Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: Need working repo for Deb7 - wheezy
1,129 views
Skip to first unread message
Dan Purgert
Aug 5, 2022, 5:50:08 AM8/5/22
to
On Aug 05, 2022, Karthik Jeyabalan wrote:
> Team Debian,
>
> We have few machines running EOL Debian 7- Wheezy and tried to connect
> deb repo by using below in sources.list, but they are not working. Can
> you please help to provide the working repo.
As far as I am aware, the repos are pulled down when the release
lifecycle ends (this was 2018 for Wheezy).
--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
> Team Debian,
>
> We have few machines running EOL Debian 7- Wheezy and tried to connect
> deb repo by using below in sources.list, but they are not working. Can
> you please help to provide the working repo.
As far as I am aware, the repos are pulled down when the release
lifecycle ends (this was 2018 for Wheezy).
--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
David
Aug 5, 2022, 6:00:06 AM8/5/22
to
On Fri, 5 Aug 2022 at 19:45, Dan Purgert <d...@djph.net> wrote:
> On Aug 05, 2022, Karthik Jeyabalan wrote:
> > We have few machines running EOL Debian 7- Wheezy and tried to connect
> > deb repo by using below in sources.list, but they are not working. Can
> > you please help to provide the working repo.
> As far as I am aware, the repos are pulled down when the release
> lifecycle ends (this was 2018 for Wheezy).
The Wheezy end-of-life announcement is here:
> On Aug 05, 2022, Karthik Jeyabalan wrote:
> > We have few machines running EOL Debian 7- Wheezy and tried to connect
> > deb repo by using below in sources.list, but they are not working. Can
> > you please help to provide the working repo.
> As far as I am aware, the repos are pulled down when the release
> lifecycle ends (this was 2018 for Wheezy).
https://www.debian.org/News/2018/20180601
It looks like Wheezy is entirely unsupported by Debian.
Unsupported, old software can be vulnerable to security
exploits.
However archived repo snapshots are available via here:
https://snapshot.debian.org/
which looks like it has sssd packages for wheezy.
Brian
Aug 5, 2022, 6:20:05 AM8/5/22
to
On Fri 05 Aug 2022 at 19:54:38 +1000, David wrote:
[...]
> However archived repo snapshots are available via here:
> https://snapshot.debian.org/
> which looks like it has sssd packages for wheezy.
There is also http://archive.debian.org/debian/.
--
Brian.
[...]
> However archived repo snapshots are available via here:
> https://snapshot.debian.org/
> which looks like it has sssd packages for wheezy.
--
Brian.
to...@tuxteam.de
Aug 5, 2022, 7:20:05 AM8/5/22
to
customers are a bit slow upgrading).
Cheers
--
t
Greg Wooledge
Aug 5, 2022, 7:50:05 AM8/5/22
to
On Fri, Aug 05, 2022 at 07:42:20AM +0000, Karthik Jeyabalan wrote:
> deb http://archive.debian.org/debian/ wheezy main
> deb http://archive.debian.org/debian-security wheezy/updates main contrib non-free
> deb http://archive.debian.org/debian/ wheezy main non-free contrib
> deb-src http://archive.debian.org/debian/ wheezy main non-free contrib
>
>
> Unable to download repo, fails with below error message:
>
> W: Failed to fetch http://archive.debian.org/debian/dists/wheezy/contrib/source/Sources 403 Forbidden
On Fri, Aug 05, 2022 at 11:10:18AM +0100, Brian wrote:
I think the question is, "Why isn't http://archive.debian.org/debian/
working for me?"
> deb http://archive.debian.org/debian/ wheezy main
> deb http://archive.debian.org/debian-security wheezy/updates main contrib non-free
> deb http://archive.debian.org/debian/ wheezy main non-free contrib
> deb-src http://archive.debian.org/debian/ wheezy main non-free contrib
>
>
> Unable to download repo, fails with below error message:
>
> W: Failed to fetch http://archive.debian.org/debian/dists/wheezy/contrib/source/Sources 403 Forbidden
On Fri, Aug 05, 2022 at 11:10:18AM +0100, Brian wrote:
working for me?"
Curt
Aug 5, 2022, 8:20:05 AM8/5/22
to
On 2022-08-05, <to...@tuxteam.de> <to...@tuxteam.de> wrote:
>
>> There is also http://archive.debian.org/debian/.
>
> Yep: I regularly use archive.debian.org to build retro packages (some
> customers are a bit slow upgrading).
>
So does the OP.
>
>> There is also http://archive.debian.org/debian/.
>
> Yep: I regularly use archive.debian.org to build retro packages (some
> customers are a bit slow upgrading).
