Hi, I try to add my home project's repo to a debian installation and did: sudo add-apt-repository https://download.opensuse.org/repositories/home:/behrisch/Debian_11/ sudo apt update and got the following error:
apt update Hit:1 http://deb.debian.org/debian bullseye InRelease Hit:2 http://security.debian.org/debian-security bullseye-security InRelease Hit:3 http://deb.debian.org/debian bullseye-updates InRelease
Ign:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 bullseye InRelease Err:5 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 bullseye Release 404 Not Found [IP: 195.135.221.134 443] Reading package lists... Done E: The repository 'https://download.opensuse.org/repositories/home:/behrisch/Debian_11 bullseye Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
The repository has a Release file and I can also retrieve it (using wget for instance). Reading the apt-secure manpage I thought it might be an issue with authentication but "apt update --allow-unauthenticated" gives the same error.
I also tried it with ubuntu with the same results. Adding ubuntu ppas from launchpad works however.
Thanks for any hints!
Best regards, Michael
This is a mirrorcache problem. The files in the directory aren't available from any mirror yet, which you can see from the fact that https://mirrorcache.opensuse.org/repositories/home:/behrisch/Debian_11/Relea... doesn't work.
Am 24.01.22 um 22:20 schrieb Andreas Schwab:
This is a mirrorcache problem. The files in the directory aren't available from any mirror yet, which you can see from the fact that https://mirrorcache.opensuse.org/repositories/home:/behrisch/Debian_11/Relea... doesn't work.
Thanks for the fast answer. Can I do something about it or just wait?
Best regards, Michael
How do I unsubscribe from this list?
On Tue, 25 Jan 2022 at 06:56, Michael Behrisch oss@behrisch.de wrote:
Am 24.01.22 um 22:20 schrieb Andreas Schwab:
This is a mirrorcache problem. The files in the directory aren't available from any mirror yet, which you can see from the fact that
https://mirrorcache.opensuse.org/repositories/home:/behrisch/Debian_11/Relea...
doesn't work.
Thanks for the fast answer. Can I do something about it or just wait?
Best regards, Michael
Hi,
Am 25.01.22 um 06:56 schrieb Michael Behrisch:
Am 24.01.22 um 22:20 schrieb Andreas Schwab:
This is a mirrorcache problem. The files in the directory aren't available from any mirror yet, which you can see from the fact that https://mirrorcache.opensuse.org/repositories/home:/behrisch/Debian_11/Relea...
doesn't work.
Thanks for the fast answer. Can I do something about it or just wait?
Waiting did not help. The link to the mirrorcache above now at least returns something but the error message ist still the same. Anything I can do?
Best regards, Michael
On Mon, Mar 7, 2022 at 6:55 AM Michael Behrisch oss@behrisch.de wrote:
Hi,
Am 25.01.22 um 06:56 schrieb Michael Behrisch:
Am 24.01.22 um 22:20 schrieb Andreas Schwab:
This is a mirrorcache problem. The files in the directory aren't available from any mirror yet, which you can see from the fact that https://mirrorcache.opensuse.org/repositories/home:/behrisch/Debian_11/Relea...
doesn't work.
Thanks for the fast answer. Can I do something about it or just wait?
Waiting did not help. The link to the mirrorcache above now at least returns something but the error message ist still the same. Anything I can do?
The repository definition is wrong in your apt sources.
Write instead to /etc/apt/sources.list.d/home-behrisch-deb11.sources:
Types: deb URIs: https://download.opensuse.org/repositories/home:/behrisch/Debian_11/ Suites: ./
You will also need to import the GPG key at: https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release....
That should fix it.
Am 07.03.22 um 13:31 schrieb Neal Gompa:
Waiting did not help. The link to the mirrorcache above now at least returns something but the error message ist still the same. Anything I can do?
The repository definition is wrong in your apt sources.
Write instead to /etc/apt/sources.list.d/home-behrisch-deb11.sources:
Types: deb URIs: https://download.opensuse.org/repositories/home:/behrisch/Debian_11/ Suites: ./
You will also need to import the GPG key at: https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release....
Thank you very much that took me one step further!
