownloadDone (17: File exists)
The repository 'http://ftp.iinet.net.au/debian/debian stretch/updates Release' does not have a Release file.
Failed to fetch http://ftp.iinet.net.au/debian/dists/stretch/updates/non-free/source/Sources 404 Not Found
But this time NO public key errors, which is weird because they were definitely happening earlier on this machine.
3. /var/lib/apt/lists$ sudo rm -r -f *
[This was mentioned by Dejan Jocic earlier, but the thread didn't lead to a solution. I tried it this time due to the Symlinking errors I was seeing on this particular laptop.]
4. sudo apt-get update
[generated errors]
Err:16 http://ftp.iinet.net.au/debian/debian stretch/updates/non-free Sources
404 Not Found
The repository 'http://ftp.iinet.net.au/debian/debian stretch/updates Release' does not have a Release file.
Failed to fetch http://ftp.iinet.net.au/debian/dists/stretch/updates/non-free/source/Sources 404 Not Found
5. sudo apt-get upgrade
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
6. So then I tried changed sources.list to that found here:
https://wiki.debian.org/SourcesList
Running sudo apt-get upgrade now produces no errors at all.
Running sudo apt-get update now shows that there is one package that will be upgraded (libcrypt20).
Unfortunately, following these steps (1, 3 and 6) on my other machine does not work. I still get public key errors.
I guess it's quite possible that with my messing around trying to import public keys that I have killed something on that machine. On my wife's laptop I didn't do anything other than the above steps.
Being a novice I am unable to figure out what all this means in terms of a full explanation/diagnosis other than perhaps there being an issue with some mirrors?, but for the time being I am happy that my wife's machine is working. I will try these steps on another Stretch laptop that I have shortly.
The first machine that seems to be toast is a VM and not a big deal. I will try installing from the RC3 DVD (as per Jimmy) or upgrading from 8.8 instead.
Regards,
Wayne.
Jason Wittlin-Cohen
Jul 4, 2017, 10:40:06 AM7/4/17
to
Hi Wayne,
I ran into the same issue with trusted.gpg. I opened the file in nano and it was completely empty. My guess is that apt is looking to this file for the public keys of the various servers, and it complains when it can't find them. In fact, the keys are stored in the /etc/apt/trusted.gpg.d/. The relevant files are debian-archive-stretch-automatic.gpg and debian-archive-stretch-security-automatic.gpg. When you have an empty trusted.gpg file in /etc/apt, it appears to ignore the /etc/apt/trusted.gpg.d directory. Deleting the empty trusted.gpg file resolved the issue for me. Importing the public keys manually isn't helping because apt is looking to the wrong location for the public keys.
Jason
Michael Lange
Jul 4, 2017, 2:30:05 PM7/4/17
to
On Tue, 04 Jul 2017 12:19:24 +0100
Phil Wyett <phil...@kathenas.org> wrote:
> Additional info. Why via synaptic the 'trusted.gpg' file is being
> created needs investigation.
>
> The file is a 32 byte file (way to small to be a valid key) is not
> even viewable by normal key view methods i.e.
>
Here it is 7.1 kB.
Phil Wyett <phil...@kathenas.org> wrote:
> Additional info. Why via synaptic the 'trusted.gpg' file is being
> created needs investigation.
>
> The file is a 32 byte file (way to small to be a valid key) is not
> even viewable by normal key view methods i.e.
>
(...)
> /me has the feeling the file is just garbage.
I don't think so, quoting https://wiki.debian.org/SecureApt :
"apt-key is a program that is used to manage a keyring of gpg keys for
secure apt. The keyring is kept in the file /etc/apt/trusted.gpg (not to
be confused with the related but not very
interesting /etc/apt/trustdb.gpg). apt-key can be used to show the keys
in the keyring, and to add or remove a key. In more recent Debian
GNU/Linux versions (Wheezy, for example), the keyrings are stored in
specific files all located in the /etc/apt/trusted.gpg.d directory. For
example, that directory could contain the following files:
debian-archive-squeeze-automatic.gpg or
debian-archive-wheezy-automatic.gpg. Incidentally, both files are
provided by the debian-archive-keyring package. "
So apparently, if you have any keys added to the apt keyring that don't
appear in /etc/apt/trusted.gpg.d/ they went into trusted.gpg . The keys
included in any of these files can be queried with
# apt-key list
Here the file includes five keys.