>
Brian
Aug 5, 2022, 8:30:05 AM8/5/22
to
I got
root@test:~# apt update
Ign:1 http://archive.debian.org/debian wheezy InRelease
Get:2 http://archive.debian.org/debian wheezy Release [191 kB]
Get:3 http://archive.debian.org/debian wheezy Release.gpg [2,373 B]
Ign:3 http://archive.debian.org/debian wheezy Release.gpg
Reading package lists... Done
W: GPG error: http://archive.debian.org/debian wheezy Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 6FB2A1C265FFB764
E: The repository 'http://archive.debian.org/debian wheezy Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@test:
Brian
Aug 5, 2022, 8:40:05 AM8/5/22
to
--
Brian.
Curt
Aug 5, 2022, 8:40:05 AM8/5/22
to
On 2022-08-05, Brian <ad...@cityscape.co.uk> wrote:
> On Fri 05 Aug 2022 at 07:41:31 -0400, Greg Wooledge wrote:
>
>> On Fri, Aug 05, 2022 at 07:42:20AM +0000, Karthik Jeyabalan wrote:
>> > deb http://archive.debian.org/debian/ wheezy main
>> > deb http://archive.debian.org/debian-security wheezy/updates main contrib non-free
>> > deb http://archive.debian.org/debian/ wheezy main non-free contrib
>> > deb-src http://archive.debian.org/debian/ wheezy main non-free contrib
>> >
>> >
>> > Unable to download repo, fails with below error message:
>> >
>> > W: Failed to fetch http://archive.debian.org/debian/dists/wheezy/contrib/source/Sources 403 Forbidden
>>
>>
>> On Fri, Aug 05, 2022 at 11:10:18AM +0100, Brian wrote:
>> > There is also http://archive.debian.org/debian/.
>>
>>
>> I think the question is, "Why isn't http://archive.debian.org/debian/
>> working for me?"
>
> Indeed!
>
Not only that, but one guy said the archive had been pulled down,
> On Fri 05 Aug 2022 at 07:41:31 -0400, Greg Wooledge wrote:
>
>> On Fri, Aug 05, 2022 at 07:42:20AM +0000, Karthik Jeyabalan wrote:
>> > deb http://archive.debian.org/debian/ wheezy main
>> > deb http://archive.debian.org/debian-security wheezy/updates main contrib non-free
>> > deb http://archive.debian.org/debian/ wheezy main non-free contrib
>> > deb-src http://archive.debian.org/debian/ wheezy main non-free contrib
>> >
>> >
>> > Unable to download repo, fails with below error message:
>> >
>> > W: Failed to fetch http://archive.debian.org/debian/dists/wheezy/contrib/source/Sources 403 Forbidden
>>
>>
>> On Fri, Aug 05, 2022 at 11:10:18AM +0100, Brian wrote:
>> > There is also http://archive.debian.org/debian/.
>>
>>
>> I think the question is, "Why isn't http://archive.debian.org/debian/
>> working for me?"
>
> Indeed!
>
another guy said to go to snapshot.debian.org, and still another
validated the suggestion of using archive.debian.org, which brought us full
circle back to the OP.
Greg Wooledge
Aug 5, 2022, 10:40:06 AM8/5/22
to
nation-state firewall that prevents the normal use of the Web, specifically
unencrypted HTTP sessions.
The only reason I mention this is because *I* work in such a place, and
if I ever wanted to update one of my wheezy boxes, I'm not at *all* sure
how I would go about it. HTTPS works, HTTP does not, and wheezy sources
are only available in HTTP.
So, it's a long shot, but maybe it's true for them as well.
Tixy
Aug 5, 2022, 11:10:05 AM8/5/22
to
URL they are using works for me in a web browser so it's either a
transient issue or an issue with the OP's network being blacklisted or
something.
--
Tixy
Curt
Aug 5, 2022, 11:30:05 AM8/5/22
to
Michael Stone
Aug 5, 2022, 12:30:06 PM8/5/22
to
On Fri, Aug 05, 2022 at 07:42:20AM +0000, Karthik Jeyabalan wrote:
>deb http://archive.debian.org/debian/ wheezy main
>
>deb http://archive.debian.org/debian-security wheezy/updates main contrib
>non-free
>
>deb http://archive.debian.org/debian/ wheezy main non-free contrib
>
>deb-src http://archive.debian.org/debian/ wheezy main non-free contrib
The first line is a partial duplicate of the third line. Other than that
>deb http://archive.debian.org/debian/ wheezy main
>
>deb http://archive.debian.org/debian-security wheezy/updates main contrib
>non-free
>
>deb http://archive.debian.org/debian/ wheezy main non-free contrib
>
>deb-src http://archive.debian.org/debian/ wheezy main non-free contrib
if I copy and paste this into sources.list on a wheezy machine it works
fine for me, no 403 codes. You can look in /etc/apt/apt.conf and files
in /etc/apt/apt.conf.d to see if you perhaps have a misconfigured proxy.
