[Solved] apt problem with dns - Page 3 - Debian User Forums

Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

[Solved] apt problem with dns

65 posts

Previous
1
2
3
4
Next

Message

Author

fabien: Forum Helper; Posts: 688; Joined: 2019-12-03 12:51; Location: Anarres (Toulouse, France actually); Has thanked: 62 times; Been thanked: 161 times

Re: apt problem with dns

Quote

#41 Post by fabien » 2024-02-19 11:59

Hello Probzx,

Probzx wrote: ↑2024-02-19 10:22 I remove all files in /etc/apt/trusted.gpg on /root and copy all files in /usr/share/keyrings to /etc/apt/trusted.gpg.d.
Tested sudo apt update with a user and it seems to work like a charm now !

It's a good indication, great, but it's not the whole procedure. Now you need to go back to the previous state (delete the gpg keys you added in /etc/apt/trusted.gpg.d/ and restore the asc keys) and see if it works, please let us know. Remember that these files belong to the debian-archive-keyring package and the goal is to return to a fully compliant system.

lindi wrote: ↑2024-02-19 10:30 That sounds dangerous. /usr/share/keyrings/debian-archive-removed-keys.gpg includes keys that have been removed on purpose. You probably do not want to trust those?

Thanks for pointing that out, very important note.

Share your Debian SCRIPTS

Probzx: Posts: 25; Joined: 2024-01-15 13:17

Re: apt problem with dns

Quote

#42 Post by Probzx » 2024-02-23 16:38

Hello,

If my understanding is good, I have to remove all gpg files in /etc/apt/trusted.gpg.d and restore the asc key according to this topic : viewtopic.php?t=155019
I'm stuck at this step, I found this command but I'm not sure of what to do :

Code: Select all

sudo gpg --no-default-keyring --keyring /usr/share/keyrings/<mondepot>-archive-keyring.gpg --keyserver <hkp://keyserver.serveur.com:80> --recv-keys <numeroclé>

Do you have advice ?

Thanks !

fabien: Forum Helper; Posts: 688; Joined: 2019-12-03 12:51; Location: Anarres (Toulouse, France actually); Has thanked: 62 times; Been thanked: 161 times

Re: apt problem with dns

Quote

#43 Post by fabien » 2024-02-23 20:54

Hello Probzx,

Probzx wrote: ↑2024-02-23 16:38 If my understanding is good, I have to remove all gpg files in /etc/apt/trusted.gpg.d and restore the asc key according to this topic : viewtopic.php?t=155019

If you followed the procedure, you copied the asc keys to a “persistent place you will remember”. So you just need to delete the gpg files you copied for testing and bring back the asc keys.
If you didn't follow the procedure (why?), you can scp the keys from another Bookworm system.
Then check their compliance:

Code: Select all

$> sha256sum /etc/apt/trusted.gpg.d/debian-archive*
c2a9a16fde95e037bafd0fa6b7e31f41b4ff1e85851de5558f19a2a2f0e955e2  /etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.asc
74f81645b4e3156d1e9a88c8dd9259271b89c7099d64af89a2a6996b592faa1f  /etc/apt/trusted.gpg.d/debian-archive-bookworm-security-automatic.asc
521e9f6a9f9b92ee8d5ce74345e8cfd04028dae9db6f571259d584b293549824  /etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.asc
0b7dc94b880f0b63e2093394b113cafd870badb86e020a35614f49b9d83beb1e  /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.asc
716e79393c724d14ecba8be46e99ecbe1b689f67ceff3cb3cab28f6e69e8b8b8  /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.asc
fb260ce8521a2faa4937d98a29a5347807e10614b97d510fbabe5480c803bda9  /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.asc
9c854992fc6c423efe8622c3c326a66e73268995ecbe8f685129063206a18043  /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.asc
4cf886d6df0fc1c185ce9fb085d1cd8d678bc460e6267d80a833d7ea507a0fbd  /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.asc
ca9bd1a0b3743495ae45693c6d4e54abadcffb242d72df15eda5b28e4ff385fa  /etc/apt/trusted.gpg.d/debian-archive-buster-stable.asc

Then you check if apt updates normally.