Regards
Michael
.-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-.
-- Captain Christopher Pike, "The Menagerie" ("The Cage"),
stardate unknown.
Michael Lange
Jul 4, 2017, 2:40:05 PM7/4/17
to
Hi,
On Tue, 4 Jul 2017 23:58:17 +0930
"Wayne Hartell" <w.ha...@ozemail.com.au> wrote:
I did not read this last post or the whole thread very carefully, but
now something hit my eyes:
> 4. sudo apt-get update
> [generated errors]
> Err:16 http://ftp.iinet.net.au/debian/debian
> stretch/updates/non-free Sources 404 Not Found
^^^^
Shouldn't this be stretch-updates?
Not sure how this is related to the problem you described in the first
place, though.
Regards
Michael
.-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-.
Worlds are conquered, galaxies destroyed -- but a woman is always a woman.
-- Kirk, "The Conscience of the King", stardate 2818.9
On Tue, 4 Jul 2017 23:58:17 +0930
"Wayne Hartell" <w.ha...@ozemail.com.au> wrote:
I did not read this last post or the whole thread very carefully, but
now something hit my eyes:
> 4. sudo apt-get update
> [generated errors]
> Err:16 http://ftp.iinet.net.au/debian/debian
> stretch/updates/non-free Sources 404 Not Found
Shouldn't this be stretch-updates?
Not sure how this is related to the problem you described in the first
place, though.
Regards
Michael
.-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-.
-- Kirk, "The Conscience of the King", stardate 2818.9
Frank
Jul 4, 2017, 3:10:06 PM7/4/17
to
Op 04-07-17 om 12:23 schreef Phil Wyett:
Run it stand alone after deleting trusted.gpg and watch it reappear again.
> It is the last line that is the issue. If you run 'software-
> properties-gtk' and adjust repositories, the file is not created.
Not my experience.
Regards,
Frank
> This issue seems to be created by 'synaptic'.
>
> If you you 'apt' in the terminal, you will be fine.
>
> If you use 'software-properties-gtk' to adjust repositories, you will
> be fine.
>
> The issue is created if you run 'synaptic' and then adjust
> repositories via 'Settings -> Repositories. A soon as you do this a
> file '/etc/apt/trusted.gpg' is created and it is this that is throwing
> everything off.
Synaptic uses software-properties-gtk which is the cause of this mess.
>
> If you you 'apt' in the terminal, you will be fine.
>
> If you use 'software-properties-gtk' to adjust repositories, you will
> be fine.
>
> The issue is created if you run 'synaptic' and then adjust
> repositories via 'Settings -> Repositories. A soon as you do this a
> file '/etc/apt/trusted.gpg' is created and it is this that is throwing
> everything off.
Run it stand alone after deleting trusted.gpg and watch it reappear again.
> ERROR:root:Cannot import UbuntuDrivers: No module named
> 'UbuntuDrivers'
> gpg: keybox '/etc/apt/trusted.gpg' created
> ERROR:root:Cannot import UbuntuDrivers: No module named
> 'UbuntuDrivers'
> gpg: keybox '/etc/apt/trusted.gpg' created
These messages are from software-properties-gtk.
> 'UbuntuDrivers'
> gpg: keybox '/etc/apt/trusted.gpg' created
> ERROR:root:Cannot import UbuntuDrivers: No module named
> 'UbuntuDrivers'
> gpg: keybox '/etc/apt/trusted.gpg' created
> It is the last line that is the issue. If you run 'software-
> properties-gtk' and adjust repositories, the file is not created.
Regards,
Frank
Jimmy Johnson
Jul 4, 2017, 6:30:05 PM7/4/17
to
On 07/04/2017 11:28 AM, Michael Lange wrote:
> Hi,
>
> On Tue, 4 Jul 2017 23:58:17 +0930
> "Wayne Hartell" <w.ha...@ozemail.com.au> wrote:
>
> I did not read this last post or the whole thread very carefully, but
> now something hit my eyes:
>
>
>> 4. sudo apt-get update
>> [generated errors]
>> Err:16 http://ftp.iinet.net.au/debian/debian
>> stretch/updates/non-free Sources 404 Not Found
> ^^^^
> Shouldn't this be stretch-updates?
> Not sure how this is related to the problem you described in the first
> place, though.
