apt-get upgrade -> unknown signature or unsigned error
Hello All, I have installed apt and have run apt-get upgrade. All the packages seem to have been downloaded, but none have installed due to either being unsigned or having unknown signatures. How do I resolve this? Thanks in advance. .:Thinker
Hello All,
I have installed apt and have run apt-get upgrade. All the packages seem to have been downloaded, but none have installed due to either being unsigned or having unknown signatures.
How do I resolve this?
Thanks in advance.
.:Thinker
You can a) (probably safest is the apt source actually has a PGP key) look at /etc/apt/sources.list, visit each site, download the pgp key and import it into your gpg keyring... OR b) add --no-checksig to the apt/apt-get command line. This will override the signature checking completely. While it's somewhat unlikely the Packman or ULB, etc., repositories would intentionally put 'bad' RPMs on their site, there's always that chance someone could tamper with something and you'd never know if the archive was changed... Steve
Op vrijdag 27 augustus 2004 23:35, schreef Steve Kratz:
You can
a) (probably safest is the apt source actually has a PGP key) look at /etc/apt/sources.list, visit each site, download the pgp key and import it into your gpg keyring... OR
b) add --no-checksig to the apt/apt-get command line. This will override the signature checking completely. While it's somewhat unlikely the Packman or ULB, etc., repositories would intentionally put 'bad' RPMs on their site, there's always that chance someone could tamper with something and you'd never know if the archive was changed...
Or; many public keys are now available via: apt install rpmkey-<apt component> If that does not work use: 'apt search rpmkey' and see what there is in store. Many keys have been collected at: http://ftp.gwdg.de/pub/linux/misc/apt4rpm/rpmkeys/ So you can also point apt to the above url, like; apt install http://ftp.gwdg.de/pub/linux/misc/apt4rpm/rpmkeys/rpmkey-packman-rainer-0.1-... (that is one line) After this apt will _automatically_ import the public gpg key into the rpm database.... -- Richard Bos Without a home the journey is endless
On Aug 27, 2004, at 5:53 PM, Richard Bos wrote:
Op vrijdag 27 augustus 2004 23:35, schreef Steve Kratz:
You can
a) (probably safest is the apt source actually has a PGP key) look at /etc/apt/sources.list, visit each site, download the pgp key and import it into your gpg keyring... OR
b) add --no-checksig to the apt/apt-get command line. This will override the signature checking completely. While it's somewhat unlikely the Packman or ULB, etc., repositories would intentionally put 'bad' RPMs on their site, there's always that chance someone could tamper with something and you'd never know if the archive was changed...
Or; many public keys are now available via: apt install rpmkey-<apt component>
If that does not work use: 'apt search rpmkey' and see what there is in store.
Many keys have been collected at: http://ftp.gwdg.de/pub/linux/misc/apt4rpm/rpmkeys/
So you can also point apt to the above url, like; apt install http://ftp.gwdg.de/pub/linux/misc/apt4rpm/rpmkeys/rpmkey-packman- rainer-0.1-0.pm.0.noarch.rpm (that is one line)
I did this and the system would not let me install it because the package was unsigned.
Op zaterdag 28 augustus 2004 00:11, schreef Thinker:
So you can also point apt to the above url, like; apt install http://ftp.gwdg.de/pub/linux/misc/apt4rpm/rpmkeys/rpmkey-packman- rainer-0.1-0.pm.0.noarch.rpm (that is one line)
I did this and the system would not let me install it because the package was unsigned.
Alright; apt --no-che install http://ftp.gwdg.de/pub/linux/misc/apt4rpm/rpmkeys/rpmkey-packman-rainer-0.1-... -- Richard Bos Without a home the journey is endless
On Friday 27 August 2004 05:53 pm, Richard Bos wrote: ....<snip>..............