You will also need to add
Acquire::Check-Valid-Until "false";
to /etc/apt/apt.conf as the Release file has expired (as expected for an
archived release).
Timothy M Butterworth
Aug 5, 2022, 12:30:06 PM8/5/22
to
According to the error messages you are missing the public signing key so the repos are being disabled. You will need to download and install the key.
--
Andy Smith
Aug 5, 2022, 2:40:06 PM8/5/22
to
Hello,
Just to be clear, you aren't replying to the OP. The OP has a
different problem. They need to work out why they are forbidden
(403) from browsing the wheezy repository. They can test if it works
in a regular web browser.
In Brian's case it is expected that the wheezy repository on
archive.debian.org gives these errors as the key has expired and
there is no valid key anywhere at this point, so as already
mentioned if one wants to use archive,debian.org for wheezy one
needs to override these errors, not search for a working key.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
different problem. They need to work out why they are forbidden
(403) from browsing the wheezy repository. They can test if it works
in a regular web browser.
In Brian's case it is expected that the wheezy repository on
archive.debian.org gives these errors as the key has expired and
there is no valid key anywhere at this point, so as already
mentioned if one wants to use archive,debian.org for wheezy one
needs to override these errors, not search for a working key.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Brian
Aug 5, 2022, 3:00:05 PM8/5/22
to
On Fri 05 Aug 2022 at 18:30:16 +0000, Andy Smith wrote:
> Hello,
>
> On Fri, Aug 05, 2022 at 12:27:19PM -0400, Timothy M Butterworth wrote:
> > On Fri, Aug 5, 2022 at 8:20 AM Brian <ad...@cityscape.co.uk> wrote:
> > > W: GPG error: http://archive.debian.org/debian wheezy Release: The
> > > following signatures couldn't be verified because the public key is not
> > > available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY
> > > 6FB2A1C265FFB764
> > > E: The repository 'http://archive.debian.org/debian wheezy Release' is
> > > not signed.
> > > N: Updating from such a repository can't be done securely, and is
> > > therefore disabled by default.
> > > N: See apt-secure(8) manpage for repository creation and user
> > > configuration details.
> > > root@test:
> > >
> > > According to the error messages you are missing the public signing key so
> > the repos are being disabled. You will need to download and install the key.
>
> Just to be clear, you aren't replying to the OP. The OP has a
> different problem. They need to work out why they are forbidden
> (403) from browsing the wheezy repository. They can test if it works
> in a regular web browser.
Unfortunately, the OP has not subscribed to -user. He is possibly
> Hello,
>
> On Fri, Aug 05, 2022 at 12:27:19PM -0400, Timothy M Butterworth wrote:
> > On Fri, Aug 5, 2022 at 8:20 AM Brian <ad...@cityscape.co.uk> wrote:
> > > W: GPG error: http://archive.debian.org/debian wheezy Release: The
> > > following signatures couldn't be verified because the public key is not
> > > available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY
> > > 6FB2A1C265FFB764
> > > E: The repository 'http://archive.debian.org/debian wheezy Release' is
> > > not signed.
> > > N: Updating from such a repository can't be done securely, and is
> > > therefore disabled by default.
> > > N: See apt-secure(8) manpage for repository creation and user
> > > configuration details.
> > > root@test:
> > >
> > > According to the error messages you are missing the public signing key so
> > the repos are being disabled. You will need to download and install the key.
>
> Just to be clear, you aren't replying to the OP. The OP has a
> different problem. They need to work out why they are forbidden
> (403) from browsing the wheezy repository. They can test if it works
> in a regular web browser.
sitting back awaiting replies in his personal mailbox
> In Brian's case it is expected that the wheezy repository on
> archive.debian.org gives these errors as the key has expired and
> there is no valid key anywhere at this point, so as already
> mentioned if one wants to use archive,debian.org for wheezy one
> needs to override these errors, not search for a working key.
--
Brian.
Amn
Aug 6, 2022, 7:00:06 AM8/6/22
to
Black listed?!!
How does that work?
Is Debian like Smack Over-daaw?
How does that work?
Is Debian like Smack Over-daaw?
Andy Smith
Aug 6, 2022, 8:20:05 AM8/6/22
to
Hello,
On Sat, Aug 06, 2022 at 06:52:29AM -0400, Amn wrote:
> Black listed?!!
> How does that work?
Anything between (and including) the OP's computer and
archive.debian.org can [intercept and] deny the HTTP request.
On Sat, Aug 06, 2022 at 06:52:29AM -0400, Amn wrote:
> Black listed?!!
> How does that work?
archive.debian.org can [intercept and] deny the HTTP request.
Curt
Aug 6, 2022, 9:30:05 AM8/6/22
to
On 2022-08-06, Andy Smith <an...@strugglers.net> wrote:
> Hello,
>
> On Sat, Aug 06, 2022 at 06:52:29AM -0400, Amn wrote:
>> Black listed?!!