>
> Regards
>
> Michael
I thought it was only the live-dvd, apparently other dvd installers are
> Hi,
>
> On Tue, 4 Jul 2017 23:58:17 +0930
> "Wayne Hartell" <w.ha...@ozemail.com.au> wrote:
>
> I did not read this last post or the whole thread very carefully, but
> now something hit my eyes:
>
>
>> 4. sudo apt-get update
>> [generated errors]
>> Err:16 http://ftp.iinet.net.au/debian/debian
>> stretch/updates/non-free Sources 404 Not Found
> ^^^^
> Shouldn't this be stretch-updates?
> Not sure how this is related to the problem you described in the first
> place, though.
>
> Regards
>
> Michael
bad too. "I recommend using the RC3 installer".
--
Jimmy Johnson
Ubuntu 14.04 LTS - KDE 4.13.2 - Intel G3220 - EXT4 at sda5
Registered Linux User #380263
Fungi4All
Jul 4, 2017, 7:20:06 PM7/4/17
to
From: phil...@kathenas.org
This issue seems to be created by "synaptic".If you you "apt" in the terminal, you will be fine.
As mindblowing as this topic seems to be I can not help but
comment your response. It seems you must have not read
90% of the thread missing out on all the output and statements
that both apt and apt-get have produced the error. The first
who mentions synaptic is you.
But, what really blows my mind is that it took all this time of
stable "testing" to get to this stage of end-of-testing and how
the rc before stable didn't have this problem.
I would manually download the keyrings and all debian gpg
stuff, delete/uninstall whatever I had and reinstall/force new
ones.
And this for the OP:
1 But if there is such a basic problem with installation what is
so different that the rest of the new stretch installers did not
face?
2 What filesystem did you use while partitioning?
3 Is there any kind of raid?
4 Is autoupdate/unattended-update enabled? And is there a log of it?
Wayne Hartell
Jul 4, 2017, 10:20:04 PM7/4/17
to
Firstly, thanks to all of those who have participated in this thread.
I have some follow up comments and responses. This is a long reply, so the
executive summary is that I managed to solve the issues on all my Stretch
systems. There is a main issue and some kindred issues that manifest under
different circumstances. The main issue is that the /etc/apt/trusted.gpg
file seems to be problematic and once *removed* (rather than just made
readable) the problems are resolved.
One quasi-significant secondary issue is that the installation DVD doesn't
seem to be accepted as a valid source, but no big deal I guess.
Now for the full details.
I have managed to solve, I think, the problem on 2 physical laptops and 2
virtual machines.
I think I was getting side tracked by multiple different apt-get errors and
different output on different machines.
On one (Dell) laptop I had to:
1. Delete /etc/apt/trusted.gpg
2. Purge /var/lib/apt/lists [I was seeing symlinking errors with that
path in the apt-get output]
3. Change sources.list to the default described here:
https://wiki.debian.org/SourcesList
(On that laptop I am using contrib and non-free for Ethernet and Wifi).
On the VM where I ran into this issue initially, and where I was going well
out of my comfort zone trying to "fix" stuff, I had to:
1. Delete /etc/apt/trusted.gpg
2. Restore /etc/apr/trusted.gpd.d [which I had blown away somehow during
previous attempts at solving the issue]
[apt-key list was returning an empty list which I realized was due
to my heavy handedness there]
3. Change sources.list to the default described here:
https://wiki.debian.org/SourcesList
(On that VM I am NOT using contrib and non-free).
[EDIT: Now I realize that the problems with my local mirror might only be
present when contrib and non-free are included].
On a different (Compaq) laptop (where I have LVM/encryption) I had never ran
Synaptic and so didn't need to do anything other than remove the install DVD
from /etc/apt/sources.list, and it seems that I also edited sources.list to
that described here:
https://wiki.debian.org/SourcesList
(On that laptop I am using contrib and non-free for Wifi only).
On the second VM, where I had also never run Synaptic, 'sudo apt-get update'
results in the following issues off the bat.
W: The repository 'cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official
amd64 DVD Binary-1 20170617-13:08] stretch Release' does not have a Release
file.
details.
E: Failed to fetch cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official
amd64 DVD Binary-1 20170617-13:08]/dists/stretch/main/binary-amd64/Packages
Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update
cannot be used to add new CD-ROMs
duplicate commented line exists already) then 'sudo apt-get update' runs
without error, even when using the original local mirror repositories.
