Apt signature verification problems.

If none of the more specific forums is the right place to ask
Message
Author
Huecuva
Posts: 135
Joined: 2017-06-09 04:00

Re: Apt signature verification problems.

#21 Post by Huecuva »

fabien wrote: 2022-05-11 10:39 There isn't errors showing up in this log. Have you perused the other logs?
I just looked through the logs from the 4th and 5th. I have found this:

Code: Select all

Apr  5 09:43:40 TheServer mympd[1075]: NOTICE   mympdapi  Cleaning covercache /var/lib/mympd/covercache
Apr  5 09:43:40 TheServer mympd[1075]: NOTICE   mympdapi  Deleted 0 files from covercache
Apr  5 10:13:49 TheServer mympd[1075]: 2022-04-05 17:13:49  E mongoose.c:411:mg_error   64 tls hs: rc -1, err 5
Apr  5 10:13:49 TheServer mympd[1075]: 2022-04-05 17:13:49  E mongoose.c:411:mg_error   65 tls hs: rc -1, err 5
Apr  5 10:13:49 TheServer mympd[1075]: 2022-04-05 17:13:49  E mongoose.c:411:mg_error   66 tls hs: rc -1, err 5
Apr  5 10:13:49 TheServer mympd[1075]: 2022-04-05 17:13:49  E mongoose.c:411:mg_error   67 tls hs: rc -1, err 5
Apr  5 10:13:50 TheServer mympd[1075]: 2022-04-05 17:13:50  E mongoose.c:411:mg_error   69 tls hs: rc -1, err 5
Apr  5 10:17:01 TheServer CRON[2331060]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Apr  5 11:17:01 TheServer CRON[2358834]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
It's just more of the same with the odd mongoose error thrown in here or there until the 7th:

Code: Select all

Apr  7 17:52:28 TheServer systemd[1]: Created slice User Slice of UID 1000.
Apr  7 17:52:28 TheServer systemd[1]: Starting User Runtime Directory /run/user/1000...
Apr  7 17:52:28 TheServer systemd[1]: Finished User Runtime Directory /run/user/1000.
Apr  7 17:52:28 TheServer systemd[1]: Starting User Manager for UID 1000...
Apr  7 17:52:28 TheServer systemd[3020729]: Queued start job for default target Main User Target.
Apr  7 17:52:28 TheServer systemd[3020729]: Created slice User Application Slice.
Apr  7 17:52:28 TheServer systemd[3020729]: Reached target Paths.
Apr  7 17:52:28 TheServer systemd[3020729]: Reached target Timers.
Apr  7 17:52:28 TheServer systemd[3020729]: Listening on GnuPG network certificate management daemon.
Apr  7 17:52:28 TheServer systemd[3020729]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Apr  7 17:52:28 TheServer systemd[3020729]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Apr  7 17:52:28 TheServer systemd[3020729]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Apr  7 17:52:28 TheServer systemd[3020729]: Listening on GnuPG cryptographic agent and passphrase cache.
Apr  7 17:52:28 TheServer systemd[3020729]: Reached target Sockets.
Apr  7 17:52:28 TheServer systemd[3020729]: Reached target Basic System.
Apr  7 17:52:28 TheServer systemd[1]: Started User Manager for UID 1000.
Apr  7 17:52:28 TheServer systemd[3020729]: Starting Music Player Daemon...
Apr  7 17:52:28 TheServer systemd[1]: Started Session 805 of user $User.
Apr  7 17:52:28 TheServer mpd[3020744]: exception: failed to open log file "/home/radio/mpdfiles/mpd.log" (config line 39): Permission denied
Apr  7 17:52:28 TheServer systemd[3020729]: mpd.service: Main process exited, code=exited, status=1/FAILURE
Apr  7 17:52:28 TheServer systemd[3020729]: mpd.service: Failed with result 'exit-code'.
Apr  7 17:52:28 TheServer systemd[3020729]: Failed to start Music Player Daemon.
Apr  7 17:52:28 TheServer systemd[3020729]: Reached target Main User Target.
Apr  7 17:52:28 TheServer systemd[3020729]: Startup finished in 167ms.
Apr  7 17:52:58 TheServer systemd[1]: Stopping Session 805 of user $User.
Apr  7 17:52:58 TheServer systemd[1]: Removed slice system-modprobe.slice.
It looks like that's where the boot drive filled up, I guess? I'm not sure what else that means. After that it pretty much returns to its normal routine and there's the odd mongoose error until I rebooted it a few times.

Code: Select all

# while true; do sleep .1; [[ "$(ls /var/lib/apt/lists/partial/)" ]] || continue; ls -lA /var/lib/apt/lists/partial/; done
total 84
-rw-r--r-- 1 root root 44244 May 11 13:12 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 11 13:12 deb.debian.org_debian_dists_bullseye-updates_InRelease
total 84
-rw-r--r-- 1 root root 44244 May 11 13:12 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 11 13:12 deb.debian.org_debian_dists_bullseye-updates_InRelease
total 84
It just repeats that until apt update is finished doing its thing. Exactly that. It does not change like yours. The total is always 84 and it's always just those two files.

Code: Select all

# ls -lA /var/lib/apt/lists/partial/
total 84
-rw-r--r-- 1 root root 44244 May 11 13:12 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 11 13:12 deb.debian.org_debian_dists_bullseye-updates_InRelease
I've tried apt clean a few times, as a couple of the threads I found suggesting deleting /var/lib/apt/lists/ also mentioned doing that. Following your directions just now, /var/lib/apt/lists/partial was indeed empty, but it did not solve the errors and once apt update was finished, /var/lib/apt/lists/partial was no longer empty:

Code: Select all

# ls -la /var/lib/apt/lists/partial/
total 92
drwx------ 2 _apt root  4096 May 11 18:42 .
drwxr-xr-x 4 root root  4096 May 11 05:30 ..
-rw-r--r-- 1 root root 44244 May 11 13:12 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 11 13:12 deb.debian.org_debian_dists_bullseye-updates_InRelease
Is that supposed to happen?

User avatar
fabien
Posts: 95
Joined: 2019-12-03 12:51
Location: Toulouse, France
Has thanked: 7 times
Been thanked: 16 times

Re: Apt signature verification problems.

#22 Post by fabien »

Huecuva wrote: 2022-05-12 01:53

Code: Select all

# while true; do sleep .1; [[ "$(ls /var/lib/apt/lists/partial/)" ]] || continue; ls -lA /var/lib/apt/lists/partial/; done
total 84
-rw-r--r-- 1 root root 44244 May 11 13:12 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 11 13:12 deb.debian.org_debian_dists_bullseye-updates_InRelease
total 84
-rw-r--r-- 1 root root 44244 May 11 13:12 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 11 13:12 deb.debian.org_debian_dists_bullseye-updates_InRelease
total 84
It just repeats that until apt update is finished doing its thing. Exactly that. It does not change like yours. The total is always 84 and it's always just those two files.
It was a good idea to reproduce my test. Did you paste the first lines though or rather the last ones? If you look at my results, you can see at the first line that the file has not finished downloading and its owner is _apt:nogroup: that's an important indication, we have to be sure that the download is initiated by _apt. Could you please redo this (issuing 'apt clean' first), possibly by increasing "snapshots" rate (sleep .02 instead of .1), and paste the relevant first lines:

Code: Select all

#> while true; do sleep .02; [[ "$(ls /var/lib/apt/lists/partial/)" ]] || continue; ls -lA /var/lib/apt/lists/partial/; done
It is possible that nothing shows up in this directory. In this case, you can temporarily move the files in /var/lib/apt/lists/ to another directory so that apt have things to download. But before you do this, could you please run

Code: Select all

ls -la /var/lib/apt/lists/
and paste the result here.
For now, what we can see is that 'apt update' does not follow the download of 'Release' files with the download of the other files (probably related to the error "Unknown error executing apt-key", but I'm not even sure of the meaning of this message since apt-key is “deprecated” and “will last be available in Debian 11” (man 8 apt-key)).
Huecuva wrote: 2022-05-12 01:53Is that supposed to happen?
As I said before, absolutely not. And that's clearly what we have to investigate.

You could also test

Code: Select all

apt --allow-unauthenticated update
Not sure if it has an action upon 'apt update' as 'man 8 apt-get' refers to packages authentication only, but since it does not trigger an error we can assume it applies to update too. If that works, it will confirm that the process blocks on authentication somehow.

And after all this, please take a look at /var/log/syslog last lines.

Huecuva
Posts: 135
Joined: 2017-06-09 04:00

Re: Apt signature verification problems.

#23 Post by Huecuva »

Code: Select all

# while true; do sleep .2; [[ "$(ls /var/lib/apt/lists/partial/)" ]] || continue; ls -lA /var/lib/apt/list
s/partial/; done
total 128
-rw------- 1 _apt root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw-r--r-- 1 root root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
It would appear that it is _apt:root instead of _apt:nogroup. How do I fix that?

Code: Select all

# ls -la /var/lib/apt/lists/
total 126684
drwxr-xr-x 4 root root     4096 May 12 01:46 .
drwxr-xr-x 5 root root     4096 May  9 18:27 ..
drwxr-xr-x 2 _apt root     4096 Jun  3  2021 auxfiles
-rw-r--r-- 1 root root    22630 Apr 19 07:12 deb.debian.org_debian_dists_bullseye-backports_contrib_binary-amd64_Packages
-rw-r--r-- 1 root root    21825 Apr 19 07:12 deb.debian.org_debian_dists_bullseye-backports_contrib_binary-amd64_Packages.diff_Index
-rw-r--r-- 1 root root    15582 Feb 23 06:18 deb.debian.org_debian_dists_bullseye-backports_contrib_i18n_Translation-en
-rw-r--r-- 1 root root     8361 Feb 23 06:19 deb.debian.org_debian_dists_bullseye-backports_contrib_i18n_Translation-en.diff_Index
-rw-r--r-- 1 root root     9323 Apr 19 07:12 deb.debian.org_debian_dists_bullseye-backports_contrib_source_Sources
-rw-r--r-- 1 root root    13971 Apr 19 07:12 deb.debian.org_debian_dists_bullseye-backports_contrib_source_Sources.diff_Index
-rw-r--r-- 1 root root    44244 May 12 01:14 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root  1728823 May 12 01:12 deb.debian.org_debian_dists_bullseye-backports_main_binary-amd64_Packages
-rw-r--r-- 1 root root    63339 May 12 01:12 deb.debian.org_debian_dists_bullseye-backports_main_binary-amd64_Packages.diff_Index
-rw-r--r-- 1 root root  1317007 May 10 13:12 deb.debian.org_debian_dists_bullseye-backports_main_i18n_Translation-en
-rw-r--r-- 1 root root    63339 May 10 13:12 deb.debian.org_debian_dists_bullseye-backports_main_i18n_Translation-en.diff_Index
-rw-r--r-- 1 root root  2450273 May 12 01:13 deb.debian.org_debian_dists_bullseye-backports_main_source_Sources
-rw-r--r-- 1 root root    63339 May 12 01:13 deb.debian.org_debian_dists_bullseye-backports_main_source_Sources.diff_Index
-rw-r--r-- 1 root root    72964 Mar  7 06:33 deb.debian.org_debian_dists_bullseye-backports_non-free_binary-amd64_Packages
-rw-r--r-- 1 root root     8361 Mar  7 06:33 deb.debian.org_debian_dists_bullseye-backports_non-free_binary-amd64_Packages.diff_Index
-rw-r--r-- 1 root root    89918 Mar  7 06:33 deb.debian.org_debian_dists_bullseye-backports_non-free_i18n_Translation-en
-rw-r--r-- 1 root root     9483 Mar  7 06:33 deb.debian.org_debian_dists_bullseye-backports_non-free_i18n_Translation-en.diff_Index
-rw-r--r-- 1 root root    15642 Mar  7 06:34 deb.debian.org_debian_dists_bullseye-backports_non-free_source_Sources
-rw-r--r-- 1 root root     9483 Mar  7 06:34 deb.debian.org_debian_dists_bullseye-backports_non-free_source_Sources.diff_Index
-rw-r--r-- 1 root root   115943 Mar 26 03:29 deb.debian.org_debian_dists_bullseye_InRelease
-rw-r--r-- 1 root root 45507094 Mar 26 02:46 deb.debian.org_debian_dists_bullseye_main_binary-amd64_Packages
-rw-r--r-- 1 root root 30235376 Mar 26 02:46 deb.debian.org_debian_dists_bullseye_main_i18n_Translation-en
-rw-r--r-- 1 root root 44603166 Mar 26 02:46 deb.debian.org_debian_dists_bullseye_main_source_Sources
-rw-r--r-- 1 root root    39353 May 12 01:14 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root     9833 Mar 26 13:18 deb.debian.org_debian_dists_bullseye-updates_main_binary-amd64_Packages
-rw-r--r-- 1 root root     6117 Mar 26 13:18 deb.debian.org_debian_dists_bullseye-updates_main_binary-amd64_Packages.diff_Index
-rw-r--r-- 1 root root     9252 Oct 26  2021 deb.debian.org_debian_dists_bullseye-updates_main_i18n_Translation-en
-rw-r--r-- 1 root root     3873 Oct 26  2021 deb.debian.org_debian_dists_bullseye-updates_main_i18n_Translation-en.diff_Index
-rw-r--r-- 1 root root     4706 Mar 26 13:18 deb.debian.org_debian_dists_bullseye-updates_main_source_Sources
-rw-r--r-- 1 root root     6117 Mar 26 13:18 deb.debian.org_debian_dists_bullseye-updates_main_source_Sources.diff_Index
-rw-r----- 1 root root        0 Jun  3  2021 lock
drwx------ 2 _apt root     4096 May 12 19:59 partial
-rw-r--r-- 1 root root    44101 May 10 14:31 security.debian.org_debian-security_dists_bullseye-security_InRelease
-rw-r--r-- 1 root root   990451 May  9 13:42 security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
-rw-r--r-- 1 root root   644519 May  8 12:06 security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
-rw-r--r-- 1 root root  1380688 May  9 13:42 security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
After rebooting the server, I ran apt clean again and then ran that test another time:

Code: Select all

# while true; do sleep .02; [[ "$(ls /var/lib/apt/lists/partial/)" ]] || continue; ls -lA /var/lib/apt/lists/partial/; done
total 44
--------w- 1 _apt nogroup 41876 May 12 21:23 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 64
--------w- 1 _apt nogroup 17328 May 12 21:23 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root    44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 84
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw------- 1 _apt root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 120
--------w- 1 _apt nogroup 33212 May 12 21:23 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw------- 1 _apt root    39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root    44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw------- 1 _apt root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw------- 1 _apt root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw-r--r-- 1 root root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw-r--r-- 1 root root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw-r--r-- 1 root root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-securit
From this point on it repeats the same. This time the first lines have _apt:nogroup. I don't know why this is changing. apt update still gives the errors and /var/lib/apt/lists/partial/ is not empty:

Code: Select all

# ls -la /var/lib/apt/lists/partial/
total 136
drwx------ 2 _apt root  4096 May 12 21:23 .
drwxr-xr-x 4 root root  4096 May 12 01:46 ..
-rw-r--r-- 1 root root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
I should mention that because that directory is not empty after apt update runs, the loop keeps going until I stop it manually with ctrl-C.

apt --allow-unauthenticated update did not have any effect.

Unfortunately, there's nothing interesting in the syslog after server startup finishes when I run that test other than the usual:

Code: Select all

May 12 21:11:18 TheServer systemd[1]: Starting Cleanup of Temporary Directories...
May 12 21:11:18 TheServer systemd[1]: systemd-tmpfiles-clean.service: Succeeded.
May 12 21:11:18 TheServer systemd[1]: Finished Cleanup of Temporary Directories.
May 12 21:11:27 TheServer systemd[1]: Started Session 3 of user $User.
May 12 21:17:01 TheServer CRON[2457]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
I ran the loop again:

Code: Select all

# while true; do sleep .02; [[ "$(ls /var/lib/apt/lists/partial/)" ]] || continue; ls -lA /var/lib/apt/lists/partial/; done
total 44
--------w- 1 _apt nogroup 41876 May 12 21:49 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 80
--------w- 1 _apt nogroup 35486 May 12 21:49 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw------- 1 _apt root    44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 84
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw------- 1 _apt root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw-r--r-- 1 root root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw------- 1 _apt root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw------- 1 _apt root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw-r--r-- 1 root root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw-r--r-- 1 root root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw-r--r-- 1 root root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw-r--r-- 1 root root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw-r--r-- 1 root root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
-rw-r--r-- 1 root root 44244 May 12 19:22 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 12 19:22 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 44101 May 12 14:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
total 128
It seems to only get so far and then is forced to stop and leave leftovers in /var/lib/apt/lists/partial/.

User avatar
fabien
Posts: 95
Joined: 2019-12-03 12:51
Location: Toulouse, France
Has thanked: 7 times
Been thanked: 16 times

Re: Apt signature verification problems.

#24 Post by fabien »

Huecuva wrote: 2022-05-13 04:48It would appear that it is _apt:root instead of _apt:nogroup. How do I fix that?
Nothing here that needs fixing. If you look at my results, it's exactly the same. That's just apt internals I can't explain, that would require thorough reading of the code.
Huecuva wrote: 2022-05-13 04:48From this point on it repeats the same. This time the first lines have _apt:nogroup.
Now we know that the process initiates as expected.
Huecuva wrote: 2022-05-13 04:48I should mention that because that directory is not empty after apt update runs, the loop keeps going until I stop it manually with ctrl-C.
As one can expect. That's just a one-liner.
Huecuva wrote: 2022-05-13 04:48apt --allow-unauthenticated update did not have any effect.
I'm not surprised, I've not much thought about it. It probably allows unauthenticated sources but does not inhibit authentication.
Huecuva wrote: 2022-05-13 04:48Unfortunately, there's nothing interesting in the syslog
Yes, but that must be checked.

So, new tests :)

In one terminal you run:

Code: Select all

while true; do sleep .01; [[ "$(ls /tmp/apt* 2>/dev/null)" ]] || continue; ls -l /tmp/apt*; done
(check that there is no file beginning with 'apt' in /tmp/ before: 'ls /tmp/apt*' must return an error)
Then in another terminal you run:

Code: Select all

apt-get -o Debug::Acquire::gpgv=1 update
We use apt-get as a convenient method to get rid of some fancy messages, but it's the same as apt.

For reference, this is what I get on my machine (I tell you now: don't be surprised to get something different on yours)

Code: Select all

apt-get -o Debug::Acquire::gpgv=1 update

Hit:1 https://deb.debian.org/debian bullseye InRelease
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.z85FwI /tmp/apt.data.PGqX9H
Hit:2 https://deb.debian.org/debian-security bullseye-security InRelease
0% [Working]Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE 0

Read: [GNUPG:] SIG_ID aUeUYT8EXF418JYI7IYvwABzzXw 2022-03-26 1648290009

Read: [GNUPG:] KEY_CONSIDERED 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE 0

Read: [GNUPG:] GOODSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>

Got GOODSIG 648ACFD622F3D138 !
Read: [GNUPG:] VALIDSIG 0146DC6D4A0B2914BDED34DB648ACFD622F3D138 2022-03-26 1648290009 0 4 0 1 8 01 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE

Got trusted VALIDSIG, key ID: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

Read: [GNUPG:] NEWSIG

Hit:3 https://deb.debian.org/debian bullseye-updates InRelease
0% [Working]Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] SIG_ID 29ZD0YEoHTQsrwNuEHzwx69gBIU 2022-03-26 1648290010

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] GOODSIG 0E98404D386FA1D9 Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 0E98404D386FA1D9 !
Read: [GNUPG:] VALIDSIG A7236886F3CCCAAD148A27F80E98404D386FA1D9 2022-03-26 1648290010 0 4 0 1 8 01 1F89983E0081FDE018F3CC9673A4F27B8DD47936

Got trusted VALIDSIG, key ID: A7236886F3CCCAAD148A27F80E98404D386FA1D9
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

Read: [GNUPG:] NEWSIG debian-release@lists.debian.org

Read: [GNUPG:] KEY_CONSIDERED A4285295FC7B1A81600062A9605C66F00D6C9793 0

Read: [GNUPG:] SIG_ID Zi982pBV4e6kdFRYLqKFp/jsql0 2022-03-26 1648290294

Read: [GNUPG:] KEY_CONSIDERED A4285295FC7B1A81600062A9605C66F00D6C9793 0

Read: [GNUPG:] GOODSIG 605C66F00D6C9793 Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>

Got GOODSIG 605C66F00D6C9793 !
Read: [GNUPG:] VALIDSIG A4285295FC7B1A81600062A9605C66F00D6C9793 2022-03-26 1648290294 0 4 0 1 8 01 A4285295FC7B1A81600062A9605C66F00D6C9793

Got trusted VALIDSIG, key ID: A4285295FC7B1A81600062A9605C66F00D6C9793
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

gpgv exited with status 0
Summary:
  Good: GOODSIG 648ACFD622F3D138, GOODSIG 0E98404D386FA1D9, GOODSIG 605C66F00D6C9793
  Valid: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138, A7236886F3CCCAAD148A27F80E98404D386FA1D9, A4285295FC7B1A81600062A9605C66F00D6C9793
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: 
  Signed-By: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138!, 1F89983E0081FDE018F3CC9673A4F27B8DD47936, 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE, A4285295FC7B1A81600062A9605C66F00D6C9793!, A7236886F3CCCAAD148A27F80E98404D386FA1D9!
  NODATA: no
apt-key succeeded
0% [Waiting for headers]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.5TnTUO /tmp/apt.data.g39sbO
Get:4 https://deb.debian.org/debian bullseye-backports InRelease [44.2 kB]
0% [Working]Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 5E61B217265DA9807A23C5FF4DFAB270CAA96DFA 0

Read: [GNUPG:] SIG_ID vMzj0+1W5+QMGlnLTsfcxdR+Lbk 2022-05-12 1652392289

Read: [GNUPG:] KEY_CONSIDERED 5E61B217265DA9807A23C5FF4DFAB270CAA96DFA 0

Read: [GNUPG:] GOODSIG 112695A0E562B32A Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>

Got GOODSIG 112695A0E562B32A !
Read: [GNUPG:] VALIDSIG 5237CEEEF212F3D51C74ABE0112695A0E562B32A 2022-05-12 1652392289 0 4 0 1 8 01 5E61B217265DA9807A23C5FF4DFAB270CAA96DFA

Got trusted VALIDSIG, key ID: 5237CEEEF212F3D51C74ABE0112695A0E562B32A
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED AC530D520F2F3269F5E98313A48449044AAD5C5D 0

Read: [GNUPG:] SIG_ID StUxzpmoiAXOdLsjQvdGmI8s/vo 2022-05-12 1652392289

Read: [GNUPG:] KEY_CONSIDERED AC530D520F2F3269F5E98313A48449044AAD5C5D 0

Read: [GNUPG:] GOODSIG 54404762BBB6E853 Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 54404762BBB6E853 !
Read: [GNUPG:] VALIDSIG ED541312A33F1128F10B1C6C54404762BBB6E853 2022-05-12 1652392289 0 4 0 1 8 01 AC530D520F2F3269F5E98313A48449044AAD5C5D