>> How does that work?
>
> Anything between (and including) the OP's computer and
> archive.debian.org can [intercept and] deny the HTTP request.
Is there no way of making this determination?
> Hello,
>
> On Sat, Aug 06, 2022 at 06:52:29AM -0400, Amn wrote:
>> Black listed?!!
>> How does that work?
>
> Anything between (and including) the OP's computer and
> archive.debian.org can [intercept and] deny the HTTP request.
> Cheers,
> Andy
>
--
Greg Wooledge
Aug 6, 2022, 9:50:06 AM8/6/22
to
strongly points toward either a client-side issue, or a transient
issue that has already been fixed.
Andy Smith
Aug 6, 2022, 11:30:06 AM8/6/22
to
Hello,
On Sat, Aug 06, 2022 at 01:28:16PM -0000, Curt wrote:
Sure, there are lots of things the OP can do to work out what is
going on, or at least get more of an idea. For example they could:
- Check if they can browse the archive URL in a regular browser or
from another machine, to try to localise the issue to their apt or
computer, or not
- Do a TCP traceroute or mtr in TCP mode or similar, using port 80,
to see the path by which HTTP requests go. If it ends locally then
they might have discovered a local intercepting proxy that doesn't
like HTTP requests to archive.debian.org for some reason
but all these things require participation by the OP, and we don't
seem to have any.
Someone said they're not subscribed to this list - I forgot to check
with my previous reply. If not then they probably got very few of
the replies.
On Sat, Aug 06, 2022 at 01:28:16PM -0000, Curt wrote:
going on, or at least get more of an idea. For example they could:
- Check if they can browse the archive URL in a regular browser or
from another machine, to try to localise the issue to their apt or
computer, or not
- Do a TCP traceroute or mtr in TCP mode or similar, using port 80,
to see the path by which HTTP requests go. If it ends locally then
they might have discovered a local intercepting proxy that doesn't
like HTTP requests to archive.debian.org for some reason
but all these things require participation by the OP, and we don't
seem to have any.
Someone said they're not subscribed to this list - I forgot to check
with my previous reply. If not then they probably got very few of
the replies.
Greg Wooledge
Aug 9, 2022, 10:20:05 AM8/9/22
to
On Tue, Aug 09, 2022 at 01:31:20PM +0000, Aravinth kumar Anbalagan wrote:
> >e.debian.org%2Fdebian%2F&data=05%7C01%7Caravinth.anbalagan%40tele2.
> >com%7C9d3f6b3fe3514b217a6e08da76fed4f5%7C76431109ff8942c28781a07ca07a2d
> >57%7C0%7C0%7C637953134110939276%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA
> >wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&
> >;sdata=yh13FhvbUKeLL%2Bo%2F87nweXTEdn3fYKeQjuUCWejSdPU%3D&reserved=
> >0 wheezy main
OK, you see this crap here?
You are inside a corporate setting. Very, very corporate.
I can only imagine that your corporate network infrastructure that
mangles email in this way is also mangling HTTP.
I wish you the best of luck, but I fear your road forward is going to be
painful beyond imagining.
>
>
> -----Original Message-----
> From: Michael Stone <mst...@debian.org>
> Sent: Friday, August 5, 2022 9:53 PM
> To: Karthik Jeyabalan <karthik....@tele2.com>
> Cc: debia...@lists.debian.org; Aravinth kumar Anbalagan <aravinth....@tele2.com>
> Subject: Re: Need working repo for Deb7 - wheezy
>
> On Fri, Aug 05, 2022 at 07:42:20AM +0000, Karthik Jeyabalan wrote:
> >deb
> >https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Farchiv
>
> -----Original Message-----
> From: Michael Stone <mst...@debian.org>
> Sent: Friday, August 5, 2022 9:53 PM
> To: Karthik Jeyabalan <karthik....@tele2.com>
> Cc: debia...@lists.debian.org; Aravinth kumar Anbalagan <aravinth....@tele2.com>
> Subject: Re: Need working repo for Deb7 - wheezy
>
> On Fri, Aug 05, 2022 at 07:42:20AM +0000, Karthik Jeyabalan wrote:
> >deb
> >e.debian.org%2Fdebian%2F&data=05%7C01%7Caravinth.anbalagan%40tele2.
> >com%7C9d3f6b3fe3514b217a6e08da76fed4f5%7C76431109ff8942c28781a07ca07a2d
> >57%7C0%7C0%7C637953134110939276%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA
> >wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&
> >;sdata=yh13FhvbUKeLL%2Bo%2F87nweXTEdn3fYKeQjuUCWejSdPU%3D&reserved=
> >0 wheezy main
OK, you see this crap here?
You are inside a corporate setting. Very, very corporate.