[EDIT: I think the local mirror works because I am not using contrib and
non-free on the VMs].
debianuser@masterdebian964:~$ sudo apt-get update
Ign:1 http://ftp.iinet.net.au/debian/debian stretch InRelease
Hit:2 http://ftp.iinet.net.au/debian/debian stretch-updates InRelease
Hit:3 http://ftp.iinet.net.au/debian/debian stretch Release
Hit:5 http://security.debian.org/debian-security stretch/updates InRelease
Reading package lists... Done
I'm not sure what the issue with the DVD is. I don't recall such an issue in
Jessie, but it's not a deal breaker.
Now if on this second VM I run Synaptic (or software-properties-gtk) and
edit the repository sources, running 'sudo apt-get update' results in:
Hit:1 http://security.debian.org/debian-security stretch/updates InRelease
Ign:2 http://ftp.iinet.net.au/debian/debian stretch InRelease
Hit:3 http://ftp.iinet.net.au/debian/debian stretch-updates InRelease
Hit:4 http://ftp.iinet.net.au/debian/debian stretch Release
The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is
not readable by user '_apt' executing apt-key.
W: http://ftp.iinet.net.au/debian/debian/dists/stretch-updates/InRelease:
The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is
not readable by user '_apt' executing apt-key.
W: http://ftp.iinet.net.au/debian/debian/dists/stretch/Release.gpg: The
key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is not
readable by user '_apt' executing apt-key.
If I delete /etc/apt/trusted.gpg the issue is resolved and furthermore, if I
re-edit my sources list using software-properties-gtk *again* the
/etc/apt/trusted.gpg file is no longer re-created. It only seems to get
created the first time through.
I'm not sure why this VM has no issues with public keys (like at least two
of the other machines had); could be that on those machines I tried first
editing the permissions on /etc/apt/trusted.gpg as opposed to just deleting
it. This is consistent with Jason Wittlin-Cohen's post where he says the
presence of the file stops the trusted.gpg.d directory from being
interrogated.
FYI, for all of these 4 systems I used the same installation media:
debian-9.0.0-amd64-DVD-1.iso
So for me the problem appears to be the *presence* of /etc/apt/trusted.gpg
which has been echoed by others. The other symptoms that I have run into
seem to be due to making /etc/apt/trusted.gpg read-only (rather than just
nuking it) and potentially other messing around I have done with respect to
trying to import keys.
There also seems to be a minor issue with my local mirror and contrib and
non-free sources, plus the DVD as a source issue.
So now on to some direct answers to close the loop on a few things.
Michael Lange wrote:
>> 4. sudo apt-get update
>> [generated errors]
>> Err:16 http://ftp.iinet.net.au/debian/debian
>> stretch/updates/non-free Sources 404 Not Found
> ^^^^
>Shouldn't this be stretch-updates?
>Not sure how this is related to the problem you described in the first
place, though.
Possibly a typo on my part; for that final e-mail I typed the errors by
hand. I can see how that might screw people up so won’t do it in future.
That said, I see that the security repositories use the following substring
'/ stretch/updates' and I think that's where it's coming from. There seems
to be an issue when I use my local mirror for that particular repository
(when contrib and non-free are included), but no issue when I use the main
one. I may dig around and try to find a better repository for my use.
Fungi4All wrote:
> And this for the OP:
> 1 But if there is such a basic problem with installation what is
> so different that the rest of the new stretch installers did not
> face?
>
That's a good question. I'm not 100% sure what the problem with the
installer is in your minds? Do you mean whatever causes the problem that
occurs when /etc/apt/trusted.gpg is *present*?
> 2 What filesystem did you use while partitioning?
>
Being a novice I didn't make any changes from the defaults (did the guided
partitioning with everything in one** partition), except on one laptop,
where I used LVM/encryption, but with no partitioning differences other than
those created by using LVM.
**I note that even though the installer says "one" partition, it still seems
to create a separate swap partition (I read, I think that on some distros
the swap partition is now optional; it can be a file instead). So the file
system is (for 3/4 of the systems):
/dev/sda1 bootable Ext4 341GB
/dev/sda2 extended 2.1GB
/dev/sda5 swap 2.1GB
> 3 Is there any kind of raid?
No raid on any of the systems.
> 4 Is autoupdate/unattended-update enabled? And is there a log of it?