Share your Debian SCRIPTS

Probzx: Posts: 25; Joined: 2024-01-15 13:17

Re: apt problem with dns

Quote

#44 Post by Probzx » 2024-02-27 09:39

Hello Fabien,

I followed the procedure, but restoring the keys previously copied in /root folder return me the same PUBKEY error when I try the apt update command so perhaps I miss something to do.
Symbolic links are removed.

sudo apt update

Code: Select all

Get:1 http://security.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Hit:2 http://deb.debian.org/debian bookworm InRelease
Get:3 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Err:1 http://security.debian.org/debian-security bookworm-security InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
Err:2 http://deb.debian.org/debian bookworm InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
Err:3 http://deb.debian.org/debian bookworm-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
63 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security bookworm-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian bookworm-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
W: Failed to fetch http://deb.debian.org/debian/dists/bookworm/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
W: Failed to fetch http://security.debian.org/debian-security/dists/bookworm-security/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
W: Failed to fetch http://deb.debian.org/debian/dists/bookworm-updates/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
W: Some index files failed to download. They have been ignored, or old ones used instead.

sha256sum /etc/apt/trusted.gpg.d/debian-archive* :

Code: Select all

c2a9a16fde95e037bafd0fa6b7e31f41b4ff1e85851de5558f19a2a2f0e955e2  /etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.asc
74f81645b4e3156d1e9a88c8dd9259271b89c7099d64af89a2a6996b592faa1f  /etc/apt/trusted.gpg.d/debian-archive-bookworm-security-automatic.asc
521e9f6a9f9b92ee8d5ce74345e8cfd04028dae9db6f571259d584b293549824  /etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.asc
0b7dc94b880f0b63e2093394b113cafd870badb86e020a35614f49b9d83beb1e  /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.asc
716e79393c724d14ecba8be46e99ecbe1b689f67ceff3cb3cab28f6e69e8b8b8  /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.asc
fb260ce8521a2faa4937d98a29a5347807e10614b97d510fbabe5480c803bda9  /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.asc
9c854992fc6c423efe8622c3c326a66e73268995ecbe8f685129063206a18043  /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.asc
4cf886d6df0fc1c185ce9fb085d1cd8d678bc460e6267d80a833d7ea507a0fbd  /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.asc
ca9bd1a0b3743495ae45693c6d4e54abadcffb242d72df15eda5b28e4ff385fa  /etc/apt/trusted.gpg.d/debian-archive-buster-stable.asc

Thanks

Last edited by Probzx on 2024-02-27 13:28, edited 1 time in total.

fabien: Forum Helper; Posts: 688; Joined: 2019-12-03 12:51; Location: Anarres (Toulouse, France actually); Has thanked: 62 times; Been thanked: 161 times

Re: apt problem with dns

Quote

#45 Post by fabien » 2024-02-27 12:57

Hello Probzx,

what gives

Code: Select all

$> ls -la /etc/apt/trusted.gpg*

?
(Note: it would be better if you pasted the exact commands issued along with their result, thanks. Every information counts.)

Share your Debian SCRIPTS

Probzx: Posts: 25; Joined: 2024-01-15 13:17

Re: apt problem with dns

Quote

#46 Post by Probzx » 2024-02-27 13:36

Hello,

Thanks for your answer, I edited my previous post with commands for all result, I will do the same for next posts.
Here is the ouput you ask me for :

Code: Select all

root@deb12fnccrecodeau:/etc/apt/trusted.gpg.d# ls -la /etc/apt/trusted.gpg*
total 92
drwxr-xr-x 2 root root  4096 27 févr. 14:31 .
drwxr-xr-x 9 root root  4096 14 févr. 16:25 ..
-rw-r--r-- 1 root root 11861 27 févr. 10:36 debian-archive-bookworm-automatic.asc
-rw-r--r-- 1 root root 11873 27 févr. 10:36 debian-archive-bookworm-security-automatic.asc
-rw-r--r-- 1 root root   461 27 févr. 10:36 debian-archive-bookworm-stable.asc
-rw-r--r-- 1 root root 11861 27 févr. 10:36 debian-archive-bullseye-automatic.asc
-rw-r--r-- 1 root root 11873 27 févr. 10:36 debian-archive-bullseye-security-automatic.asc
-rw-r--r-- 1 root root  3403 27 févr. 10:36 debian-archive-bullseye-stable.asc
-rw-r--r-- 1 root root 11093 27 févr. 10:36 debian-archive-buster-automatic.asc
-rw-r--r-- 1 root root 11105 27 févr. 10:36 debian-archive-buster-security-automatic.asc
-rw-r--r-- 1 root root  1704 27 févr. 10:36 debian-archive-buster-stable.asc

I've compared the asc files rights with a healthy server and they are the same.

fabien: Forum Helper; Posts: 688; Joined: 2019-12-03 12:51; Location: Anarres (Toulouse, France actually); Has thanked: 62 times; Been thanked: 161 times

Re: apt problem with dns

Quote

#47 Post by fabien » 2024-02-27 16:37

Thank you Probzx.