I can only imagine that your corporate network infrastructure that
mangles email in this way is also mangling HTTP.
I wish you the best of luck, but I fear your road forward is going to be
painful beyond imagining.
Tim Woodall
Aug 9, 2022, 1:00:05 PM8/9/22
to
On Tue, 9 Aug 2022, Aravinth kumar Anbalagan wrote:
> Hi @Michael Stone
>
> There are no proxy configured on the server. Please check the below error and let us know how can we proceed further?
>
> root@policijas-db:~# cd /etc/apt/
> apt.conf.d/ preferences.d/ sources.list.d/ trusted.gpg.d/
> root@policijas-db:~# cd /etc/apt/apt.conf.d/
> root@policijas-db:/etc/apt/apt.conf.d# ls
> 00CDMountPoint 00trustcdrom 01autoremove 20apt-show-versions 20listchanges 70debconf
> root@policijas-db:/etc/apt/apt.conf.d# cat * |grep -i prox
> root@policijas-db:/etc/apt/apt.conf.d#
>
> Error:
>
> W: GPG error: http://archive.debian.org squeeze Release: The following signatures were invalid: KEYEXPIRED 1520281423 KEYEXPIRED 1501892461
> W: GPG error: http://archive.debian.org squeeze-lts Release: The following signatures were invalid: KEYEXPIRED 1587841717
> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/main/source/Sources 404 Not Found [IP: 151.101.194.132 80]
>
> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/contrib/source/Sources 404 Not Found [IP: 151.101.194.132 80]
>
> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/non-free/source/Sources 404 Not Found [IP: 151.101.194.132 80]
>
> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/main/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
>
> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/contrib/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
>
> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/non-free/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
>
> E: Some index files failed to download. They have been ignored, or old ones used instead.
> root@policijas-db:~#
>
You cannot use security.debian.org for this. This is what I have for
wheezy:
deb http://archive.debian.org/debian wheezy main
deb-src http://archive.debian.org/debian wheezy main
deb-src http://archive.debian.org/debian-security wheezy/updates main
I assume stretch is similar.
You also need
Acquire::Check-Valid-Until "false";
in apt.conf.
N.B. I assume you're fetching using squeeze - so perhaps you will need
to download using a newer distro then re-sign the release file. I don't
have such an old release even for experiments!
> Hi @Michael Stone
>
> There are no proxy configured on the server. Please check the below error and let us know how can we proceed further?
>
> root@policijas-db:~# cd /etc/apt/
> apt.conf.d/ preferences.d/ sources.list.d/ trusted.gpg.d/
> root@policijas-db:~# cd /etc/apt/apt.conf.d/
> root@policijas-db:/etc/apt/apt.conf.d# ls
> 00CDMountPoint 00trustcdrom 01autoremove 20apt-show-versions 20listchanges 70debconf
> root@policijas-db:/etc/apt/apt.conf.d# cat * |grep -i prox
> root@policijas-db:/etc/apt/apt.conf.d#
>
> Error:
>
> W: GPG error: http://archive.debian.org squeeze Release: The following signatures were invalid: KEYEXPIRED 1520281423 KEYEXPIRED 1501892461
> W: GPG error: http://archive.debian.org squeeze-lts Release: The following signatures were invalid: KEYEXPIRED 1587841717
> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/main/source/Sources 404 Not Found [IP: 151.101.194.132 80]
>
> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/contrib/source/Sources 404 Not Found [IP: 151.101.194.132 80]
>
> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/non-free/source/Sources 404 Not Found [IP: 151.101.194.132 80]
>
> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/main/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
>
> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/contrib/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
>
> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/non-free/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
>
> E: Some index files failed to download. They have been ignored, or old ones used instead.
> root@policijas-db:~#
>
You cannot use security.debian.org for this. This is what I have for
wheezy:
deb http://archive.debian.org/debian wheezy main
deb-src http://archive.debian.org/debian wheezy main
deb-src http://archive.debian.org/debian-security wheezy/updates main
I assume stretch is similar.
You also need
Acquire::Check-Valid-Until "false";
in apt.conf.
N.B. I assume you're fetching using squeeze - so perhaps you will need
to download using a newer distro then re-sign the release file. I don't
have such an old release even for experiments!
Thomas Schmitt
Aug 9, 2022, 1:30:06 PM8/9/22
to
Hi,
Aravinth kumar Anbalagan wrote:
> W: GPG error: http://archive.debian.org squeeze Release: The following
> signatures were invalid: KEYEXPIRED 1520281423 KEYEXPIRED 1501892461
> W: GPG error: http://archive.debian.org squeeze-lts Release: The following
> signatures were invalid: KEYEXPIRED 1587841717
$ date -u -d @1520281423 ; date -u -d @1501892461 ; date -u -d @1587841717
Mon Mar 5 20:23:43 UTC 2018
Sat Aug 5 00:21:01 UTC 2017
Sat Apr 25 19:08:37 UTC 2020
Maybe this 13 year old trick still works:
https://serverfault.com/questions/7145/what-should-i-do-when-i-got-the-keyexpired-error-message-after-an-apt-get-update
The --keyserver keys.gnupg.net is dead meanwhile. Try keyserver.ubuntu.com
instead.