Only if it was enabled by default. "System Upgrade" in Synaptic is set to
"Smart Upgrade" if that's what you are talking about. I don't know what this
is and after yesterday haven't got enough time to research what this is and
where/how to find logs for now. Let me know if a proper answer to this
question is important, and I will dig into it further.
Kind Regards,
Wayne.
I have some follow up comments and responses. This is a long reply, so the
executive summary is that I managed to solve the issues on all my Stretch
systems. There is a main issue and some kindred issues that manifest under
different circumstances. The main issue is that the /etc/apt/trusted.gpg
file seems to be problematic and once *removed* (rather than just made
readable) the problems are resolved.
One quasi-significant secondary issue is that the installation DVD doesn't
seem to be accepted as a valid source, but no big deal I guess.
Now for the full details.
I have managed to solve, I think, the problem on 2 physical laptops and 2
virtual machines.
I think I was getting side tracked by multiple different apt-get errors and
different output on different machines.
On one (Dell) laptop I had to:
1. Delete /etc/apt/trusted.gpg
2. Purge /var/lib/apt/lists [I was seeing symlinking errors with that
path in the apt-get output]
3. Change sources.list to the default described here:
https://wiki.debian.org/SourcesList
(On that laptop I am using contrib and non-free for Ethernet and Wifi).
On the VM where I ran into this issue initially, and where I was going well
out of my comfort zone trying to "fix" stuff, I had to:
1. Delete /etc/apt/trusted.gpg
2. Restore /etc/apr/trusted.gpd.d [which I had blown away somehow during
previous attempts at solving the issue]
[apt-key list was returning an empty list which I realized was due
to my heavy handedness there]
3. Change sources.list to the default described here:
https://wiki.debian.org/SourcesList
(On that VM I am NOT using contrib and non-free).
[EDIT: Now I realize that the problems with my local mirror might only be
present when contrib and non-free are included].
On a different (Compaq) laptop (where I have LVM/encryption) I had never ran
Synaptic and so didn't need to do anything other than remove the install DVD
from /etc/apt/sources.list, and it seems that I also edited sources.list to
that described here:
https://wiki.debian.org/SourcesList
(On that laptop I am using contrib and non-free for Wifi only).
On the second VM, where I had also never run Synaptic, 'sudo apt-get update'
results in the following issues off the bat.
W: The repository 'cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official
amd64 DVD Binary-1 20170617-13:08] stretch Release' does not have a Release
file.
N: Data from such a repository can't be authenticated and is therefore
potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration
potentially dangerous to use.
details.
E: Failed to fetch cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official
amd64 DVD Binary-1 20170617-13:08]/dists/stretch/main/binary-amd64/Packages
Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update
cannot be used to add new CD-ROMs
E: Some index files failed to download. They have been ignored, or old ones
used instead.
If I edit /etc/apt/sources.list to comment the second line for the DVD (one
used instead.
duplicate commented line exists already) then 'sudo apt-get update' runs
without error, even when using the original local mirror repositories.
[EDIT: I think the local mirror works because I am not using contrib and
non-free on the VMs].
debianuser@masterdebian964:~$ sudo apt-get update
Ign:1 http://ftp.iinet.net.au/debian/debian stretch InRelease
Hit:2 http://ftp.iinet.net.au/debian/debian stretch-updates InRelease
Hit:3 http://ftp.iinet.net.au/debian/debian stretch Release
Hit:5 http://security.debian.org/debian-security stretch/updates InRelease
Reading package lists... Done
I'm not sure what the issue with the DVD is. I don't recall such an issue in
Jessie, but it's not a deal breaker.
Now if on this second VM I run Synaptic (or software-properties-gtk) and
edit the repository sources, running 'sudo apt-get update' results in:
Hit:1 http://security.debian.org/debian-security stretch/updates InRelease
Ign:2 http://ftp.iinet.net.au/debian/debian stretch InRelease
Hit:3 http://ftp.iinet.net.au/debian/debian stretch-updates InRelease
Hit:4 http://ftp.iinet.net.au/debian/debian stretch Release
Reading package lists... Done
W:
http://security.debian.org/debian-security/dists/stretch/updates/InRelease:
W:
The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is
not readable by user '_apt' executing apt-key.
W: http://ftp.iinet.net.au/debian/debian/dists/stretch-updates/InRelease:
The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is
not readable by user '_apt' executing apt-key.