Or; many public keys are now available via: apt install rpmkey-<apt component>
apt-get install rpmkey-<apt component> returns that it could not find that file
If that does not work use: 'apt search rpmkey' and see what there is in store.
apt-get search rpmkey returns a don't understand "search" Now, If I just use "apt" like in your example, returns apt: command not found. I am running 8.2 with apt-0.5.5cnc6-rb3
Many keys have been collected at: http://ftp.gwdg.de/pub/linux/misc/apt4rpm/rpmkeys/
So you can also point apt to the above url, like; apt install http://ftp.gwdg.de/pub/linux/misc/apt4rpm/rpmkeys/rpmkey-packman-rain er-0.1-0.pm.0.noarch.rpm (that is one line)
Although that particular rpm is not there, there is one from packman dated the 28th, so I assume that is the correct one. There were also several others including suser-rbos. Downloaded them all.
After this apt will _automatically_ import the public gpg key into the rpm database....
But only if the rpmkey-<apt component> is installed, right??, or are the ones I downloaded the same?
Bob S.
On Monday 30 August 2004 04:26, Bob S. wrote:
Now, If I just use "apt" like in your example, returns apt: command not found. I am running 8.2 with apt-0.5.5cnc6-rb3
~ maybe : ./apt [ unless the script 'apt' is placed in /usr/local/bin or a known $PATH ] ? -- best wishes ____________ sent on Linux ____________
Op maandag 30 augustus 2004 06:26, schreef Bob S.:
apt-get install rpmkey-<apt component> returns that it could not find that file
First you need to update your local caches with: apt update
If that does not work use: 'apt search rpmkey' and see what there is in store.
apt-get search rpmkey returns a don't understand "search"
the search actions belongs to apt-cache -> apt-cache search. But if you use the apt wrapper you do need to worry which action belong to which command -> use apt: apt search ....
Now, If I just use "apt" like in your example, returns apt: command not found. I am running 8.2 with apt-0.5.5cnc6-rb3
It works for 9.0 and beyond (that is apt version 0.15.5cnc6*rb5 and beyond)
Many keys have been collected at: http://ftp.gwdg.de/pub/linux/misc/apt4rpm/rpmkeys/
So you can also point apt to the above url, like; apt install http://ftp.gwdg.de/pub/linux/misc/apt4rpm/rpmkeys/rpmkey-packman-rain er-0.1-0.pm.0.noarch.rpm (that is one line)
Although that particular rpm is not there, there is one from packman dated the 28th, so I assume that is the correct one. There were also several others including suser-rbos. Downloaded them all.
After this apt will _automatically_ import the public gpg key into the rpm database....
But only if the rpmkey-<apt component> is installed, right??, or are the ones I downloaded the same?
The are the same. Does the info that's available on: http://linux01.gwdg.de/apt4rpm/home.html#signatures help? -- Richard Bos Without a home the journey is endless
On Aug 27, 2004, at 5:35 PM, Steve Kratz wrote:
Hello All,
I have installed apt and have run apt-get upgrade. All the packages seem to have been downloaded, but none have installed due to either being unsigned or having unknown signatures.
How do I resolve this?
Thanks in advance.
.:Thinker
You can
a) (probably safest is the apt source actually has a PGP key) look at /etc/apt/sources.list, visit each site, download the pgp key and import it into your gpg keyring... OR
b) add --no-checksig to the apt/apt-get command line. This will override the signature checking completely. While it's somewhat unlikely the Packman or ULB, etc., repositories would intentionally put 'bad' RPMs on their site, there's always that chance someone could tamper with something and you'd never know if the archive was changed...
Steve
OK.. since I am not ready to try to configure all the pgp and gpg keyring stuff, I opted for b. This is what I got .. I typed: apt-get upgrade --no-checksig I got: E: Command line option --no-checksig is not understood. What should I try at this point? .:Thinker
Op vrijdag 27 augustus 2004 23:56, schreef Thinker:
I typed: apt-get upgrade --no-checksig I got: E: Command line option --no-checksig is not understood.
use apt --no-checksig -- Richard Bos Without a home the journey is endless
On Sat, 2004-08-28 at 01:09, Richard Bos wrote:
Op vrijdag 27 augustus 2004 23:56, schreef Thinker:
I typed: apt-get upgrade --no-checksig I got: E: Command line option --no-checksig is not understood.
Alternatively, edit /etc/apt/apt.conf.d/gpg-checker.conf and change "GPG::Check true;" to "GPG::Check false;" David
participants (6)
-
Bob S.
-
David Robertson
-
pinto
-
Richard Bos
-
Steve Kratz
-
Thinker