Got trusted VALIDSIG, key ID: ED541312A33F1128F10B1C6C54404762BBB6E853
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

gpgv exited with status 0
Summary:
  Good: GOODSIG 112695A0E562B32A, GOODSIG 54404762BBB6E853
  Valid: 5237CEEEF212F3D51C74ABE0112695A0E562B32A, ED541312A33F1128F10B1C6C54404762BBB6E853
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: 
  Signed-By: 5237CEEEF212F3D51C74ABE0112695A0E562B32A!, 5E61B217265DA9807A23C5FF4DFAB270CAA96DFA, AC530D520F2F3269F5E98313A48449044AAD5C5D, ED541312A33F1128F10B1C6C54404762BBB6E853!
  NODATA: no
apt-key succeeded
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.M6QUNP /tmp/apt.data.G61KvP
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE 0

Read: [GNUPG:] SIG_ID ajNGiz8MwNswknd+BP3CGM+75NU 2022-05-13 1652429777

Read: [GNUPG:] KEY_CONSIDERED 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE 0

Read: [GNUPG:] GOODSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>

Got GOODSIG 648ACFD622F3D138 !
Read: [GNUPG:] VALIDSIG 0146DC6D4A0B2914BDED34DB648ACFD622F3D138 2022-05-13 1652429777 0 4 0 1 8 01 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE

Got trusted VALIDSIG, key ID: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] SIG_ID 4a5vxUlQCoybM6CtW8DHT9j/5Go 2022-05-13 1652429818

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] GOODSIG 0E98404D386FA1D9 Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 0E98404D386FA1D9 !
Read: [GNUPG:] VALIDSIG A7236886F3CCCAAD148A27F80E98404D386FA1D9 2022-05-13 1652429818 0 4 0 1 8 01 1F89983E0081FDE018F3CC9673A4F27B8DD47936

Got trusted VALIDSIG, key ID: A7236886F3CCCAAD148A27F80E98404D386FA1D9
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

gpgv exited with status 0
Summary:
  Good: GOODSIG 648ACFD622F3D138, GOODSIG 0E98404D386FA1D9
  Valid: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138, A7236886F3CCCAAD148A27F80E98404D386FA1D9
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: 
  Signed-By: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138!, 1F89983E0081FDE018F3CC9673A4F27B8DD47936, 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE, A7236886F3CCCAAD148A27F80E98404D386FA1D9!
  NODATA: no
apt-key succeeded
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.7b8D7E /tmp/apt.data.nQvbxE
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE 0

Read: [GNUPG:] SIG_ID xvcKcOEozjXQYSH00ZdrLtslQWw 2022-05-13 1652429801

Read: [GNUPG:] KEY_CONSIDERED 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE 0

Read: [GNUPG:] GOODSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>

Got GOODSIG 648ACFD622F3D138 !
Read: [GNUPG:] VALIDSIG 0146DC6D4A0B2914BDED34DB648ACFD622F3D138 2022-05-13 1652429801 0 4 0 1 8 01 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE

Got trusted VALIDSIG, key ID: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] SIG_ID dER0suKKVccMhUIEGU9mKOIfDfo 2022-05-13 1652429840

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] GOODSIG 0E98404D386FA1D9 Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 0E98404D386FA1D9 !
Read: [GNUPG:] VALIDSIG A7236886F3CCCAAD148A27F80E98404D386FA1D9 2022-05-13 1652429840 0 4 0 1 8 01 1F89983E0081FDE018F3CC9673A4F27B8DD47936

Got trusted VALIDSIG, key ID: A7236886F3CCCAAD148A27F80E98404D386FA1D9
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

gpgv exited with status 0
Summary:
  Good: GOODSIG 648ACFD622F3D138, GOODSIG 0E98404D386FA1D9
  Valid: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138, A7236886F3CCCAAD148A27F80E98404D386FA1D9
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: 
  Signed-By: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138!, 1F89983E0081FDE018F3CC9673A4F27B8DD47936, 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE, A7236886F3CCCAAD148A27F80E98404D386FA1D9!
  NODATA: no
apt-key succeeded
Get:5 https://deb.debian.org/debian bullseye-backports/main amd64 Packages [269 kB]
Get:6 https://deb.debian.org/debian bullseye-backports/main Translation-en [212 kB]
Get:7 https://deb.debian.org/debian bullseye-backports/main amd64 Contents (deb) [1,517 kB]
Get:8 https://deb.debian.org/debian bullseye-backports/main all Contents (deb) [4,145 kB]
Get:9 https://deb.debian.org/debian bullseye-backports/contrib amd64 Packages [4,704 B]
Get:10 https://deb.debian.org/debian bullseye-backports/contrib Translation-en [4,196 B]
Get:11 https://deb.debian.org/debian bullseye-backports/contrib all Contents (deb) [7,203 B]
Get:12 https://deb.debian.org/debian bullseye-backports/contrib amd64 Contents (deb) [16.6 kB]
Get:13 https://deb.debian.org/debian bullseye-backports/non-free amd64 Packages [11.0 kB]
Get:14 https://deb.debian.org/debian bullseye-backports/non-free Translation-en [8,252 B]
Get:15 https://deb.debian.org/debian bullseye-backports/non-free amd64 Contents (deb) [10.8 kB]
Get:16 https://deb.debian.org/debian bullseye-backports/non-free all Contents (deb) [33.8 kB]
Fetched 6,284 kB in 4s (1,552 kB/s)                            
Reading package lists... Done
(we can see that apt does still use apt-key)
(I also add that I've found the error message "Unknown error executing apt-key" in apt sources in methods/gpgv.cc line 416)
[edit: well, I also found this comment in methods/gpgv.cc line 192: apt-key (which really is gnupg)]

Code: Select all

while true; do sleep .01; [[ "$(ls /tmp/apt* 2>/dev/null)" ]] || continue; ls -l /tmp/apt*; done

-rw------- 1 _apt nogroup  10127 May 13 16:22 /tmp/apt.conf.rMqKHK
-rw------- 1 _apt nogroup 113483 May 13 16:22 /tmp/apt.data.PGqX9H
-rw------- 1 _apt nogroup   2410 May 13 16:22 /tmp/apt.sig.z85FwI
-rw------- 1 _apt nogroup  10127 May 13 16:22 /tmp/apt.conf.rMqKHK
-rw------- 1 _apt nogroup 113483 May 13 16:22 /tmp/apt.data.PGqX9H
-rw------- 1 _apt nogroup   2410 May 13 16:22 /tmp/apt.sig.z85FwI
-rw------- 1 _apt nogroup  10127 May 13 16:22 /tmp/apt.conf.rMqKHK
-rw------- 1 _apt nogroup 113483 May 13 16:22 /tmp/apt.data.PGqX9H
-rw------- 1 _apt nogroup   2410 May 13 16:22 /tmp/apt.sig.z85FwI
-rw------- 1 _apt nogroup  10127 May 13 16:22 /tmp/apt.conf.rMqKHK
-rw------- 1 _apt nogroup 113483 May 13 16:22 /tmp/apt.data.PGqX9H
-rw------- 1 _apt nogroup   2410 May 13 16:22 /tmp/apt.sig.z85FwI

/tmp/apt-key-gpghome.l5e7T7W7xT:
total 28
-rw-r--r-- 1 _apt nogroup 25016 May 13 16:22 pubring.gpg
-rw------- 1 _apt nogroup  10127 May 13 16:22 /tmp/apt.conf.rMqKHK
-rw------- 1 _apt nogroup 113483 May 13 16:22 /tmp/apt.data.PGqX9H
-rw------- 1 _apt nogroup   2410 May 13 16:22 /tmp/apt.sig.z85FwI

/tmp/apt-key-gpghome.l5e7T7W7xT:
total 132
-rw-r--r-- 1 _apt nogroup    82 May 13 16:22 gpg.1.sh
-rw-r--r-- 1 _apt nogroup 63232 May 13 16:22 pubring.gpg
-rw-r--r-- 1 _apt nogroup 63232 May 13 16:22 pubring.orig.gpg
ls: cannot access '/tmp/apt.conf.rMqKHK': No such file or directory
ls: cannot access '/tmp/apt.data.PGqX9H': No such file or directory
ls: cannot access '/tmp/apt-key-gpghome.l5e7T7W7xT': No such file or directory
ls: cannot access '/tmp/apt.sig.z85FwI': No such file or directory
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.2LHwtR
-rw------- 1 _apt nogroup 42450 May 13 16:22 /tmp/apt.data.g39sbO
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.5TnTUO
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.2LHwtR
-rw------- 1 _apt nogroup 42450 May 13 16:22 /tmp/apt.data.g39sbO
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.5TnTUO
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.2LHwtR
-rw------- 1 _apt nogroup 42450 May 13 16:22 /tmp/apt.data.g39sbO
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.5TnTUO
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.2LHwtR
-rw------- 1 _apt nogroup 42450 May 13 16:22 /tmp/apt.data.g39sbO
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.5TnTUO

/tmp/apt-key-gpghome.iwPozWmygJ:
total 28
-rw-r--r-- 1 _apt nogroup 25016 May 13 16:22 pubring.gpg
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.2LHwtR
-rw------- 1 _apt nogroup 42450 May 13 16:22 /tmp/apt.data.g39sbO
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.5TnTUO

/tmp/apt-key-gpghome.iwPozWmygJ:
total 132
-rw-r--r-- 1 _apt nogroup    82 May 13 16:22 gpg.1.sh
-rw-r--r-- 1 _apt nogroup 63232 May 13 16:22 pubring.gpg
-rw-r--r-- 1 _apt nogroup 63232 May 13 16:22 pubring.orig.gpg
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.RxUCYQ
-rw------- 1 _apt nogroup 37702 May 13 16:22 /tmp/apt.data.G61KvP
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.M6QUNP
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.RxUCYQ
-rw------- 1 _apt nogroup 37702 May 13 16:22 /tmp/apt.data.G61KvP
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.M6QUNP
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.RxUCYQ
-rw------- 1 _apt nogroup 37702 May 13 16:22 /tmp/apt.data.G61KvP
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.M6QUNP

/tmp/apt-key-gpghome.fEZ5v2QUNT:
total 0
-rw-r--r-- 1 _apt nogroup 0 May 13 16:22 pubring.gpg
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.RxUCYQ
-rw------- 1 _apt nogroup 37702 May 13 16:22 /tmp/apt.data.G61KvP
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.M6QUNP

/tmp/apt-key-gpghome.fEZ5v2QUNT:
total 128
-rw-r--r-- 1 _apt nogroup 63232 May 13 16:22 pubring.gpg
-rw-r--r-- 1 _apt nogroup 63232 May 13 16:22 pubring.orig.gpg
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.RxUCYQ
-rw------- 1 _apt nogroup 37702 May 13 16:22 /tmp/apt.data.G61KvP
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.M6QUNP

/tmp/apt-key-gpghome.fEZ5v2QUNT:
total 132
-rw-r--r-- 1 _apt nogroup    82 May 13 16:22 gpg.1.sh
-rw-r--r-- 1 _apt nogroup 63232 May 13 16:22 pubring.gpg
-rw-r--r-- 1 _apt nogroup 63232 May 13 16:22 pubring.orig.gpg
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.ZDY4hD
-rw------- 1 _apt nogroup 42593 May 13 16:22 /tmp/apt.data.nQvbxE
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.7b8D7E
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.ZDY4hD
-rw------- 1 _apt nogroup 42593 May 13 16:22 /tmp/apt.data.nQvbxE
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.7b8D7E
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.ZDY4hD
-rw------- 1 _apt nogroup 42593 May 13 16:22 /tmp/apt.data.nQvbxE
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.7b8D7E

/tmp/apt-key-gpghome.o4QQiQ6SZA:
total 0
-rw-r--r-- 1 _apt nogroup 0 May 13 16:22 pubring.gpg
-rw------- 1 _apt nogroup 10127 May 13 16:22 /tmp/apt.conf.ZDY4hD
-rw------- 1 _apt nogroup 42593 May 13 16:22 /tmp/apt.data.nQvbxE
-rw------- 1 _apt nogroup  1601 May 13 16:22 /tmp/apt.sig.7b8D7E

/tmp/apt-key-gpghome.o4QQiQ6SZA:
total 128
-rw-r--r-- 1 _apt nogroup 63232 May 13 16:22 pubring.gpg
-rw-r--r-- 1 _apt nogroup 63232 May 13 16:22 pubring.orig.gpg
ls: cannot access '/tmp/apt.conf.ZDY4hD': No such file or directory
ls: cannot access '/tmp/apt.data.nQvbxE': No such file or directory
ls: cannot access '/tmp/apt-key-gpghome.o4QQiQ6SZA': No such file or directory
ls: cannot access '/tmp/apt.sig.7b8D7E': No such file or directory

Huecuva
Posts: 135
Joined: 2017-06-09 04:00

Re: Apt signature verification problems.