After doing wget https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release.... sudo apt-key add Release.key sudo apt update
I now get:
Hit:1 http://deb.debian.org/debian bullseye InRelease Hit:2 http://security.debian.org/debian-security bullseye-security InRelease Hit:3 http://deb.debian.org/debian bullseye-updates InRelease
Get:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease [1224 B] Err:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease The following signatures were invalid: 22E0D9DAE3D63FCBA97AB99956DFF5B0559BC40E Reading package lists... Done W: GPG error: https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease: The following signatures were invalid: 22E0D9DAE3D63FCBA97AB99956DFF5B0559BC40E E: The repository 'https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
More ideas are welcome :-)
Thank you in advance, Michael
Am 07.03.22 um 16:22 schrieb Michael Behrisch:
After doing wget https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release....
sudo apt-key add Release.key sudo apt update
I now get:
Hit:1 http://deb.debian.org/debian bullseye InRelease Hit:2 http://security.debian.org/debian-security bullseye-security InRelease Hit:3 http://deb.debian.org/debian bullseye-updates InRelease Get:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease [1224 B] Err:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease The following signatures were invalid: 22E0D9DAE3D63FCBA97AB99956DFF5B0559BC40E Reading package lists... Done W: GPG error: https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease: The following signatures were invalid: 22E0D9DAE3D63FCBA97AB99956DFF5B0559BC40E E: The repository 'https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
Sorry for reviving this old thread but I still did not get it working. I worked around the signature issue by using the following line in sources.list (it is for ubuntu but the errors for debian look the same): deb [trusted=yes] https://download.opensuse.org/repositories/home:/behrisch/xUbuntu_20.04 ./ but it still gives a warning and of course I do not want to force the user to add insecure sources. Any ideas?
(The documentation here: https://en.opensuse.org/openSUSE:Build_Service_Debian_builds#Adding_the_apt-... at least seems to be outdated.)
Thank you, Michael
Hello Michael,
* On Mon, Jul 18, 2022 at 08:33:46AM +0200 Michael Behrisch wrote:
Sorry for reviving this old thread but I still did not get it working. I worked around the signature issue by using the following line in sources.list (it is for ubuntu but the errors for debian look the same): deb [trusted=yes] https://download.opensuse.org/repositories/home:/behrisch/xUbuntu_20.04 ./ but it still gives a warning and of course I do not want to force the user to add insecure sources. Any ideas?
Something like this should work:
curl -fsSL https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release.... | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_behrisch.gpg > /dev/null
If you enable the download of Debian packages, OBS will give you the detailed and correct instructions on its own.
For example, on my home, it gives me this: https://software.opensuse.org//download.html?project=home%3Astrik&packag...
Viele Grüße Spiro
Hi Spiro,
Am 18.07.22 um 08:46 schrieb Spiro Trikaliotis:
curl -fsSL https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release.... | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_behrisch.gpg > /dev/null
If you enable the download of Debian packages, OBS will give you the detailed and correct instructions on its own.
For example, on my home, it gives me this: https://software.opensuse.org//download.html?project=home%3Astrik&packag...
thanks for the instructions! I never noticed that it is directly on the download page. Actually it works if I use your repo but not with mine. I still get "Signature invalid" errors, so there might be really a problem with my signature. Can I update it somehow?
Best regards, Michael
Hello Michael,
* On Tue, Jul 19, 2022 at 08:28:35AM +0200 Michael Behrisch wrote:
Actually it works if I use your repo but not with mine. I still get "Signature invalid" errors, so there might be really a problem with my signature. Can I update it somehow?
You are right, but I am not sure WHY this happens.
I added your repository in a Debian VM, I get the signature problems. Now, the interesting part:
$ wget https://download.opensuse.org/repositories/home:/behrisch/Debian_11/InReleas... $ wget https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release $ wget https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release....