Could you do this:

Code: Select all

#> ln -s /usr/share/keyrings/debian-archive-keyring.gpg /etc/apt/trusted.gpg

and then post the output of

Code: Select all

#> LANG="C" apt -o "Debug::Acquire::gpgv=1" update

Share your Debian SCRIPTS

lindi: Debian Developer; Posts: 452; Joined: 2022-07-12 14:10; Has thanked: 1 time; Been thanked: 88 times

Re: apt problem with dns

Quote

#48 Post by lindi » 2024-02-27 16:40

The files come from a debian package, you should not modify them manually.

Code: Select all

$ dpkg -S /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.asc
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.asc

Just download the package manually from https://packages.debian.org/bookworm/de ... ve-keyring if you have somehow broken your system.

fabien: Forum Helper; Posts: 688; Joined: 2019-12-03 12:51; Location: Anarres (Toulouse, France actually); Has thanked: 62 times; Been thanked: 161 times

Re: apt problem with dns

Quote

#49 Post by fabien » 2024-02-27 16:53

lindi wrote: ↑2024-02-27 16:40 The files come from a debian package, you should not modify them manually.

What do you mean by "modify"? The files have just been copied back to their normal location, their sum is correct, only the timestamp differs.

Share your Debian SCRIPTS

lindi: Debian Developer; Posts: 452; Joined: 2022-07-12 14:10; Has thanked: 1 time; Been thanked: 88 times

Re: apt problem with dns

Quote

#50 Post by lindi » 2024-02-27 17:53

They should be regular files but with ln you will get symlinks.

fabien: Forum Helper; Posts: 688; Joined: 2019-12-03 12:51; Location: Anarres (Toulouse, France actually); Has thanked: 62 times; Been thanked: 161 times

Re: apt problem with dns

Quote

#51 Post by fabien » 2024-02-27 18:00

lindi wrote: ↑2024-02-27 17:53 They should be regular files but with ln you will get symlinks.

There is no ln to these files, only /etc/apt/trusted.gpg, as a test first.

Share your Debian SCRIPTS

Probzx: Posts: 25; Joined: 2024-01-15 13:17

Re: apt problem with dns

Quote

#52 Post by Probzx » 2024-02-28 09:46

fabien wrote: ↑2024-02-27 16:37 Thank you Probzx.

Could you do this:
Code: Select all
#> ln -s /usr/share/keyrings/debian-archive-keyring.gpg /etc/apt/trusted.gpg
and then post the output of
Code: Select all
#> LANG="C" apt -o "Debug::Acquire::gpgv=1" update

Hello Fabien,
Thanks for your help.
Here is the ouput of LANG="C" apt -o "Debug::Acquire::gpgv=1" update with symbolic link applied.

Code: Select all

root@deb12fnccrecodeau:/etc/apt# LANG="C" apt -o "Debug::Acquire::gpgv=1" update
Hit:1 http://security.debian.org/debian-security bookworm-security InRelease
Hit:2 http://deb.debian.org/debian bookworm InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.CzgxTw /tmp/apt.data.tKorDG
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 54404762BBB6E853 1 8 01 1709069581 9 ED541312A33F1128F10B1C6C54404762BBB6E853

Got ERRSIG 54404762BBB6E853 !
Read: [GNUPG:] NO_PUBKEY 54404762BBB6E853

Got NO_PUBKEY 54404762BBB6E853 !
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG BDE6D2B9216EC7A8 1 8 01 1709069582 9 B0CAB9266E8C3929798B3EEEBDE6D2B9216EC7A8