#25 Post by Huecuva »

Yes, mine is very different:

Code: Select all

# apt-get -o Debug::Acquire::gpgv=1 update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Get:2 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB]
0% [Waiting for headers] [2 InRelease 28.2 kB/44.1 kB 64%]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.uViycE /tmp/apt.data.2ChOjF
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB]
Get:4 http://deb.debian.org/debian bullseye-backports InRelease [44.2 kB]
0% [4 InRelease 832 B/44.2 kB 2%]gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey:
  Signed-By:
  NODATA: no
Err:1 http://deb.debian.org/debian bullseye InRelease
  Unknown error executing apt-key
0% [4 InRelease 36.9 kB/44.2 kB 83%]inside VerifyGetSigners
0% [Working]Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.tItjB8 /tmp/apt.data.3vYLw8
gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey:
  Signed-By:
  NODATA: no
Err:2 http://security.debian.org/debian-security bullseye-security InRelease
  Unknown error executing apt-key
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.7iNrwz /tmp/apt.data.Re2CaB
gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey:
  Signed-By:
  NODATA: no
Err:3 http://deb.debian.org/debian bullseye-updates InRelease
  Unknown error executing apt-key
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.Qn62Kl /tmp/apt.data.95q9Vn
gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey:
  Signed-By:
  NODATA: no
Err:4 http://deb.debian.org/debian bullseye-backports InRelease
  Unknown error executing apt-key
Fetched 128 kB in 0s (463 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bullseye InRelease: Unknown error executing apt-key
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security bullseye-security InRelease: Unknown error executing apt-key
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bullseye-updates InRelease: Unknown error executing apt-key
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bullseye-backports InRelease: Unknown error executing apt-key
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease  Unknown error executing apt-key
W: Failed to fetch http://security.debian.org/debian-security/dists/bullseye-security/InRelease  Unknown error executing apt-key
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye-updates/InRelease  Unknown error executing apt-key
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye-backports/InRelease  Unknown error executing apt-key
W: Some index files failed to download. They have been ignored, or old ones used instead.

Code: Select all

# while true; do sleep .01; [[ "$(ls /tmp/apt* 2>/dev/null)" ]] || continue; ls -l /tmp/apt*; done
---------- 1 _apt nogroup      0 May 13 19:02 /tmp/apt.conf.VYj9rB
---------- 1 _apt nogroup 113483 May 13 19:02 /tmp/apt.data.2ChOjF
---------- 1 _apt nogroup   2410 May 13 19:02 /tmp/apt.sig.uViycE
---------- 1 _apt nogroup      0 May 13 19:02 /tmp/apt.conf.VYj9rB
---------- 1 _apt nogroup 113483 May 13 19:02 /tmp/apt.data.2ChOjF
---------- 1 _apt nogroup   2410 May 13 19:02 /tmp/apt.sig.uViycE

/tmp/apt-key-gpghome.PPgkvDwymF:
total 0
--------w- 1 _apt nogroup 0 May 13 19:02 pubring.gpg
---------- 1 _apt nogroup     0 May 13 19:02 /tmp/apt.conf.9Fakp4
---------- 1 _apt nogroup 42450 May 13 19:02 /tmp/apt.data.3vYLw8
---------- 1 _apt nogroup  1601 May 13 19:02 /tmp/apt.sig.tItjB8
---------- 1 _apt nogroup     0 May 13 19:02 /tmp/apt.conf.9Fakp4
---------- 1 _apt nogroup 42450 May 13 19:02 /tmp/apt.data.3vYLw8
---------- 1 _apt nogroup  1601 May 13 19:02 /tmp/apt.sig.tItjB8
---------- 1 _apt nogroup     0 May 13 19:02 /tmp/apt.conf.ndGaAA
---------- 1 _apt nogroup 37702 May 13 19:02 /tmp/apt.data.Re2CaB
---------- 1 _apt nogroup  1601 May 13 19:02 /tmp/apt.sig.7iNrwz
---------- 1 _apt nogroup     0 May 13 19:02 /tmp/apt.conf.ndGaAA
---------- 1 _apt nogroup 37702 May 13 19:02 /tmp/apt.data.Re2CaB
---------- 1 _apt nogroup  1601 May 13 19:02 /tmp/apt.sig.7iNrwz
---------- 1 _apt nogroup     0 May 13 19:02 /tmp/apt.conf.ndGaAA
---------- 1 _apt nogroup 37702 May 13 19:02 /tmp/apt.data.Re2CaB
---------- 1 _apt nogroup  1601 May 13 19:02 /tmp/apt.sig.7iNrwz

/tmp/apt-key-gpghome.584bAxEBL1:
total 0
--------w- 1 _apt nogroup 0 May 13 19:02 pubring.gpg
---------- 1 _apt nogroup     0 May 13 19:02 /tmp/apt.conf.K3m7im
---------- 1 _apt nogroup 42593 May 13 19:02 /tmp/apt.data.95q9Vn
---------- 1 _apt nogroup  1601 May 13 19:02 /tmp/apt.sig.Qn62Kl
---------- 1 _apt nogroup     0 May 13 19:02 /tmp/apt.conf.K3m7im
---------- 1 _apt nogroup 42593 May 13 19:02 /tmp/apt.data.95q9Vn
---------- 1 _apt nogroup  1601 May 13 19:02 /tmp/apt.sig.Qn62Kl

/tmp/apt-key-gpghome.OfCZQiYg7O:
total 0
--------w- 1 _apt nogroup 0 May 13 19:02 pubring.gpg
I tried googling gpgv exited with status 2 but I could find nothing particularly relevant or recent.

User avatar
fabien
Posts: 95
Joined: 2019-12-03 12:51
Location: Toulouse, France
Has thanked: 7 times
Been thanked: 16 times

Re: Apt signature verification problems.

#26 Post by fabien »

Files permissions in /tmp/ seem odd (unless some artifact due to the method).

Some more tests:

1) Testing gpgv basics (the command is launched as normal user, not root)

Code: Select all

for SIGNED in $(ls /var/lib/apt/lists/*_InRelease); do \
echo -e "\n>>> $SIGNED"; \
gpgv -v --keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg \
--keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg \
--keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg \
--keyring /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg \
--keyring /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg \
--keyring /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg \
"$SIGNED"; echo "gpgv exited with status $?"; done


>>> /var/lib/apt/lists/deb.debian.org_debian_dists_bullseye-backports_InRelease
gpgv: armor header: Hash: SHA256
gpgv: original file name=''
gpgv: Signature made Sat 14 May 2022 10:27:20 AM CEST
gpgv:                using RSA key 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
gpgv: using subkey 648ACFD622F3D138 instead of primary key DC30D7C23CBBABEE
gpgv: using subkey 648ACFD622F3D138 instead of primary key DC30D7C23CBBABEE
gpgv: Good signature from "Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Sat 14 May 2022 10:28:01 AM CEST
gpgv:                using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: Good signature from "Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv exited with status 0

>>> /var/lib/apt/lists/deb.debian.org_debian_dists_bullseye_InRelease
gpgv: armor header: Hash: SHA256
gpgv: original file name=''
gpgv: Signature made Sat 26 Mar 2022 11:20:09 AM CET
gpgv:                using RSA key 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
gpgv: using subkey 648ACFD622F3D138 instead of primary key DC30D7C23CBBABEE
gpgv: using subkey 648ACFD622F3D138 instead of primary key DC30D7C23CBBABEE
gpgv: Good signature from "Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Sat 26 Mar 2022 11:20:10 AM CET
gpgv:                using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: Good signature from "Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Sat 26 Mar 2022 11:24:54 AM CET
gpgv:                using RSA key A4285295FC7B1A81600062A9605C66F00D6C9793
gpgv:                issuer "debian-release@lists.debian.org"
gpgv: Good signature from "Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv exited with status 0

>>> /var/lib/apt/lists/deb.debian.org_debian_dists_bullseye-updates_InRelease
gpgv: armor header: Hash: SHA256
gpgv: original file name=''
gpgv: Signature made Sat 14 May 2022 10:26:49 AM CEST
gpgv:                using RSA key 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
gpgv: using subkey 648ACFD622F3D138 instead of primary key DC30D7C23CBBABEE
gpgv: using subkey 648ACFD622F3D138 instead of primary key DC30D7C23CBBABEE
gpgv: Good signature from "Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Sat 14 May 2022 10:27:32 AM CEST
gpgv:                using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: Good signature from "Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv exited with status 0

>>> /var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_InRelease
gpgv: armor header: Hash: SHA256
gpgv: original file name=''
gpgv: Signature made Sat 14 May 2022 02:31:36 AM CEST
gpgv:                using RSA key 5237CEEEF212F3D51C74ABE0112695A0E562B32A
gpgv: using subkey 112695A0E562B32A instead of primary key 4DFAB270CAA96DFA
gpgv: using subkey 112695A0E562B32A instead of primary key 4DFAB270CAA96DFA
gpgv: Good signature from "Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Sat 14 May 2022 02:31:36 AM CEST
gpgv:                using RSA key ED541312A33F1128F10B1C6C54404762BBB6E853
gpgv: using subkey 54404762BBB6E853 instead of primary key A48449044AAD5C5D
gpgv: using subkey 54404762BBB6E853 instead of primary key A48449044AAD5C5D
gpgv: Good signature from "Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv exited with status 0
2) Some information about your filesystem

Code: Select all

$> stat / /tmp/
$> stat -f / /tmp/
3) Testing 'apt update' with another TMPDIR
- creating a temporary directory for apt.
I suggest that you use your /archive partition unless you have an objection. I will personally use /Tankers/T1/faketmp/ for this test.