Maybe somebody else with more GPG and/or Debian knowledge can deciper
https://wiki.debian.org/SecureApt
https://ftp-master.debian.org/keys.html
Aravinth kumar Anbalagan's mail client wrote in a quote:
> > > deb https://eur01.safelinks.protection.outlook.com/?url=...
Greg Wooledge wrote:
> You are inside a corporate setting. Very, very corporate.
This is probably on the level of the mail client, not of the network.
Microsoft Corp. installs itself between its Outlook users and the world.
Whenever the cloud thinks that the world is bad, the user gets warned.
See
https://support.microsoft.com/en-us/office/advanced-outlook-com-security-for-microsoft-365-subscribers-882d2243-eab9-4545-a58a-b36fee4a46e2?ui=en-us&rs=en-us&ad=us
https://security.stackexchange.com/questions/230309/is-a-safelinks-protection-outlook-com-link-phishing
Have a nice day :)
Thomas
Aravinth kumar Anbalagan wrote:
> W: GPG error: http://archive.debian.org squeeze Release: The following
> signatures were invalid: KEYEXPIRED 1520281423 KEYEXPIRED 1501892461
> W: GPG error: http://archive.debian.org squeeze-lts Release: The following
> signatures were invalid: KEYEXPIRED 1587841717
Mon Mar 5 20:23:43 UTC 2018
Sat Aug 5 00:21:01 UTC 2017
Sat Apr 25 19:08:37 UTC 2020
Maybe this 13 year old trick still works:
https://serverfault.com/questions/7145/what-should-i-do-when-i-got-the-keyexpired-error-message-after-an-apt-get-update
The --keyserver keys.gnupg.net is dead meanwhile. Try keyserver.ubuntu.com
instead.
Maybe somebody else with more GPG and/or Debian knowledge can deciper
https://wiki.debian.org/SecureApt
https://ftp-master.debian.org/keys.html
Aravinth kumar Anbalagan's mail client wrote in a quote:
> > > deb https://eur01.safelinks.protection.outlook.com/?url=...
Greg Wooledge wrote:
> You are inside a corporate setting. Very, very corporate.
Microsoft Corp. installs itself between its Outlook users and the world.
Whenever the cloud thinks that the world is bad, the user gets warned.
See
https://support.microsoft.com/en-us/office/advanced-outlook-com-security-for-microsoft-365-subscribers-882d2243-eab9-4545-a58a-b36fee4a46e2?ui=en-us&rs=en-us&ad=us
https://security.stackexchange.com/questions/230309/is-a-safelinks-protection-outlook-com-link-phishing
Have a nice day :)
Thomas
Greg Wooledge
Aug 9, 2022, 2:00:05 PM8/9/22
to
On Tue, Aug 09, 2022 at 07:26:19PM +0200, Thomas Schmitt wrote:
> Greg Wooledge wrote:
> > You are inside a corporate setting. Very, very corporate.
>
> This is probably on the level of the mail client, not of the network.
> Microsoft Corp. installs itself between its Outlook users and the world.
> Whenever the cloud thinks that the world is bad, the user gets warned.
> See
> https://support.microsoft.com/en-us/office/advanced-outlook-com-security-for-microsoft-365-subscribers-882d2243-eab9-4545-a58a-b36fee4a46e2?ui=en-us&rs=en-us&ad=us
> https://security.stackexchange.com/questions/230309/is-a-safelinks-protection-outlook-com-link-phishing
Oh, believe me, I'm aware. This is why I'm subscribed from my personal
> Greg Wooledge wrote:
> > You are inside a corporate setting. Very, very corporate.
>
> This is probably on the level of the mail client, not of the network.
> Microsoft Corp. installs itself between its Outlook users and the world.
> Whenever the cloud thinks that the world is bad, the user gets warned.
> See
> https://support.microsoft.com/en-us/office/advanced-outlook-com-security-for-microsoft-365-subscribers-882d2243-eab9-4545-a58a-b36fee4a46e2?ui=en-us&rs=en-us&ad=us
> https://security.stackexchange.com/questions/230309/is-a-safelinks-protection-outlook-com-link-phishing
email address now, instead of my work address. My work address no longer
goes directly to a Unix inbox. It goes to a Microsoft one now. And
technical mailing lists are just not acceptable in that environment.
I'm still betting on "workplace transparent [as mud] HTTP proxy is
causing unencrypted HTTP to fail" as the primary problem. Seeing the
Outlook mangling just reinforces my diagnosis.