Got ERRSIG BDE6D2B9216EC7A8 !
Read: [GNUPG:] NO_PUBKEY BDE6D2B9216EC7A8

Got NO_PUBKEY BDE6D2B9216EC7A8 !
gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey: NO_PUBKEY 54404762BBB6E853, NO_PUBKEY BDE6D2B9216EC7A8
  Signed-By:
  NODATA: no
Retrying against /etc/apt/trusted.gpg
inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly --keyring /etc/apt/trusted.gpg verify --status-fd 3 /tmp/apt.sig.40WMN7 /tmp/apt.data.M5oZVF
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED AC530D520F2F3269F5E98313A48449044AAD5C5D 0

Read: [GNUPG:] SIG_ID OcECkYsIbwR7MC0WNinysWCk8YA 2024-02-27 1709069581

Read: [GNUPG:] KEY_CONSIDERED AC530D520F2F3269F5E98313A48449044AAD5C5D 0

Read: [GNUPG:] GOODSIG 54404762BBB6E853 Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 54404762BBB6E853 !
Read: [GNUPG:] VALIDSIG ED541312A33F1128F10B1C6C54404762BBB6E853 2024-02-27 1709069581 0 4 0 1 8 01 AC530D520F2F3269F5E98313A48449044AAD5C5D

Got trusted VALIDSIG, key ID: ED541312A33F1128F10B1C6C54404762BBB6E853
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0 0

Read: [GNUPG:] SIG_ID enSvlC+e05zbMALFe4Dv4fgOIdg 2024-02-27 1709069582

Read: [GNUPG:] KEY_CONSIDERED 05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0 0

Read: [GNUPG:] GOODSIG BDE6D2B9216EC7A8 Debian Security Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>

Got GOODSIG BDE6D2B9216EC7A8 !
Read: [GNUPG:] VALIDSIG B0CAB9266E8C3929798B3EEEBDE6D2B9216EC7A8 2024-02-27 1709069582 0 4 0 1 8 01 05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0

Got trusted VALIDSIG, key ID: B0CAB9266E8C3929798B3EEEBDE6D2B9216EC7A8
gpgv exited with status 0
Summary:
  Good: GOODSIG 54404762BBB6E853, GOODSIG BDE6D2B9216EC7A8
  Valid: ED541312A33F1128F10B1C6C54404762BBB6E853, B0CAB9266E8C3929798B3EEEBDE6D2B9216EC7A8
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey:
  Signed-By: 05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0, AC530D520F2F3269F5E98313A48449044AAD5C5D, B0CAB9266E8C3929798B3EEEBDE6D2B9216EC7A8!, ED541312A33F1128F10B1C6C54404762BBB6E853!
  NODATA: no
apt-key succeeded
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.TP6mrO /tmp/apt.data.MVu1oB
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 0E98404D386FA1D9 1 8 01 1707563291 9 A7236886F3CCCAAD148A27F80E98404D386FA1D9

Got ERRSIG 0E98404D386FA1D9 !
Read: [GNUPG:] NO_PUBKEY 0E98404D386FA1D9

Got NO_PUBKEY 0E98404D386FA1D9 !
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 6ED0E7B82643E131 1 8 01 1707563292 9 4CB50190207B4758A3F73A796ED0E7B82643E131

Got ERRSIG 6ED0E7B82643E131 !
Read: [GNUPG:] NO_PUBKEY 6ED0E7B82643E131

Got NO_PUBKEY 6ED0E7B82643E131 !
Read: [GNUPG:] NEWSIG debian-release@lists.debian.org

Read: [GNUPG:] ERRSIG F8D2585B8783D481 22 8 01 1707563362 9 4D64FEC119C2029067D6E791F8D2585B8783D481

Got ERRSIG F8D2585B8783D481 !
Read: [GNUPG:] NO_PUBKEY F8D2585B8783D481

Got NO_PUBKEY F8D2585B8783D481 !
gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey: NO_PUBKEY 0E98404D386FA1D9, NO_PUBKEY 6ED0E7B82643E131, NO_PUBKEY F8D2585B8783D481
  Signed-By:
  NODATA: no
Retrying against /etc/apt/trusted.gpg
inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly --keyring /etc/apt/trusted.gpg verify --status-fd 3 /tmp/apt.sig.wfgSDD /tmp/apt.data.YOdNvX
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] SIG_ID ptoid1L2K242g7wPjGKpViOtcDw 2024-02-10 1707563291