Code: Select all

#> mkdir /archive/faketmp/
#> chmod 1777 /archive/faketmp/
#> ls -ld /tmp/ /archive/faketmp/

drwxrwxrwt  2 root root 4096 May 14 13:41 /archive/faketmp/
drwxrwxrwt 12 root root  280 May 14 13:40 /tmp/
- /archive/faketmp/ "snapshots" (/Tankers/T1/faketmp/ for me)

Code: Select all

while true; do sleep .01; [[ "$(ls /archive/faketmp/apt* 2>/dev/null)" ]] || continue; ls -l /archive/faketmp/apt*; done

-rw------- 1 _apt nogroup  10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.mx1GC0
-rw------- 1 _apt nogroup 113483 May 14 13:41 /Tankers/T1/faketmp/apt.data.MRiG32
-rw------- 1 _apt nogroup   2410 May 14 13:41 /Tankers/T1/faketmp/apt.sig.uC4jN1
-rw------- 1 _apt nogroup  10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.mx1GC0
-rw------- 1 _apt nogroup 113483 May 14 13:41 /Tankers/T1/faketmp/apt.data.MRiG32
-rw------- 1 _apt nogroup   2410 May 14 13:41 /Tankers/T1/faketmp/apt.sig.uC4jN1
-rw------- 1 _apt nogroup  10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.mx1GC0
-rw------- 1 _apt nogroup 113483 May 14 13:41 /Tankers/T1/faketmp/apt.data.MRiG32
-rw------- 1 _apt nogroup   2410 May 14 13:41 /Tankers/T1/faketmp/apt.sig.uC4jN1
-rw------- 1 _apt nogroup  10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.mx1GC0
-rw------- 1 _apt nogroup 113483 May 14 13:41 /Tankers/T1/faketmp/apt.data.MRiG32
-rw------- 1 _apt nogroup   2410 May 14 13:41 /Tankers/T1/faketmp/apt.sig.uC4jN1

/Tankers/T1/faketmp/apt-key-gpghome.u0lZhEVBHC:
total 0
-rw-r--r-- 1 _apt nogroup 0 May 14 13:41 pubring.gpg
-rw------- 1 _apt nogroup  10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.mx1GC0
-rw------- 1 _apt nogroup 113483 May 14 13:41 /Tankers/T1/faketmp/apt.data.MRiG32
-rw------- 1 _apt nogroup   2410 May 14 13:41 /Tankers/T1/faketmp/apt.sig.uC4jN1

/Tankers/T1/faketmp/apt-key-gpghome.u0lZhEVBHC:
total 128
-rw-r--r-- 1 _apt nogroup 63232 May 14 13:41 pubring.gpg
-rw-r--r-- 1 _apt nogroup 63232 May 14 13:41 pubring.orig.gpg
-rw------- 1 _apt nogroup  10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.mx1GC0
-rw------- 1 _apt nogroup 113483 May 14 13:41 /Tankers/T1/faketmp/apt.data.MRiG32
-rw------- 1 _apt nogroup   2410 May 14 13:41 /Tankers/T1/faketmp/apt.sig.uC4jN1

/Tankers/T1/faketmp/apt-key-gpghome.u0lZhEVBHC:
total 132
-rw-r--r-- 1 _apt nogroup    97 May 14 13:41 gpg.1.sh
-rw-r--r-- 1 _apt nogroup 63232 May 14 13:41 pubring.gpg
-rw-r--r-- 1 _apt nogroup 63232 May 14 13:41 pubring.orig.gpg
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.YnYJ75
-rw------- 1 _apt nogroup 42450 May 14 13:41 /Tankers/T1/faketmp/apt.data.wFTqC6
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.DZDJc7
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.YnYJ75
-rw------- 1 _apt nogroup 42450 May 14 13:41 /Tankers/T1/faketmp/apt.data.wFTqC6
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.DZDJc7
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.YnYJ75
-rw------- 1 _apt nogroup 42450 May 14 13:41 /Tankers/T1/faketmp/apt.data.wFTqC6
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.DZDJc7
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.YnYJ75
-rw------- 1 _apt nogroup 42450 May 14 13:41 /Tankers/T1/faketmp/apt.data.wFTqC6
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.DZDJc7

/Tankers/T1/faketmp/apt-key-gpghome.ytWQbhyil2:
total 36
-rw-r--r-- 1 _apt nogroup 35601 May 14 13:41 pubring.gpg
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.YnYJ75
-rw------- 1 _apt nogroup 42450 May 14 13:41 /Tankers/T1/faketmp/apt.data.wFTqC6
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.DZDJc7

/Tankers/T1/faketmp/apt-key-gpghome.ytWQbhyil2:
total 132
-rw-r--r-- 1 _apt nogroup    97 May 14 13:41 gpg.1.sh
-rw-r--r-- 1 _apt nogroup 63232 May 14 13:41 pubring.gpg
-rw-r--r-- 1 _apt nogroup 63232 May 14 13:41 pubring.orig.gpg
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.WzKY6V
-rw------- 1 _apt nogroup 37702 May 14 13:41 /Tankers/T1/faketmp/apt.data.73WG9R
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.ZcH0zV
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.WzKY6V
-rw------- 1 _apt nogroup 37702 May 14 13:41 /Tankers/T1/faketmp/apt.data.73WG9R
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.ZcH0zV
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.WzKY6V
-rw------- 1 _apt nogroup 37702 May 14 13:41 /Tankers/T1/faketmp/apt.data.73WG9R
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.ZcH0zV
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.WzKY6V
-rw------- 1 _apt nogroup 37702 May 14 13:41 /Tankers/T1/faketmp/apt.data.73WG9R
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.ZcH0zV

/Tankers/T1/faketmp/apt-key-gpghome.uJ1DiVt518:
total 28
-rw-r--r-- 1 _apt nogroup 27469 May 14 13:41 pubring.gpg
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.WzKY6V
-rw------- 1 _apt nogroup 37702 May 14 13:41 /Tankers/T1/faketmp/apt.data.73WG9R
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.ZcH0zV

/Tankers/T1/faketmp/apt-key-gpghome.uJ1DiVt518:
total 132
-rw-r--r-- 1 _apt nogroup    97 May 14 13:41 gpg.1.sh
-rw-r--r-- 1 _apt nogroup 63232 May 14 13:41 pubring.gpg
-rw-r--r-- 1 _apt nogroup 63232 May 14 13:41 pubring.orig.gpg
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.fyibFO
-rw------- 1 _apt nogroup 42593 May 14 13:41 /Tankers/T1/faketmp/apt.data.fU3euP
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.Fx5bCP
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.fyibFO
-rw------- 1 _apt nogroup 42593 May 14 13:41 /Tankers/T1/faketmp/apt.data.fU3euP
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.Fx5bCP
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.fyibFO
-rw------- 1 _apt nogroup 42593 May 14 13:41 /Tankers/T1/faketmp/apt.data.fU3euP
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.Fx5bCP

/Tankers/T1/faketmp/apt-key-gpghome.HiaMsxLl8H:
total 0
-rw-r--r-- 1 _apt nogroup 0 May 14 13:41 pubring.gpg
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.fyibFO
-rw------- 1 _apt nogroup 42593 May 14 13:41 /Tankers/T1/faketmp/apt.data.fU3euP
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.Fx5bCP

/Tankers/T1/faketmp/apt-key-gpghome.HiaMsxLl8H:
total 64
-rw-r--r-- 1 _apt nogroup 63232 May 14 13:41 pubring.gpg
-rw------- 1 _apt nogroup 10127 May 14 13:41 /Tankers/T1/faketmp/apt.conf.fyibFO
-rw------- 1 _apt nogroup 42593 May 14 13:41 /Tankers/T1/faketmp/apt.data.fU3euP
-rw------- 1 _apt nogroup  1601 May 14 13:41 /Tankers/T1/faketmp/apt.sig.Fx5bCP

/Tankers/T1/faketmp/apt-key-gpghome.HiaMsxLl8H:
total 132
-rw-r--r-- 1 _apt nogroup    97 May 14 13:41 gpg.1.sh
-rw-r--r-- 1 _apt nogroup 63232 May 14 13:41 pubring.gpg
-rw-r--r-- 1 _apt nogroup 63232 May 14 13:41 pubring.orig.gpg
- 'apt update' with /archive/faketmp/ as TMPDIR

Code: Select all

TMPDIR="/archive/faketmp/" apt-get -o Debug::Acquire::gpgv=1 update

Hit:1 https://deb.debian.org/debian bullseye InRelease
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /Tankers/T1/faketmp//apt.sig.uC4jN1 /Tankers/T1/faketmp//apt.data.MRiG32
Hit:2 https://deb.debian.org/debian-security bullseye-security InRelease
Hit:3 https://deb.debian.org/debian bullseye-updates InRelease
0% [Working]Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE 0

Read: [GNUPG:] SIG_ID aUeUYT8EXF418JYI7IYvwABzzXw 2022-03-26 1648290009

Read: [GNUPG:] KEY_CONSIDERED 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE 0

Read: [GNUPG:] GOODSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>

Got GOODSIG 648ACFD622F3D138 !
Read: [GNUPG:] VALIDSIG 0146DC6D4A0B2914BDED34DB648ACFD622F3D138 2022-03-26 1648290009 0 4 0 1 8 01 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE

Got trusted VALIDSIG, key ID: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] SIG_ID 29ZD0YEoHTQsrwNuEHzwx69gBIU 2022-03-26 1648290010

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] GOODSIG 0E98404D386FA1D9 Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 0E98404D386FA1D9 !
Read: [GNUPG:] VALIDSIG A7236886F3CCCAAD148A27F80E98404D386FA1D9 2022-03-26 1648290010 0 4 0 1 8 01 1F89983E0081FDE018F3CC9673A4F27B8DD47936

Got trusted VALIDSIG, key ID: A7236886F3CCCAAD148A27F80E98404D386FA1D9
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

Read: [GNUPG:] NEWSIG debian-release@lists.debian.org

Read: [GNUPG:] KEY_CONSIDERED A4285295FC7B1A81600062A9605C66F00D6C9793 0

Read: [GNUPG:] SIG_ID Zi982pBV4e6kdFRYLqKFp/jsql0 2022-03-26 1648290294

Read: [GNUPG:] KEY_CONSIDERED A4285295FC7B1A81600062A9605C66F00D6C9793 0

Read: [GNUPG:] GOODSIG 605C66F00D6C9793 Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>

Got GOODSIG 605C66F00D6C9793 !
Read: [GNUPG:] VALIDSIG A4285295FC7B1A81600062A9605C66F00D6C9793 2022-03-26 1648290294 0 4 0 1 8 01 A4285295FC7B1A81600062A9605C66F00D6C9793

Got trusted VALIDSIG, key ID: A4285295FC7B1A81600062A9605C66F00D6C9793
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

gpgv exited with status 0
Summary:
  Good: GOODSIG 648ACFD622F3D138, GOODSIG 0E98404D386FA1D9, GOODSIG 605C66F00D6C9793
  Valid: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138, A7236886F3CCCAAD148A27F80E98404D386FA1D9, A4285295FC7B1A81600062A9605C66F00D6C9793
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: 
  Signed-By: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138!, 1F89983E0081FDE018F3CC9673A4F27B8DD47936, 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE, A4285295FC7B1A81600062A9605C66F00D6C9793!, A7236886F3CCCAAD148A27F80E98404D386FA1D9!
  NODATA: no
apt-key succeeded
0% [Waiting for headers]inside VerifyGetSigners
Get:4 https://deb.debian.org/debian bullseye-backports InRelease [44.2 kB]
0% [4 InRelease 0 B/44.2 kB 0%]Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /Tankers/T1/faketmp//apt.sig.DZDJc7 /Tankers/T1/faketmp//apt.data.wFTqC6
0% [Working]Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 5E61B217265DA9807A23C5FF4DFAB270CAA96DFA 0

Read: [GNUPG:] SIG_ID ni4+jge8Jpnotp588YXl93laHTo 2022-05-14 1652488296

Read: [GNUPG:] KEY_CONSIDERED 5E61B217265DA9807A23C5FF4DFAB270CAA96DFA 0

Read: [GNUPG:] GOODSIG 112695A0E562B32A Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>

Got GOODSIG 112695A0E562B32A !
Read: [GNUPG:] VALIDSIG 5237CEEEF212F3D51C74ABE0112695A0E562B32A 2022-05-14 1652488296 0 4 0 1 8 01 5E61B217265DA9807A23C5FF4DFAB270CAA96DFA

Got trusted VALIDSIG, key ID: 5237CEEEF212F3D51C74ABE0112695A0E562B32A
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED AC530D520F2F3269F5E98313A48449044AAD5C5D 0