# gpg --no-default-keyring --keyring /etc/apt/trusted.gpg.d/home_behrisch.gpg --verify InRelease gpg: Signatur vom Di 19 Jul 2022 17:04:46 CEST gpg: mittels DSA-Schlüssel 56DFF5B0559BC40E gpg: Korrekte Signatur von "home:behrisch OBS Project home:behrisch@build.opensuse.org" [unbekannt] gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = 22E0 D9DA E3D6 3FCB A97A B999 56DF F5B0 559B C40E
# gpg --no-default-keyring --keyring /etc/apt/trusted.gpg.d/home_behrisch.gpg --verify /var/lib/apt/lists/partial/download.opensuse.org_repositories_home:_behrisch_Debian%5f11_InRelease gpg: Signatur vom Di 19 Jul 2022 17:04:46 CEST gpg: mittels DSA-Schlüssel 56DFF5B0559BC40E gpg: Korrekte Signatur von "home:behrisch OBS Project home:behrisch@build.opensuse.org" [unbekannt] gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = 22E0 D9DA E3D6 3FCB A97A B999 56DF F5B0 559B C40E
# gpg --no-default-keyring --keyring /etc/apt/trusted.gpg.d/home_behrisch.gpg --verify Release.gpg Release gpg: Signatur vom Di 19 Jul 2022 17:04:46 CEST gpg: mittels DSA-Schlüssel 56DFF5B0559BC40E gpg: Korrekte Signatur von "home:behrisch OBS Project home:behrisch@build.opensuse.org" [unbekannt] gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = 22E0 D9DA E3D6 3FCB A97A B999 56DF F5B0 559B C40E
# gpg --no-default-keyring --keyring /etc/apt/trusted.gpg.d/home_strik.gpg --verify /var/lib/apt/lists/download.opensuse.org_repositories_home:_strik_Debian%5f11_InRelease gpg: Signatur vom Di 19 Jul 2022 19:53:17 CEST gpg: mittels RSA-Schlüssel 5648F685941B3F8F gpg: Korrekte Signatur von "home:strik OBS Project home:strik@build.opensuse.org" [unbekannt] gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = 4A96 F212 11DF 78D0 4CE1 5FC5 5648 F685 941B 3F8F
Ok, the signatures are correct.
# cat /etc/apt/sources.list.d/behrisch.list #deb [signed-by=/etc/apt/trusted.gpg.d/home_behrisch.gpg] https://download.opensuse.org/repositories/home:/behrisch/Debian_11/ / deb https://download.opensuse.org/repositories/home:/behrisch/Debian_11/ /
Note the commented-out line (#deb) where I added a signed-by to hint apt which key to use; it does not work, either, if I use that line instead of the line below.
However:
# LANG=C apt update Hit:1 http://deb.debian.org/debian bullseye InRelease Hit:2 http://security.debian.org/debian-security bullseye-security InRelease Get:3 https://download.opensuse.org/repositories/home:/strik/Debian_11 InRelease [1526 B] Get:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 InRelease [1224 B] Err:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 InRelease The following signatures were invalid: 22E0D9DAE3D63FCBA97AB99956DFF5B0559BC40E Reading package lists... Done W: GPG error: https://download.opensuse.org/repositories/home:/behrisch/Debian_11 InRelease: The following signatures were invalid: 22E0D9DAE3D63FCBA97AB99956DFF5B0559BC40E E: The repository 'https://download.opensuse.org/repositories/home:/behrisch/Debian_11 InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
You see, my signature (home:/strik) is accepted, while your (home:/behrisch) is not.
Now, the download InRelease file is correct, too:
# gpg --no-default-keyring --keyring /etc/apt/trusted.gpg.d/home_behrisch.gpg --verify /var/lib/apt/lists/partial/download.opensuse.org_repositories_home:_behrisch_Debian%5f11_InRelease gpg: Signatur vom Di 19 Jul 2022 17:04:46 CEST gpg: mittels DSA-Schlüssel 56DFF5B0559BC40E gpg: Korrekte Signatur von "home:behrisch OBS Project home:behrisch@build.opensuse.org" [unbekannt] gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = 22E0 D9DA E3D6 3FCB A97A B999 56DF F5B0 559B C40E
This can be proved with a hash, too:
# sha256sum /var/lib/apt/lists/partial/download.opensuse.org_repositories_home:_behrisch_Debian%5f11_InRelease InRelease 9575e3d96428ff24ecc302fb882bed37d9b96801ff5239292863021adaedf19e /var/lib/apt/lists/partial/download.opensuse.org_repositories_home:_behrisch_Debian%5f11_InRelease 9575e3d96428ff24ecc302fb882bed37d9b96801ff5239292863021adaedf19e InRelease
I am not sure if this is a problem of OBS or a problem of apt in this case. At the moment, I would believe more of a problem of apt here.
Even "moving /var/lib/apt/lists/ out of the way" and doing a fresh apt update does not solve the problem, nor does using apt-get or aptitude.
I also checked the user, group and access rights of the files in /etc/apt/sources.list.d/ and /etc/apt/trusted.gpg.d/; I cannot see any differences between your and my files.
I am sorry, I cannot help you here.
As I am thinking more of a Debian problem than of a OBS problem, I would consider changing to the debian-user-german mailing list for this specific problem. They might have some ideas, hints or similar on what is going on here.
Regards, Spiro
buildservice@lists.opensuse.org
-
Andreas Schwab -
Michael Behrisch -
Neal Gompa -
Robert Lindgren -
Spiro Trikaliotis