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] GOODSIG 0E98404D386FA1D9 Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 0E98404D386FA1D9 !
Read: [GNUPG:] VALIDSIG A7236886F3CCCAAD148A27F80E98404D386FA1D9 2024-02-10 1707563291 0 4 0 1 8 01 1F89983E0081FDE018F3CC9673A4F27B8DD47936

Got trusted VALIDSIG, key ID: A7236886F3CCCAAD148A27F80E98404D386FA1D9
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8 0

Read: [GNUPG:] SIG_ID kRbOT3wdTYDBEIGySDy9W9CEWyw 2024-02-10 1707563292

Read: [GNUPG:] KEY_CONSIDERED B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8 0

Read: [GNUPG:] GOODSIG 6ED0E7B82643E131 Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>

Got GOODSIG 6ED0E7B82643E131 !
Read: [GNUPG:] VALIDSIG 4CB50190207B4758A3F73A796ED0E7B82643E131 2024-02-10 1707563292 0 4 0 1 8 01 B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8

Got trusted VALIDSIG, key ID: 4CB50190207B4758A3F73A796ED0E7B82643E131
Read: [GNUPG:] NEWSIG debian-release@lists.debian.org

Read: [GNUPG:] KEY_CONSIDERED 4D64FEC119C2029067D6E791F8D2585B8783D481 0

Read: [GNUPG:] SIG_ID n4r33ICGbLrsLd1wZLzVh1WMgLc 2024-02-10 1707563362

Read: [GNUPG:] KEY_CONSIDERED 4D64FEC119C2029067D6E791F8D2585B8783D481 0

Read: [GNUPG:] GOODSIG F8D2585B8783D481 Debian Stable Release Key (12/bookworm) <debian-release@lists.debian.org>

Got GOODSIG F8D2585B8783D481 !
Read: [GNUPG:] VALIDSIG 4D64FEC119C2029067D6E791F8D2585B8783D481 2024-02-10 1707563362 0 4 0 22 8 01 4D64FEC119C2029067D6E791F8D2585B8783D481

Got trusted VALIDSIG, key ID: 4D64FEC119C2029067D6E791F8D2585B8783D481
gpgv exited with status 0
Summary:
  Good: GOODSIG 0E98404D386FA1D9, GOODSIG 6ED0E7B82643E131, GOODSIG F8D2585B8783D481
  Valid: A7236886F3CCCAAD148A27F80E98404D386FA1D9, 4CB50190207B4758A3F73A796ED0E7B82643E131, 4D64FEC119C2029067D6E791F8D2585B8783D481
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey:
  Signed-By: 1F89983E0081FDE018F3CC9673A4F27B8DD47936, 4CB50190207B4758A3F73A796ED0E7B82643E131!, 4D64FEC119C2029067D6E791F8D2585B8783D481!, A7236886F3CCCAAD148A27F80E98404D386FA1D9!, B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8
  NODATA: no
apt-key succeeded
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.C0htBM /tmp/apt.data.p0cL2d
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 0E98404D386FA1D9 1 8 01 1709108468 9 A7236886F3CCCAAD148A27F80E98404D386FA1D9

Got ERRSIG 0E98404D386FA1D9 !
Read: [GNUPG:] NO_PUBKEY 0E98404D386FA1D9

Got NO_PUBKEY 0E98404D386FA1D9 !
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 6ED0E7B82643E131 1 8 01 1709108512 9 4CB50190207B4758A3F73A796ED0E7B82643E131

Got ERRSIG 6ED0E7B82643E131 !
Read: [GNUPG:] NO_PUBKEY 6ED0E7B82643E131

Got NO_PUBKEY 6ED0E7B82643E131 !
gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey: NO_PUBKEY 0E98404D386FA1D9, NO_PUBKEY 6ED0E7B82643E131
  Signed-By:
  NODATA: no
Retrying against /etc/apt/trusted.gpg
inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly --keyring /etc/apt/trusted.gpg verify --status-fd 3 /tmp/apt.sig.V4WxLc /tmp/apt.data.usiPi4
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] SIG_ID IwRPH68Uc9JEh56We+tDOoCd8bs 2024-02-28 1709108468

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] GOODSIG 0E98404D386FA1D9 Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 0E98404D386FA1D9 !
Read: [GNUPG:] VALIDSIG A7236886F3CCCAAD148A27F80E98404D386FA1D9 2024-02-28 1709108468 0 4 0 1 8 01 1F89983E0081FDE018F3CC9673A4F27B8DD47936