Read: [GNUPG:] SIG_ID YgBmsTS0vls5lLPMT38PpLhKljs 2022-05-14 1652488296

Read: [GNUPG:] KEY_CONSIDERED AC530D520F2F3269F5E98313A48449044AAD5C5D 0

Read: [GNUPG:] GOODSIG 54404762BBB6E853 Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 54404762BBB6E853 !
Read: [GNUPG:] VALIDSIG ED541312A33F1128F10B1C6C54404762BBB6E853 2022-05-14 1652488296 0 4 0 1 8 01 AC530D520F2F3269F5E98313A48449044AAD5C5D

Got trusted VALIDSIG, key ID: ED541312A33F1128F10B1C6C54404762BBB6E853
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

gpgv exited with status 0
Summary:
  Good: GOODSIG 112695A0E562B32A, GOODSIG 54404762BBB6E853
  Valid: 5237CEEEF212F3D51C74ABE0112695A0E562B32A, ED541312A33F1128F10B1C6C54404762BBB6E853
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: 
  Signed-By: 5237CEEEF212F3D51C74ABE0112695A0E562B32A!, 5E61B217265DA9807A23C5FF4DFAB270CAA96DFA, AC530D520F2F3269F5E98313A48449044AAD5C5D, ED541312A33F1128F10B1C6C54404762BBB6E853!
  NODATA: no
apt-key succeeded
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /Tankers/T1/faketmp//apt.sig.ZcH0zV /Tankers/T1/faketmp//apt.data.73WG9R
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE 0

Read: [GNUPG:] SIG_ID 1B41THXhokEowEnIHNPsoI8cIGk 2022-05-14 1652516809

Read: [GNUPG:] KEY_CONSIDERED 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE 0

Read: [GNUPG:] GOODSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>

Got GOODSIG 648ACFD622F3D138 !
Read: [GNUPG:] VALIDSIG 0146DC6D4A0B2914BDED34DB648ACFD622F3D138 2022-05-14 1652516809 0 4 0 1 8 01 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE

Got trusted VALIDSIG, key ID: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] SIG_ID drDwJ3n0R3H7s8jxTIa7eZqhAak 2022-05-14 1652516852

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] GOODSIG 0E98404D386FA1D9 Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 0E98404D386FA1D9 !
Read: [GNUPG:] VALIDSIG A7236886F3CCCAAD148A27F80E98404D386FA1D9 2022-05-14 1652516852 0 4 0 1 8 01 1F89983E0081FDE018F3CC9673A4F27B8DD47936

Got trusted VALIDSIG, key ID: A7236886F3CCCAAD148A27F80E98404D386FA1D9
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

gpgv exited with status 0
Summary:
  Good: GOODSIG 648ACFD622F3D138, GOODSIG 0E98404D386FA1D9
  Valid: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138, A7236886F3CCCAAD148A27F80E98404D386FA1D9
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: 
  Signed-By: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138!, 1F89983E0081FDE018F3CC9673A4F27B8DD47936, 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE, A7236886F3CCCAAD148A27F80E98404D386FA1D9!
  NODATA: no
apt-key succeeded
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /Tankers/T1/faketmp//apt.sig.Fx5bCP /Tankers/T1/faketmp//apt.data.fU3euP
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE 0

Read: [GNUPG:] SIG_ID HKx5ODTSW75KP0xGkJwgvCPDvBg 2022-05-14 1652516840

Read: [GNUPG:] KEY_CONSIDERED 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE 0

Read: [GNUPG:] GOODSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>

Got GOODSIG 648ACFD622F3D138 !
Read: [GNUPG:] VALIDSIG 0146DC6D4A0B2914BDED34DB648ACFD622F3D138 2022-05-14 1652516840 0 4 0 1 8 01 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE

Got trusted VALIDSIG, key ID: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] SIG_ID PqO0qZyhRrmtImvRcBwqPYzh6bE 2022-05-14 1652516881

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] GOODSIG 0E98404D386FA1D9 Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 0E98404D386FA1D9 !
Read: [GNUPG:] VALIDSIG A7236886F3CCCAAD148A27F80E98404D386FA1D9 2022-05-14 1652516881 0 4 0 1 8 01 1F89983E0081FDE018F3CC9673A4F27B8DD47936

Got trusted VALIDSIG, key ID: A7236886F3CCCAAD148A27F80E98404D386FA1D9
Read: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

gpgv exited with status 0
Summary:
  Good: GOODSIG 648ACFD622F3D138, GOODSIG 0E98404D386FA1D9
  Valid: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138, A7236886F3CCCAAD148A27F80E98404D386FA1D9
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: 
  Signed-By: 0146DC6D4A0B2914BDED34DB648ACFD622F3D138!, 1F89983E0081FDE018F3CC9673A4F27B8DD47936, 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE, A7236886F3CCCAAD148A27F80E98404D386FA1D9!
  NODATA: no
apt-key succeeded
Get:5 https://deb.debian.org/debian bullseye-backports/main amd64 Packages [269 kB]
Get:6 https://deb.debian.org/debian bullseye-backports/main Translation-en [212 kB]
Get:7 https://deb.debian.org/debian bullseye-backports/main all Contents (deb) [4146 kB]
Get:8 https://deb.debian.org/debian bullseye-backports/main amd64 Contents (deb) [1517 kB]
Get:9 https://deb.debian.org/debian bullseye-backports/contrib amd64 Packages [4704 B]
Get:10 https://deb.debian.org/debian bullseye-backports/contrib Translation-en [4196 B]
Get:11 https://deb.debian.org/debian bullseye-backports/contrib amd64 Contents (deb) [16.6 kB]
Get:12 https://deb.debian.org/debian bullseye-backports/contrib all Contents (deb) [7203 B]
Get:13 https://deb.debian.org/debian bullseye-backports/non-free amd64 Packages [11.0 kB]
Get:14 https://deb.debian.org/debian bullseye-backports/non-free Translation-en [8252 B]
Get:15 https://deb.debian.org/debian bullseye-backports/non-free amd64 Contents (deb) [10.8 kB]
Get:16 https://deb.debian.org/debian bullseye-backports/non-free all Contents (deb) [33.8 kB]
Fetched 6285 kB in 4s (1659 kB/s)                                
Reading package lists... Done

Huecuva
Posts: 135
Joined: 2017-06-09 04:00

Re: Apt signature verification problems.

#27 Post by Huecuva »

Code: Select all

$ for SIGNED in $(ls /var/lib/apt/lists/*_InRelease); do \
echo -e "\n>>> $SIGNED"; \
gpgv -v --keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg \ 
--keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg \
--keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg \
--keyring /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg \
--keyring /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg \
--keyring /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg \
"$SIGNED"; echo "gpgv exited with status $?"; done

>>> /var/lib/apt/lists/deb.debian.org_debian_dists_bullseye-backports_InRelease
gpgv: armor header: Hash: SHA256
gpgv: original file name=''
gpgv: Signature made Fri 13 May 2022 01:16:41 AM PDT
gpgv:                using RSA key 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
gpgv: using subkey 648ACFD622F3D138 instead of primary key DC30D7C23CBBABEE
gpgv: using subkey 648ACFD622F3D138 instead of primary key DC30D7C23CBBABEE
gpgv: Good signature from "Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Fri 13 May 2022 01:17:20 AM PDT
gpgv:                using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: Good signature from "Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv exited with status 0

>>> /var/lib/apt/lists/deb.debian.org_debian_dists_bullseye_InRelease
gpgv: armor header: Hash: SHA256
gpgv: original file name=''
gpgv: Signature made Sat 26 Mar 2022 03:20:09 AM PDT
gpgv:                using RSA key 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
gpgv: using subkey 648ACFD622F3D138 instead of primary key DC30D7C23CBBABEE
gpgv: using subkey 648ACFD622F3D138 instead of primary key DC30D7C23CBBABEE
gpgv: Good signature from "Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Sat 26 Mar 2022 03:20:10 AM PDT
gpgv:                using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: Good signature from "Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Sat 26 Mar 2022 03:24:54 AM PDT
gpgv:                using RSA key A4285295FC7B1A81600062A9605C66F00D6C9793
gpgv:                issuer "debian-release@lists.debian.org"
gpgv: Good signature from "Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv exited with status 0

>>> /var/lib/apt/lists/deb.debian.org_debian_dists_bullseye-updates_InRelease
gpgv: armor header: Hash: SHA256
gpgv: original file name=''
gpgv: Signature made Fri 13 May 2022 01:16:17 AM PDT
gpgv:                using RSA key 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
gpgv: using subkey 648ACFD622F3D138 instead of primary key DC30D7C23CBBABEE
gpgv: using subkey 648ACFD622F3D138 instead of primary key DC30D7C23CBBABEE
gpgv: Good signature from "Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Fri 13 May 2022 01:16:58 AM PDT
gpgv:                using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: Good signature from "Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv exited with status 0

>>> /var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_InRelease
gpgv: armor header: Hash: SHA256
gpgv: original file name=''
gpgv: Signature made Thu 12 May 2022 02:51:29 PM PDT
gpgv:                using RSA key 5237CEEEF212F3D51C74ABE0112695A0E562B32A
gpgv: using subkey 112695A0E562B32A instead of primary key 4DFAB270CAA96DFA
gpgv: using subkey 112695A0E562B32A instead of primary key 4DFAB270CAA96DFA
gpgv: Good signature from "Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Thu 12 May 2022 02:51:29 PM PDT
gpgv:                using RSA key ED541312A33F1128F10B1C6C54404762BBB6E853
gpgv: using subkey 54404762BBB6E853 instead of primary key A48449044AAD5C5D
gpgv: using subkey 54404762BBB6E853 instead of primary key A48449044AAD5C5D
gpgv: Good signature from "Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv exited with status 0

Code: Select all

$ stat / /tmp/
  File: /
  Size: 4096      	Blocks: 8          IO Block: 4096   directory
Device: 801h/2049d	Inode: 2           Links: 19
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2022-05-10 16:54:11.180700362 -0700
Modify: 2022-05-07 06:41:32.044766003 -0700
Change: 2022-05-07 06:41:32.044766003 -0700
 Birth: 2021-06-03 20:27:08.000000000 -0700
  File: /tmp/
  Size: 4096      	Blocks: 8          IO Block: 4096   directory
Device: 801h/2049d	Inode: 524299      Links: 11
Access: (1777/drwxrwxrwt)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2022-05-13 19:02:39.938421098 -0700
Modify: 2022-05-14 00:00:18.277171594 -0700
Change: 2022-05-14 00:00:18.277171594 -0700
 Birth: 2021-06-03 20:27:11.247750000 -0700

Code: Select all

$ stat -f / /tmp/
  File: "/"
    ID: 1b6c99bf6de466e4 Namelen: 255     Type: ext2/ext3
Block size: 4096       Fundamental block size: 4096
Blocks: Total: 2554181    Free: 1497423    Available: 1362281
Inodes: Total: 655360     Free: 542254
  File: "/tmp/"
    ID: 1b6c99bf6de466e4 Namelen: 255     Type: ext2/ext3
Block size: 4096       Fundamental block size: 4096
Blocks: Total: 2554181    Free: 1497423    Available: 1362281
Inodes: Total: 655360     Free: 542254

Code: Select all

# ls -ld /tmp/ /archive/faketmp/
drwxrwxrwt  2 root root    2 May 14 09:29 /archive/faketmp/
drwxrwxrwt 11 root root 4096 May 14 00:00 /tmp/