Thomas Schmitt
Aug 10, 2022, 6:30:04 AM8/10/22
to
Hi,
Aravinth kumar Anbalagan wrote:
> Received below error. Any other way to download the keys?
Aravinth kumar Anbalagan wrote:
> [...]
> sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com $K
> [...]
> Executing: gpg --ignore-time-conflict --no-options --no-default-keyring
> --secret-keyring /tmp/tmp.3r9by2p9YX --trustdb-name /etc/apt//trustdb.gpg
> --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg
> --keyring /etc/apt/trusted.gpg.d//debian-archive-squeeze-automatic.gpg
> --keyring /etc/apt/trusted.gpg.d//debian-archive-squeeze-stable.gpg
> --keyring /etc/apt/trusted.gpg.d//debian-archive-wheezy-automatic.gpg
> --keyring /etc/apt/trusted.gpg.d//debian-archive-wheezy-stable.gpg
> --recv-keys --keyserver keyserver.ubuntu.com 473041FA
> gpg: requesting key 473041FA from hkp server keyserver.ubuntu.com
> gpg: keyserver timed out
> gpg: keyserver receive failed: keyserver error
(I don't want to mess with apt-key as long as apt-get is working fine here.
Call me supersticious, especially in respect to system administration.)
Not regarding for now the many gpg options used by apt-key, i'd say that
"keyserver timed out" is an indication for network problems.
Before studying man gpg i try a vanilla key download:
$ gpg --keyserver keyserver.ubuntu.com --recv-keys 473041FA
gpg: requesting key 473041FA from hkp server keyserver.ubuntu.com
gpg: key 473041FA: public key "Debian Archive Automatic Signing Key (6.0/squeeze) <ftpm...@debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
So the server looks reachable from here and delivers some Debian related key.
What do you get from this simple gpg run ?
----------
I guess there are other ways to download the keys from Debian directly,
and to let apt-key take them. In
https://manpages.debian.org/wheezy/apt/apt-key.8.en.html
i see:
add filename
Add a new key to the list of trusted keys. The key is read from the
filename given with the parameter filename or if the filename is -
from standard input.
update
Update the local keyring with the archive keyring and remove from
the local keyring the archive keys which are no longer valid. The
archive keyring is shipped in the archive-keyring package of your
distribution, e.g. the debian-archive-keyring package in Debian.
(I get to the impression that those here who better understand apt-* don't
want to be accessory to the crime of running Debian 7. So only ruthless
amateurs like me consider to look for solutions.
But let me add for consideration that qualified help could shorten the
public pain caused by watching this endeavor.)
Thomas Schmitt
Aug 10, 2022, 11:30:05 AM8/10/22
to
Hi,
Aravinth kumar Anbalagan wrote:
> root@policijas-db:~# gpg --keyserver keyserver.ubuntu.com --recv-keys 473041FA
Aravinth kumar Anbalagan wrote:
> gpg: requesting key 473041FA from hkp server keyserver.ubuntu.com
> gpg: keyserver timed out
Looks like a problem between your network and keyserver.ubuntu.com.
I get no reply from
ping keyserver.ubuntu.com
But
obviously can contact the server and learn that there is nothing to do
after my previous download experiment:
gpg: key 473041FA: "Debian Archive Automatic Signing Key (6.0/squeeze) <ftpm...@debian.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
This lasts less than a second.
-------
Maybe you can do something with
https://ftp-master.debian.org/keys/release-7.asc
But i lack experience with gpg and apt-key. So i cannot propose anything.
Kushal Kumaran
Aug 10, 2022, 1:20:05 PM8/10/22
to
On Wed, Aug 10 2022 at 01:41:46 PM, Aravinth kumar Anbalagan <aravinth....@tele2.com> wrote:
> Hi Thomas,
>
> Below is the output.
>
> root@policijas-db:~# gpg --keyserver keyserver.ubuntu.com --recv-keys 473041FA
>
The HKP protocol uses port 11371 by default. You need to make sure
connection requests to that port are allowed through your network.
Alternatively, you need to instruct gpg to use port 80 explicitly, using
hkp://keyserver.ubuntu.com:80 as the keyserver argument.
> <snip>
--
regards,
kushal
> Hi Thomas,
>
> Below is the output.
>
> root@policijas-db:~# gpg --keyserver keyserver.ubuntu.com --recv-keys 473041FA
> gpg: requesting key 473041FA from hkp server keyserver.ubuntu.com
> gpg: keyserver timed out
> gpg: keyserver receive failed: keyserver error
> root@policijas-db:~#
> gpg: keyserver receive failed: keyserver error
>
The HKP protocol uses port 11371 by default. You need to make sure
connection requests to that port are allowed through your network.
Alternatively, you need to instruct gpg to use port 80 explicitly, using
hkp://keyserver.ubuntu.com:80 as the keyserver argument.