Got trusted VALIDSIG, key ID: A7236886F3CCCAAD148A27F80E98404D386FA1D9
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8 0

Read: [GNUPG:] SIG_ID 55Z6KI/wW+A9pdLPDwea/zmtZ2c 2024-02-28 1709108512

Read: [GNUPG:] KEY_CONSIDERED B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8 0

Read: [GNUPG:] GOODSIG 6ED0E7B82643E131 Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>

Got GOODSIG 6ED0E7B82643E131 !
Read: [GNUPG:] VALIDSIG 4CB50190207B4758A3F73A796ED0E7B82643E131 2024-02-28 1709108512 0 4 0 1 8 01 B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8

Got trusted VALIDSIG, key ID: 4CB50190207B4758A3F73A796ED0E7B82643E131
gpgv exited with status 0
Summary:
  Good: GOODSIG 0E98404D386FA1D9, GOODSIG 6ED0E7B82643E131
  Valid: A7236886F3CCCAAD148A27F80E98404D386FA1D9, 4CB50190207B4758A3F73A796ED0E7B82643E131
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey:
  Signed-By: 1F89983E0081FDE018F3CC9673A4F27B8DD47936, 4CB50190207B4758A3F73A796ED0E7B82643E131!, A7236886F3CCCAAD148A27F80E98404D386FA1D9!, B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8
  NODATA: no
apt-key succeeded
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
63 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: http://security.debian.org/debian-security/dists/bookworm-security/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://deb.debian.org/debian/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://deb.debian.org/debian/dists/bookworm-updates/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

fabien: Forum Helper; Posts: 688; Joined: 2019-12-03 12:51; Location: Anarres (Toulouse, France actually); Has thanked: 62 times; Been thanked: 161 times

Re: apt problem with dns

Quote

#53 Post by fabien » 2024-02-28 13:02

Hello Probzx,

So we have apt which works fine with gpg keys (as we tested), but does not work with asc keys. Transiently using gpg keys in /etc/apt/trusted.gpg.d/ and then switching back to asc keys did not resolve the issue.
The asc keys should work, but don't, for no apparent reason. I don't know a way to reproduce the problem, which would be required to open a bug.

I suggest that you keep /etc/apt/trusted.gpg linked to /usr/share/keyrings/debian-archive-keyring.gpg. So if for some reason /usr/share/keyrings/debian-archive-keyring.gpg is updated, /etc/apt/trusted.gpg will be kept up to date.
/usr/share/keyrings/debian-archive-keyring.gpg contains all the asc keys:

Code: Select all

$> gpg --show-keys /usr/share/keyrings/debian-archive-keyring.gpg 
pub   rsa4096 2019-02-05 [SC] [expire : 2027-02-03]
      6D33866EDD8FFA41C0143AEDDCC9EFBF77E11517
uid                      Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>

pub   rsa4096 2019-04-14 [SC] [expire : 2027-04-12]
      80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE
uid                      Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expire : 2027-04-12]

pub   rsa4096 2019-04-14 [SC] [expire : 2027-04-12]
      5E61B217265DA9807A23C5FF4DFAB270CAA96DFA
uid                      Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expire : 2027-04-12]

pub   rsa4096 2021-01-17 [SC] [expire : 2029-01-15]
      1F89983E0081FDE018F3CC9673A4F27B8DD47936
uid                      Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub   rsa4096 2021-01-17 [S] [expire : 2029-01-15]

pub   rsa4096 2021-01-17 [SC] [expire : 2029-01-15]
      AC530D520F2F3269F5E98313A48449044AAD5C5D
uid                      Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub   rsa4096 2021-01-17 [S] [expire : 2029-01-15]

pub   rsa4096 2021-02-13 [SC] [expire : 2029-02-11]
      A4285295FC7B1A81600062A9605C66F00D6C9793
uid                      Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>

pub   ed25519 2023-01-23 [SC] [expire : 2031-01-21]
      4D64FEC119C2029067D6E791F8D2585B8783D481
uid                      Debian Stable Release Key (12/bookworm) <debian-release@lists.debian.org>

pub   rsa4096 2023-01-21 [SC] [expire : 2031-01-19]
      B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8
uid                      Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
sub   rsa4096 2023-01-21 [S] [expire : 2031-01-19]

pub   rsa4096 2023-01-21 [SC] [expire : 2031-01-19]
      05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0
uid                      Debian Security Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
sub   rsa4096 2023-01-21 [S] [expire : 2031-01-19]