Code: Select all

# while true; do sleep .01; [[ "$(ls /archive/faketmp/apt* 2>/dev/null)" ]] || continue; ls -l /archive/faketmp/apt*; done
---------- 1 _apt nogroup     0 May 14 09:32 /archive/faketmp/apt.conf.oigtbq
---------- 1 _apt nogroup 87743 May 14 09:32 /archive/faketmp/apt.data.iHqehq
---------- 1 _apt nogroup     0 May 14 09:32 /archive/faketmp/apt.sig.6twI2n
---------- 1 _apt nogroup      0 May 14 09:32 /archive/faketmp/apt.conf.oigtbq
---------- 1 _apt nogroup 113483 May 14 09:32 /archive/faketmp/apt.data.iHqehq
---------- 1 _apt nogroup   2410 May 14 09:32 /archive/faketmp/apt.sig.6twI2n
---------- 1 _apt nogroup      0 May 14 09:32 /archive/faketmp/apt.conf.oigtbq
---------- 1 _apt nogroup 113483 May 14 09:32 /archive/faketmp/apt.data.iHqehq
---------- 1 _apt nogroup   2410 May 14 09:32 /archive/faketmp/apt.sig.6twI2n

/archive/faketmp/apt-key-gpghome.sSiyAaNUZJ:
total 1
--------w- 1 _apt nogroup 0 May 14 09:32 pubring.gpg
---------- 1 _apt nogroup     0 May 14 09:32 /archive/faketmp/apt.conf.1vVwwa
---------- 1 _apt nogroup 42450 May 14 09:32 /archive/faketmp/apt.data.iXvzPc
---------- 1 _apt nogroup  1601 May 14 09:32 /archive/faketmp/apt.sig.yR5Ovb
---------- 1 _apt nogroup     0 May 14 09:32 /archive/faketmp/apt.conf.1vVwwa
---------- 1 _apt nogroup 42450 May 14 09:32 /archive/faketmp/apt.data.iXvzPc
---------- 1 _apt nogroup  1601 May 14 09:32 /archive/faketmp/apt.sig.yR5Ovb
---------- 1 _apt nogroup     0 May 14 09:32 /archive/faketmp/apt.conf.BfHclC
---------- 1 _apt nogroup 27537 May 14 09:32 /archive/faketmp/apt.data.nwyTdG
---------- 1 _apt nogroup     0 May 14 09:32 /archive/faketmp/apt.sig.25THOC
---------- 1 _apt nogroup     0 May 14 09:32 /archive/faketmp/apt.conf.BfHclC
---------- 1 _apt nogroup 37702 May 14 09:32 /archive/faketmp/apt.data.nwyTdG
---------- 1 _apt nogroup  1601 May 14 09:32 /archive/faketmp/apt.sig.25THOC
---------- 1 _apt nogroup     0 May 14 09:32 /archive/faketmp/apt.conf.BfHclC
---------- 1 _apt nogroup 37702 May 14 09:32 /archive/faketmp/apt.data.nwyTdG
---------- 1 _apt nogroup  1601 May 14 09:32 /archive/faketmp/apt.sig.25THOC

/archive/faketmp/apt-key-gpghome.MHRuOLk1zE:
total 1
--------w- 1 _apt nogroup 0 May 14 09:32 pubring.gpg
---------- 1 _apt nogroup     0 May 14 09:32 /archive/faketmp/apt.conf.5vwyKp
---------- 1 _apt nogroup 42593 May 14 09:32 /archive/faketmp/apt.data.70LsLr
---------- 1 _apt nogroup  1601 May 14 09:32 /archive/faketmp/apt.sig.y1vDxo
---------- 1 _apt nogroup     0 May 14 09:32 /archive/faketmp/apt.conf.5vwyKp
---------- 1 _apt nogroup 42593 May 14 09:32 /archive/faketmp/apt.data.70LsLr
---------- 1 _apt nogroup  1601 May 14 09:32 /archive/faketmp/apt.sig.y1vDxo

Code: Select all

# TMPDIR="/archive/faketmp/" apt-get -o Debug::Acquire::gpgv=1 update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Get:2 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB]
0% [Waiting for headers]                      
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /archive/faketmp//apt.sig.6twI2n /archive/faketmp//apt.data.iHqehq
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB]
0% [Working]gpgv exited with status 2
Summary:
  Good: 
  Valid: 
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: 
  Signed-By: 
  NODATA: no
Get:4 http://deb.debian.org/debian bullseye-backports InRelease [44.2 kB]
Err:1 http://deb.debian.org/debian bullseye InRelease
  Unknown error executing apt-key
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /archive/faketmp//apt.sig.yR5Ovb /archive/faketmp//apt.data.iXvzPc
gpgv exited with status 2
Summary:
  Good: 
  Valid: 
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: 
  Signed-By: 
  NODATA: no
Err:2 http://security.debian.org/debian-security bullseye-security InRelease
  Unknown error executing apt-key
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /archive/faketmp//apt.sig.25THOC /archive/faketmp//apt.data.nwyTdG
gpgv exited with status 2
Summary:
  Good: 
  Valid: 
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: 
  Signed-By: 
  NODATA: no
Err:3 http://deb.debian.org/debian bullseye-updates InRelease
  Unknown error executing apt-key
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /archive/faketmp//apt.sig.y1vDxo /archive/faketmp//apt.data.70LsLr
gpgv exited with status 2
Summary:
  Good: 
  Valid: 
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: 
  Signed-By: 
  NODATA: no
Err:4 http://deb.debian.org/debian bullseye-backports InRelease
  Unknown error executing apt-key
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bullseye InRelease: Unknown error executing apt-key
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security bullseye-security InRelease: Unknown error executing apt-key
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bullseye-updates InRelease: Unknown error executing apt-key
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bullseye-backports InRelease: Unknown error executing apt-key
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease  Unknown error executing apt-key
W: Failed to fetch http://security.debian.org/debian-security/dists/bullseye-security/InRelease  Unknown error executing apt-key
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye-updates/InRelease  Unknown error executing apt-key
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye-backports/InRelease  Unknown error executing apt-key
W: Some index files failed to download. They have been ignored, or old ones used instead.
EDIT: I've also noticed just now that I am unable to install anything from any new repositories I might add because it says they are unsigned. Emby is proving troublesome for me, so I am trying to switch to Jellyfin. As per instructions found here under Debian, I've installed extrepo and then attempted to enable Jellyfin. Enabling Jellyfin only output a blank line. Updating apt gave me new errors:

Code: Select all

# apt update
Get:1 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB]
Hit:2 http://deb.debian.org/debian bullseye InRelease
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB]
Err:1 http://security.debian.org/debian-security bullseye-security InRelease
  Unknown error executing apt-key
Get:4 http://deb.debian.org/debian bullseye-backports InRelease [44.2 kB]
Err:2 http://deb.debian.org/debian bullseye InRelease
  Unknown error executing apt-key
Err:3 http://deb.debian.org/debian bullseye-updates InRelease
  Unknown error executing apt-key
Err:4 http://deb.debian.org/debian bullseye-backports InRelease
  Unknown error executing apt-key
Get:5 https://repo.jellyfin.org/debian bullseye InRelease [6,639 B]
Err:5 https://repo.jellyfin.org/debian bullseye InRelease
  Unknown error executing apt-key
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security bullseye-security InRelease: Unknown error executing apt-key
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bullseye InRelease: Unknown error executing apt-key
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bullseye-updates InRelease: Unknown error executing apt-key
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bullseye-backports InRelease: Unknown error executing apt-key
W: GPG error: https://repo.jellyfin.org/debian bullseye InRelease: Unknown error executing apt-key
E: The repository 'https://repo.jellyfin.org/debian bullseye InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
And then attempting to install Jellyfin failed:

Code: Select all

# apt install jellyfin
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package jellyfin
/var/lib/apt/lists/ seems to have a bit more in it, too, though it doesn't say anything about Jellyfin:

Code: Select all

# ls -lah /var/lib/apt/lists/
total 124M
drwxr-xr-x 4 root root 4.0K May 14 12:31 .
drwxr-xr-x 5 root root 4.0K May 14 22:47 ..
drwxr-xr-x 2 _apt root 4.0K Jun  3  2021 auxfiles
-rw-r--r-- 1 root root  23K Apr 19 07:12 deb.debian.org_debian_dists_bullseye-backports_contrib_binary-amd64_Packages
-rw-r--r-- 1 root root  22K Apr 19 07:12 deb.debian.org_debian_dists_bullseye-backports_contrib_binary-amd64_Packages.diff_Index
-rw-r--r-- 1 root root  16K Feb 23 06:18 deb.debian.org_debian_dists_bullseye-backports_contrib_i18n_Translation-en
-rw-r--r-- 1 root root 8.2K Feb 23 06:19 deb.debian.org_debian_dists_bullseye-backports_contrib_i18n_Translation-en.diff_Index
-rw-r--r-- 1 root root 9.2K Apr 19 07:12 deb.debian.org_debian_dists_bullseye-backports_contrib_source_Sources
-rw-r--r-- 1 root root  14K Apr 19 07:12 deb.debian.org_debian_dists_bullseye-backports_contrib_source_Sources.diff_Index
-rw-r--r-- 1 root root  44K May 14 07:50 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 1.7M May 14 01:25 deb.debian.org_debian_dists_bullseye-backports_main_binary-amd64_Packages
-rw-r--r-- 1 root root  62K May 14 01:25 deb.debian.org_debian_dists_bullseye-backports_main_binary-amd64_Packages.diff_Index
-rw-r--r-- 1 root root 1.3M May 10 13:12 deb.debian.org_debian_dists_bullseye-backports_main_i18n_Translation-en
-rw-r--r-- 1 root root  62K May 10 13:12 deb.debian.org_debian_dists_bullseye-backports_main_i18n_Translation-en.diff_Index
-rw-r--r-- 1 root root 2.4M May 14 07:47 deb.debian.org_debian_dists_bullseye-backports_main_source_Sources
-rw-r--r-- 1 root root  62K May 14 07:47 deb.debian.org_debian_dists_bullseye-backports_main_source_Sources.diff_Index
-rw-r--r-- 1 root root  72K Mar  7 06:33 deb.debian.org_debian_dists_bullseye-backports_non-free_binary-amd64_Packages
-rw-r--r-- 1 root root 8.2K Mar  7 06:33 deb.debian.org_debian_dists_bullseye-backports_non-free_binary-amd64_Packages.diff_Index
-rw-r--r-- 1 root root  88K Mar  7 06:33 deb.debian.org_debian_dists_bullseye-backports_non-free_i18n_Translation-en
-rw-r--r-- 1 root root 9.3K Mar  7 06:33 deb.debian.org_debian_dists_bullseye-backports_non-free_i18n_Translation-en.diff_Index
-rw-r--r-- 1 root root  16K Mar  7 06:34 deb.debian.org_debian_dists_bullseye-backports_non-free_source_Sources
-rw-r--r-- 1 root root 9.3K Mar  7 06:34 deb.debian.org_debian_dists_bullseye-backports_non-free_source_Sources.diff_Index
-rw-r--r-- 1 root root 114K Mar 26 03:29 deb.debian.org_debian_dists_bullseye_InRelease
-rw-r--r-- 1 root root  44M Mar 26 02:46 deb.debian.org_debian_dists_bullseye_main_binary-amd64_Packages
-rw-r--r-- 1 root root  29M Mar 26 02:46 deb.debian.org_debian_dists_bullseye_main_i18n_Translation-en
-rw-r--r-- 1 root root  43M Mar 26 02:46 deb.debian.org_debian_dists_bullseye_main_source_Sources
-rw-r--r-- 1 root root  39K May 14 07:50 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root 9.7K Mar 26 13:18 deb.debian.org_debian_dists_bullseye-updates_main_binary-amd64_Packages
-rw-r--r-- 1 root root 6.0K Mar 26 13:18 deb.debian.org_debian_dists_bullseye-updates_main_binary-amd64_Packages.diff_Index
-rw-r--r-- 1 root root 9.1K Oct 26  2021 deb.debian.org_debian_dists_bullseye-updates_main_i18n_Translation-en
-rw-r--r-- 1 root root 3.8K Oct 26  2021 deb.debian.org_debian_dists_bullseye-updates_main_i18n_Translation-en.diff_Index
-rw-r--r-- 1 root root 4.6K Mar 26 13:18 deb.debian.org_debian_dists_bullseye-updates_main_source_Sources
-rw-r--r-- 1 root root 6.0K Mar 26 13:18 deb.debian.org_debian_dists_bullseye-updates_main_source_Sources.diff_Index
-rw-r----- 1 root root    0 Jun  3  2021 lock
drwx------ 2 _apt root 4.0K May 14 22:48 partial
-rw-r--r-- 1 root root  44K May 14 11:31 security.debian.org_debian-security_dists_bullseye-security_InRelease
-rw-r--r-- 1 root root 968K May 12 12:25 security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
-rw-r--r-- 1 root root 630K May  8 12:06 security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
-rw-r--r-- 1 root root 1.4M May 12 12:25 security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
This is what I found in /var/lib/apt/lists/partial/ after all of this:

Code: Select all

# ls -la /var/lib/apt/lists/partial/
total 144
drwx------ 2 _apt root  4096 May 14 22:48 .
drwxr-xr-x 4 root root  4096 May 14 12:31 ..
-rw-r--r-- 1 root root 44244 May 14 19:26 deb.debian.org_debian_dists_bullseye-backports_InRelease
-rw-r--r-- 1 root root 39353 May 14 19:26 deb.debian.org_debian_dists_bullseye-updates_InRelease
-rw-r--r-- 1 root root  6639 May 14 16:24 repo.jellyfin.org_debian_dists_bullseye_InRelease
-rw-r--r-- 1 root root 44101 May 14 18:51 security.debian.org_debian-security_dists_bullseye-security_InRelease
Maybe this helps narrow down what's going on?

User avatar
fabien
Posts: 95
Joined: 2019-12-03 12:51
Location: Toulouse, France
Has thanked: 7 times
Been thanked: 16 times

Re: Apt signature verification problems.

#28 Post by fabien »

Huecuva wrote: 2022-05-14 16:34I've also noticed just now that I am unable to install anything from any new repositories I might add because it says they are unsigned.
You first have to solve your present problem. For now, your system is unable to fetch any new package index; those that already are in /var/lib/apt/lists/ are not updated.
This is off topic (I'm not going to help more on this), but it is probably true that the new repositories you added are unsigned. There's a procedure (a bit outdated though) to import the GPG signing key in the page you provided, take your time to read all the documentation. But do this once your main problem is solved, it's useless to try it now.
Huecuva wrote: 2022-05-14 16:34/var/lib/apt/lists/ seems to have a bit more in it
I don't see anything new here (and I'd be surprised).
Huecuva wrote: 2022-05-14 16:34Maybe this helps narrow down what's going on?
No, not really :)


Well, to the main problem.
We can see two things in apt TMPDIR:
- files permissions are not correct (000 or 002 instead of 600 or 644)
- pubring.gpg and especially apt.conf.* are empty
I took a look at those apt.conf.* files: their content is similar to 'apt-config dump' output.
It seems that, due to incorrect file permissions, apt can't write them (unless 'APT::Sandbox::User "root";' option is used, because root can do almost everything it want).
The question is: why these incorrect file permissions?

I've installed a minimal Buster system (with unattended-upgrades installed) in a VM that I've then upgraded to Bullseye. The result of 'apt-config dump' is exactly the same as yours (this means that you're running a default configuration).
Here is the content of /etc/apt/ on this reference system:

Code: Select all

ls -lA /etc/apt/*

-rw-r--r-- 1 root root  150 May 15 12:29 /etc/apt/listchanges.conf
-rw-r--r-- 1 root root 1505 May 15 12:46 /etc/apt/sources.list
-rw-r--r-- 1 root root    0 May 15 12:18 /etc/apt/sources.list~

/etc/apt/apt.conf.d:
total 36
-rw-r--r-- 1 root root   82 May 15 12:18 00CDMountPoint
-rw-r--r-- 1 root root   40 May 15 12:18 00trustcdrom
-rw-r--r-- 1 root root  630 Jun 10  2021 01autoremove
-r--r--r-- 1 root root  122 May 15 13:02 01autoremove-kernels
-rw-r--r-- 1 root root   80 Jun  8  2019 20auto-upgrades
-rw-r--r-- 1 root root  307 Mar 28  2021 20listchanges
-rw-r--r-- 1 root root 7338 May 15 13:02 50unattended-upgrades
-rw-r--r-- 1 root root  182 Feb 26  2019 70debconf

/etc/apt/auth.conf.d:
total 0

/etc/apt/listchanges.conf.d:
total 0

/etc/apt/preferences.d:
total 0

/etc/apt/sources.list.d:
total 0

/etc/apt/trusted.gpg.d:
total 68
-rw-r--r-- 1 root root 8700 Mar 16  2021 debian-archive-bullseye-automatic.gpg
-rw-r--r-- 1 root root 8709 Mar 16  2021 debian-archive-bullseye-security-automatic.gpg
-rw-r--r-- 1 root root 2453 Mar 16  2021 debian-archive-bullseye-stable.gpg
-rw-r--r-- 1 root root 8132 Apr 23  2019 debian-archive-buster-automatic.gpg
-rw-r--r-- 1 root root 8141 Apr 23  2019 debian-archive-buster-security-automatic.gpg
-rw-r--r-- 1 root root 2332 Apr 23  2019 debian-archive-buster-stable.gpg
-rw-r--r-- 1 root root 7443 Apr 23  2019 debian-archive-stretch-automatic.gpg
-rw-r--r-- 1 root root 7452 Apr 23  2019 debian-archive-stretch-security-automatic.gpg
-rw-r--r-- 1 root root 2263 Apr 23  2019 debian-archive-stretch-stable.gpg
You can compare with yours. Take attention to permissions (e.g. -rw-r--r--) and sizes (after owner). If you have any question, any doubt, or want the content of a file, just ask.

I've found the code where this 'apt-config dump' is called.
It's in apt-pkg/contrib/gpgv.cc
apt-pkg/contrib/gpgv.cc line 214 (comment: Dump the configuration so apt-key picks up the correct Dir values)
apt-pkg/contrib/gpgv.cc line 236 setenv("APT_CONFIG", conf.get(), 1);
But I'm not a programmer, I don't know how permissions are set. Maybe it's in apt-pkg/contrib/fileutl.cc
I appeal to anyone here with programing skills to take a look at this, this might help.
There is also a test in test/libapt/fileutl_test.cc that could help if you know how to use it.

This said, the origin of the problem is certainly not in the code, but somewhere in your system. But I'm running out of ideas.

You could run

Code: Select all

apt-get -o Debug::pkgAcquire::Worker=1 update
Maybe we'll see something. The output looks like that (I added blank lines for legibility).
Also, don't hesitate to test whatever idea even if at first it sounds silly, like for instance running an older kernel or disabling all sources in sources.list and running update and then enabling just one source...

Huecuva
Posts: 135
Joined: 2017-06-09 04:00

Re: Apt signature verification problems.

#29 Post by Huecuva »

Yup, they're the same:

Code: Select all

# ls -lA /etc/apt/*
-rw-r--r-- 1 root root  150 Jun  3  2021 /etc/apt/listchanges.conf
-rw-r--r-- 1 root root 1529 Jan 27 19:31 /etc/apt/sources.list
-rw-r--r-- 1 root root    0 Jun  3  2021 /etc/apt/sources.list~

/etc/apt/apt.conf.d:
total 36
-rw-r--r-- 1 root root   82 Jun  3  2021 00CDMountPoint
-rw-r--r-- 1 root root   40 Jun  3  2021 00trustcdrom
-rw-r--r-- 1 root root  630 Jun 10  2021 01autoremove
-r--r--r-- 1 root root  122 May  7 06:41 01autoremove-kernels
-rw-r--r-- 1 root root   80 Jun  8  2019 20auto-upgrades
-rw-r--r-- 1 root root  307 Mar 28  2021 20listchanges
-rw-r--r-- 1 root root 7338 Aug 30  2021 50unattended-upgrades
-rw-r--r-- 1 root root  182 Feb 26  2019 70debconf

/etc/apt/auth.conf.d:
total 0

/etc/apt/listchanges.conf.d:
total 0

/etc/apt/preferences.d:
total 0

/etc/apt/sources.list.d:
total 4
-rw-r--r-- 1 root root 163 May 14 22:48 extrepo_jellyfin.sources

/etc/apt/trusted.gpg.d:
total 68
-rw-r--r-- 1 root root 8700 Mar 16  2021 debian-archive-bullseye-automatic.gpg
-rw-r--r-- 1 root root 8709 Mar 16  2021 debian-archive-bullseye-security-automatic.gpg
-rw-r--r-- 1 root root 2453 Mar 16  2021 debian-archive-bullseye-stable.gpg
-rw-r--r-- 1 root root 8132 Apr 23  2019 debian-archive-buster-automatic.gpg
-rw-r--r-- 1 root root 8141 Apr 23  2019 debian-archive-buster-security-automatic.gpg
-rw-r--r-- 1 root root 2332 Apr 23  2019 debian-archive-buster-stable.gpg
-rw-r--r-- 1 root root 7443 Apr 23  2019 debian-archive-stretch-automatic.gpg
-rw-r--r-- 1 root root 7452 Apr 23  2019 debian-archive-stretch-security-automatic.gpg
-rw-r--r-- 1 root root 2263 Apr 23  2019 debian-archive-stretch-stable.gpg
I'm not much of a coder either, unfortunately.

Here are the results of apt-get -o Debug::pkgAcquire::Worker=1 update, I don't really know what any of this means. If you're running out of ideas and nobody else can help, I might end up just having to reinstall Debian and reconfigure my server all over again.

User avatar
fabien
Posts: 95
Joined: 2019-12-03 12:51
Location: Toulouse, France
Has thanked: 7 times
Been thanked: 16 times

Re: Apt signature verification problems.

#30 Post by fabien »

Huecuva wrote: 2022-05-15 17:27Here are the results of apt-get -o Debug::pkgAcquire::Worker=1 update
This page is no longer available. It has either expired, been removed by its creator, or removed by one of the Pastebin staff.
Huecuva wrote: 2022-05-15 17:27If you're running out of ideas and nobody else can help, I might end up just having to reinstall Debian and reconfigure my server all over again.
Yes, you can't stay with a dysfunctional apt and, more generally, you can't stay with a potentially corrupted system affected by an unknown failure.
This could be the opportunity to review certain system features. I most importantly think of your partitioning scheme. A separate /var would possibly have avoided your present problem. A separated /home is good too and I prefer using tmpfs for /tmp. I would say 10GB or more for /, same for /var (place for logs and apt cache).

Huecuva
Posts: 135
Joined: 2017-06-09 04:00

Re: Apt signature verification problems.

#31 Post by Huecuva »

fabien wrote: 2022-05-16 16:45
This page is no longer available. It has either expired, been removed by its creator, or removed by one of the Pastebin staff.
That's really strange. I just tried to recreate my paste and it's giving me that exact same error. I don't know what pastebin doesn't like about my output. Since it let me paste the output of apt update, I tried posting only half of the results of your command and it still gives me that error.

Well, it looks like my OS is pretty broken. Thankfully, there are only a few .conf files to back up and then setting up the server again shouldn't be too difficult. I'm trying to keep the VM footprint as small as possible, but I suppose I might need to give the OS a bit more space and a seperate /home/ partition might be a good idea as well. I guess I'm reinstalling.

Post Reply