> <snip>
--
regards,
kushal
Michael Stone
Aug 10, 2022, 2:10:05 PM8/10/22
to
On Tue, Aug 09, 2022 at 01:31:20PM +0000, Aravinth kumar Anbalagan wrote:
>Hi @Michael Stone
>
>There are no proxy configured on the server. Please check the below error and let us know how can we proceed further?
>
>root@policijas-db:~# cd /etc/apt/
>apt.conf.d/ preferences.d/ sources.list.d/ trusted.gpg.d/
>root@policijas-db:~# cd /etc/apt/apt.conf.d/
>root@policijas-db:/etc/apt/apt.conf.d# ls
>00CDMountPoint 00trustcdrom 01autoremove 20apt-show-versions 20listchanges 70debconf
>root@policijas-db:/etc/apt/apt.conf.d# cat * |grep -i prox
>root@policijas-db:/etc/apt/apt.conf.d#
>
>Error:
>
>Hi @Michael Stone
>
>There are no proxy configured on the server. Please check the below error and let us know how can we proceed further?
>
>root@policijas-db:~# cd /etc/apt/
>apt.conf.d/ preferences.d/ sources.list.d/ trusted.gpg.d/
>root@policijas-db:~# cd /etc/apt/apt.conf.d/
>root@policijas-db:/etc/apt/apt.conf.d# ls
>00CDMountPoint 00trustcdrom 01autoremove 20apt-show-versions 20listchanges 70debconf
>root@policijas-db:/etc/apt/apt.conf.d# cat * |grep -i prox
>root@policijas-db:/etc/apt/apt.conf.d#
>
>Error:
>
>W: GPG error: http://archive.debian.org squeeze Release: The following signatures were invalid: KEYEXPIRED 1520281423 KEYEXPIRED 1501892461
>W: GPG error: http://archive.debian.org squeeze-lts Release: The following signatures were invalid: KEYEXPIRED 1587841717
>W: GPG error: http://archive.debian.org squeeze-lts Release: The following signatures were invalid: KEYEXPIRED 1587841717
>W: Failed to fetch http://security.debian.org/dists/squeeze/updates/main/source/Sources 404 Not Found [IP: 151.101.194.132 80]
>
>W: Failed to fetch http://security.debian.org/dists/squeeze/updates/contrib/source/Sources 404 Not Found [IP: 151.101.194.132 80]
>
>W: Failed to fetch http://security.debian.org/dists/squeeze/updates/non-free/source/Sources 404 Not Found [IP: 151.101.194.132 80]
>
>W: Failed to fetch http://security.debian.org/dists/squeeze/updates/main/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
>
>W: Failed to fetch http://security.debian.org/dists/squeeze/updates/contrib/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
>
>W: Failed to fetch http://security.debian.org/dists/squeeze/updates/non-free/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
>
>E: Some index files failed to download. They have been ignored, or old ones used instead.
>root@policijas-db:~#
The original question was about wheezy, this is squeeze so the answers
>
>W: Failed to fetch http://security.debian.org/dists/squeeze/updates/contrib/source/Sources 404 Not Found [IP: 151.101.194.132 80]
>
>W: Failed to fetch http://security.debian.org/dists/squeeze/updates/non-free/source/Sources 404 Not Found [IP: 151.101.194.132 80]
>
>W: Failed to fetch http://security.debian.org/dists/squeeze/updates/main/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
>
>W: Failed to fetch http://security.debian.org/dists/squeeze/updates/contrib/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
>
>W: Failed to fetch http://security.debian.org/dists/squeeze/updates/non-free/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80]
>
>E: Some index files failed to download. They have been ignored, or old ones used instead.
>root@policijas-db:~#
are a little different. You can use something like this as your
sources.list:
deb http://archive.debian.org/debian/ squeeze main contrib non-free
deb http://archive.debian.org/debian-security squeeze/updates main contrib non-free
deb http://archive.debian.org/debian squeeze-lts main contrib non-free
(Note that everything is coming from archive.debian.org, not
security.debian.org.)
In /etc/apt/apt.conf you'll need:
APT::Get::AllowUnauthenticated "true";
Because you *will get* warnings like the following:
W: GPG error: http://archive.debian.org squeeze Release: The following signatures were invalid: KEYEXPIRED 1520281423 KEYEXPIRED 1501892461
W: GPG error: http://archive.debian.org squeeze-lts Release: The following signatures were invalid: KEYEXPIRED 1587841717
Ignore anyone who talks about updating keys, *there are no current keys
for squeeze because it's an unsupported release*. The change in apt.conf
allows you to install packages regardless of the warnings. This is
something you would not normally do, but if you're running an obsolete
unsupported release (hopefully internally and without network-facing
services) ignoring GPG warnings on the archive is the least of your
problems.
0 new messages