W: http://ftp.iinet.net.au/debian/debian/dists/stretch/Release.gpg: The
key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is not
readable by user '_apt' executing apt-key.
If I delete /etc/apt/trusted.gpg the issue is resolved and furthermore, if I
re-edit my sources list using software-properties-gtk *again* the
/etc/apt/trusted.gpg file is no longer re-created. It only seems to get
created the first time through.
I'm not sure why this VM has no issues with public keys (like at least two
of the other machines had); could be that on those machines I tried first
editing the permissions on /etc/apt/trusted.gpg as opposed to just deleting
it. This is consistent with Jason Wittlin-Cohen's post where he says the
presence of the file stops the trusted.gpg.d directory from being
interrogated.
FYI, for all of these 4 systems I used the same installation media:
debian-9.0.0-amd64-DVD-1.iso
So for me the problem appears to be the *presence* of /etc/apt/trusted.gpg
which has been echoed by others. The other symptoms that I have run into
seem to be due to making /etc/apt/trusted.gpg read-only (rather than just
nuking it) and potentially other messing around I have done with respect to
trying to import keys.
There also seems to be a minor issue with my local mirror and contrib and
non-free sources, plus the DVD as a source issue.
So now on to some direct answers to close the loop on a few things.
Michael Lange wrote:
>> 4. sudo apt-get update
>> [generated errors]
>> Err:16 http://ftp.iinet.net.au/debian/debian
>> stretch/updates/non-free Sources 404 Not Found
> ^^^^
>Shouldn't this be stretch-updates?
>Not sure how this is related to the problem you described in the first
place, though.
hand. I can see how that might screw people up so won’t do it in future.
That said, I see that the security repositories use the following substring
'/ stretch/updates' and I think that's where it's coming from. There seems
to be an issue when I use my local mirror for that particular repository
(when contrib and non-free are included), but no issue when I use the main
one. I may dig around and try to find a better repository for my use.
Fungi4All wrote:
> And this for the OP:
> 1 But if there is such a basic problem with installation what is
> so different that the rest of the new stretch installers did not
> face?
>
installer is in your minds? Do you mean whatever causes the problem that
occurs when /etc/apt/trusted.gpg is *present*?
> 2 What filesystem did you use while partitioning?
>
partitioning with everything in one** partition), except on one laptop,
where I used LVM/encryption, but with no partitioning differences other than
those created by using LVM.
**I note that even though the installer says "one" partition, it still seems
to create a separate swap partition (I read, I think that on some distros
the swap partition is now optional; it can be a file instead). So the file
system is (for 3/4 of the systems):
/dev/sda1 bootable Ext4 341GB
/dev/sda2 extended 2.1GB
/dev/sda5 swap 2.1GB
> 3 Is there any kind of raid?
> 4 Is autoupdate/unattended-update enabled? And is there a log of it?
"Smart Upgrade" if that's what you are talking about. I don't know what this
is and after yesterday haven't got enough time to research what this is and
where/how to find logs for now. Let me know if a proper answer to this
question is important, and I will dig into it further.
Kind Regards,
Wayne.
Wayne Hartell
Jul 4, 2017, 10:50:05 PM7/4/17
to
I know I just wrote a long e-mail on this, but I think I just figured out in my own mind exactly what is going on and wanted to document it.
As others have said the /etc/apt/trusted.gpg file is the issue.
It seems that what is happening is this:
1. For some reason the first use of software-properties-gtk creates this file, but (the bug I presume) is that it’s not created correctly. It’s empty and potentially has the wrong permissions on it.
a. I suspect it being empty is the consequence of the permissions, but I am just guessing.
2. Running ‘apt-get update’ will now produce errors about user “_apt” and not being able to read the /etc/apt/trusted.gpg file.
3. Making /etc/apt/trusted.gpg readable (i.e., 0600 --> 0644) only obfuscates the problem; now the empty file is accessible (so no errors about reading it), but the keys are not available and /etc/apt/trusted.gpg.d is now ignored and results in key errors. [Wild goose chase may now commence].
4. The real fix is to delete /etc/apt/trusted.gpg and after that point it seems not to be created again (even if running software-properties-gtk). Everything works again since the /etc/apt/trusted.gpg.d folder can once again be interrogated.
