Mailinglist Archive: opensuse-buildservice (41 mails)

< Previous Next >
Re: [opensuse-buildservice] Invalid signatures on Debian repositories
On Sat, 09 Mar 2019 18:23:05 +0000
"R. Tyler Croy" <rtyler@xxxxxxxxxxx> wrote:

Howdy,

I've recently started pitching in to help maintain Apache:MirrorBrain and I
cannot figure out for the life of me why the Debian repos are signed with what
appears to be either an invalid key, or bad ciphers.


Running an `apt-get update` after adding the repo and the key found here
(https://build.opensuse.org/project/show/Apache:MirrorBrain) results in the
following warning and an inability to install any packages:


W: GPG error:
https://download.opensuse.org/repositories/Apache:/MirrorBrain/Debian_9.0
Release: The following signatures were invalid:
EDDDC98D96A0F8899AB07C789584A164BD6D129A
E: The repository
'https://download.opensuse.org/repositories/Apache:/MirrorBrain/Debian_9.0
Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore
disabled by default.


I'm a bit at a loss as to what I can do within the OBS portal or from the
command line to rectify this. I would appreciate pointers :)


The problem is your key is dsa1024; recent versions of apt and apt-get require
at least rsa2048.


--
Rosanne DiMesio <dimesio@xxxxxxxxx>
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
References