Hopefully this post isn’t just adding noise, but I thought a short description of the issue in one post could be useful for posterity.
Dejan Jocic
Jul 5, 2017, 4:50:05 AM7/5/17
to
On 05-07-17, Wayne Hartell wrote:
>
> Fungi4All wrote:
> > And this for the OP:
> > 1 But if there is such a basic problem with installation what is
> > so different that the rest of the new stretch installers did not
> > face?
> >
>
> That's a good question. I'm not 100% sure what the problem with the
> installer is in your minds? Do you mean whatever causes the problem that
> occurs when /etc/apt/trusted.gpg is *present*?
>
> > 2 What filesystem did you use while partitioning?
> >
I doubt that filesystem has anything to do with your experience.
>
> Fungi4All wrote:
> > And this for the OP:
> > 1 But if there is such a basic problem with installation what is
> > so different that the rest of the new stretch installers did not
> > face?
> >
>
> That's a good question. I'm not 100% sure what the problem with the
> installer is in your minds? Do you mean whatever causes the problem that
> occurs when /etc/apt/trusted.gpg is *present*?
>
> > 2 What filesystem did you use while partitioning?
> >
> Being a novice I didn't make any changes from the defaults (did the guided
> partitioning with everything in one** partition), except on one laptop,
> where I used LVM/encryption, but with no partitioning differences other than
> those created by using LVM.
>
> **I note that even though the installer says "one" partition, it still seems
> to create a separate swap partition (I read, I think that on some distros
> the swap partition is now optional; it can be a file instead). So the file
> system is (for 3/4 of the systems):
> /dev/sda1 bootable Ext4 341GB
> /dev/sda2 extended 2.1GB
> /dev/sda5 swap 2.1GB
>
> > 3 Is there any kind of raid?
>
> No raid on any of the systems.
>
> > 4 Is autoupdate/unattended-update enabled? And is there a log of it?
>
> Only if it was enabled by default. "System Upgrade" in Synaptic is set to
> "Smart Upgrade" if that's what you are talking about. I don't know what this
> is and after yesterday haven't got enough time to research what this is and
> where/how to find logs for now. Let me know if a proper answer to this
> question is important, and I will dig into it further.
>
> Kind Regards,
> Wayne.
> >
package. It also does not have anything to do with your problem. In
stretch, it comes in by default on at least gnome and kde tasks. And, by
default, it is set to get your security upgrades and install them for
you. To check if it is installed:
dpkg -s unattended-upgrades
To check if it is enabled:
cat /etc/apt/apt.conf.d/20auto-upgrades
If output is:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
then it is enabled. If you want to disable it change those "1" to "0".
You can do it with your favorite editor or in one line:
sudo sed -i 's/1/0/g' /etc/apt/apt.conf.d/20auto-upgrades
If you want to use unattended-upgrades, would suggest checking its
config file that is here:
/etc/apt/apt.conf.d/50unattended-upgrades
and debian wiki entry here:
https://wiki.debian.org/UnattendedUpgrades
As a side note, in gnome you can enable/disable auto updates in gnome
software & updates ( software-properties-gtk ) and in kde apper or
whatever kde uses these days.
Michael Lange
Jul 5, 2017, 5:20:06 AM7/5/17
to
Hi,
I'm glad you could finally fix the issue.
On Wed, 5 Jul 2017 12:15:33 +0930
"Wayne Hartell" <w.ha...@ozemail.com.au> wrote:
> I know I just wrote a long e-mail on this, but I think I just figured
> out in my own mind exactly what is going on and wanted to document it.
>
>
>
> As others have said the /etc/apt/trusted.gpg file is the issue.
>
>
>
> It seems that what is happening is this:
>
>
>
> 1. For some reason the first use of software-properties-gtk
> creates this file, but (the bug I presume) is that it's not created
> correctly. It's empty and potentially has the wrong permissions on it.
Maybe there is actually a bug in software-properties-gtk. I mentioned
earlier that on Jessie the permissions of the file are 0600, I now
checked on a laptop with Sparky linux (which basically *is* stretch) and
found that the file's permissons on that system are 0644, so maybe the
newer version of apt requires this and software-properties-gtk fails to
set this correctly?
>
> a. I suspect it being empty is the consequence of the
> permissions, but I am just guessing.
Maybe, but since this file appears to be the place where custom added keys
go (whereas keys from debian keyring packages apparently go
to /etc/apt/trusted.gpg.d/ ) it might also be ok if there are none. From
what you experienced it seems possible that maybe newer versions of apt
require a new format of this file and again software-properties-gtk fails
torespect this, but that is of course just another guess.
>
> 2. Running 'apt-get update' will now produce errors about user
> "_apt" and not being able to read the /etc/apt/trusted.gpg file.
>
> 3. Making /etc/apt/trusted.gpg readable (i.e., 0600 --> 0644) only
> obfuscates the problem; now the empty file is accessible (so no errors
> about reading it), but the keys are not available
> and /etc/apt/trusted.gpg.d is now ignored and results in key errors.
> [Wild goose chase may now commence].
This might back up my above guess.
>
> 4. The real fix is to delete /etc/apt/trusted.gpg and after that
> point it seems not to be created again (even if running
> software-properties-gtk). Everything works again since
> the /etc/apt/trusted.gpg.d folder can once again be interrogated.
When I run apt-key list here, /etc/apt/trusted.gpg always seems to be
evaluated first, so I guess that if this file is corrupted the command
just stops with an error message.
If one wants to confirm that it is actually software-properties-gtk who
creates a corrupted trusted.gpg file it should be possible to add (for
testing purposes) a key from a third party repo manually with
software-properties-gtk and later again with apt-key add and compare the
result. If it works from the command line and fails from the gui it would
be proof enough to desreve a bug report, I think.
Regards
Michael
.-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-.
War isn't a good life, but it's life.
-- Kirk, "A Private Little War", stardate 4211.8
I'm glad you could finally fix the issue.
On Wed, 5 Jul 2017 12:15:33 +0930
"Wayne Hartell" <w.ha...@ozemail.com.au> wrote:
> I know I just wrote a long e-mail on this, but I think I just figured
> out in my own mind exactly what is going on and wanted to document it.
>
>
>
> As others have said the /etc/apt/trusted.gpg file is the issue.
>
>
>
> It seems that what is happening is this:
>
>
>
> 1. For some reason the first use of software-properties-gtk
> creates this file, but (the bug I presume) is that it's not created
> correctly. It's empty and potentially has the wrong permissions on it.
earlier that on Jessie the permissions of the file are 0600, I now
checked on a laptop with Sparky linux (which basically *is* stretch) and
found that the file's permissons on that system are 0644, so maybe the
newer version of apt requires this and software-properties-gtk fails to
set this correctly?
>
> a. I suspect it being empty is the consequence of the
> permissions, but I am just guessing.
go (whereas keys from debian keyring packages apparently go
to /etc/apt/trusted.gpg.d/ ) it might also be ok if there are none. From
what you experienced it seems possible that maybe newer versions of apt
require a new format of this file and again software-properties-gtk fails
torespect this, but that is of course just another guess.
>
> 2. Running 'apt-get update' will now produce errors about user
> "_apt" and not being able to read the /etc/apt/trusted.gpg file.
>
> 3. Making /etc/apt/trusted.gpg readable (i.e., 0600 --> 0644) only
> obfuscates the problem; now the empty file is accessible (so no errors
> about reading it), but the keys are not available
> and /etc/apt/trusted.gpg.d is now ignored and results in key errors.
> [Wild goose chase may now commence].
>
> 4. The real fix is to delete /etc/apt/trusted.gpg and after that
> point it seems not to be created again (even if running
> software-properties-gtk). Everything works again since
> the /etc/apt/trusted.gpg.d folder can once again be interrogated.
evaluated first, so I guess that if this file is corrupted the command
just stops with an error message.
If one wants to confirm that it is actually software-properties-gtk who
creates a corrupted trusted.gpg file it should be possible to add (for
testing purposes) a key from a third party repo manually with
software-properties-gtk and later again with apt-key add and compare the
result. If it works from the command line and fails from the gui it would
be proof enough to desreve a bug report, I think.
Regards
Michael
.-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-.
-- Kirk, "A Private Little War", stardate 4211.8
David Wright
Jul 20, 2017, 11:00:07 AM7/20/17
to
something, but I've seen no reference to §5.3.2 in the Release Notes
for stretch. This touches on changes made to apt and troubleshooting
its new user-privelege mode. (It's a long time since I'd read these
but was revisiting them in connection with other threads.)
Cheers,
David.
0 new messages