Code: Select all

$> for KEY in /etc/apt/trusted.gpg.d/*; do echo "$KEY"; gpg --show-keys "$KEY"; done
/etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.asc
pub   rsa4096 2023-01-21 [SC] [expire : 2031-01-19]
      B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8
uid                      Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
sub   rsa4096 2023-01-21 [S] [expire : 2031-01-19]

/etc/apt/trusted.gpg.d/debian-archive-bookworm-security-automatic.asc
pub   rsa4096 2023-01-21 [SC] [expire : 2031-01-19]
      05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0
uid                      Debian Security Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
sub   rsa4096 2023-01-21 [S] [expire : 2031-01-19]

/etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.asc
pub   ed25519 2023-01-23 [SC] [expire : 2031-01-21]
      4D64FEC119C2029067D6E791F8D2585B8783D481
uid                      Debian Stable Release Key (12/bookworm) <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.asc
pub   rsa4096 2021-01-17 [SC] [expire : 2029-01-15]
      1F89983E0081FDE018F3CC9673A4F27B8DD47936
uid                      Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub   rsa4096 2021-01-17 [S] [expire : 2029-01-15]

/etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.asc
pub   rsa4096 2021-01-17 [SC] [expire : 2029-01-15]
      AC530D520F2F3269F5E98313A48449044AAD5C5D
uid                      Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub   rsa4096 2021-01-17 [S] [expire : 2029-01-15]

/etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.asc
pub   rsa4096 2021-02-13 [SC] [expire : 2029-02-11]
      A4285295FC7B1A81600062A9605C66F00D6C9793
uid                      Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-buster-automatic.asc
pub   rsa4096 2019-04-14 [SC] [expire : 2027-04-12]
      80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE
uid                      Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expire : 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.asc
pub   rsa4096 2019-04-14 [SC] [expire : 2027-04-12]
      5E61B217265DA9807A23C5FF4DFAB270CAA96DFA
uid                      Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expire : 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-stable.asc
pub   rsa4096 2019-02-05 [SC] [expire : 2027-02-03]
      6D33866EDD8FFA41C0143AEDDCC9EFBF77E11517
uid                      Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>

So this is a safe way.

Note that /etc/apt/trusted.gpg is deprecated, which means it may no longer work in the future. I tested in unstable and it still works though.

I simulated a problem with the asc keys:

Code: Select all

#> chmod 700 /etc/apt/trusted.gpg.d/
#> ls -l /etc/apt/trusted.gpg
lrwxrwxrwx 1 root root 46 Feb 28 13:25 /etc/apt/trusted.gpg -> /usr/share/keyrings/debian-archive-keyring.gpg
#> apt update
Get:1 https://deb.debian.org/debian bookworm InRelease [151 kB]
Hit:2 https://deb.debian.org/debian-security bookworm-security InRelease
Hit:3 https://deb.debian.org/debian bookworm-updates InRelease
Fetched 151 kB in 1s (221 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: https://deb.debian.org/debian/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: https://deb.debian.org/debian-security/dists/bookworm-security/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: https://deb.debian.org/debian/dists/bookworm-updates/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

and then without problem:

Code: Select all

#> chmod 755 /etc/apt/trusted.gpg.d/
#> #> ls -l /etc/apt/trusted.gpg
lrwxrwxrwx 1 root root 46 Feb 28 13:25 /etc/apt/trusted.gpg -> /usr/share/keyrings/debian-archive-keyring.gpg
#> apt update
Get:1 https://deb.debian.org/debian bookworm InRelease [151 kB]
Hit:2 https://deb.debian.org/debian-security bookworm-security InRelease
Hit:3 https://deb.debian.org/debian bookworm-updates InRelease
Fetched 151 kB in 1s (246 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.

When keys in /etc/apt/trusted.gpg.d/ are used, there is no longer a warning message. So if you notice that the messages have disappeared, you can test removing the /etc/apt/trusted.gpg symlink and it should work normally. If this happens, please post any events that might explain the change, such as which packages were updated just before or what configuration change was applied. Thanks.

Share your Debian SCRIPTS

sunrat: Administrator; Posts: 6511; Joined: 2006-08-29 09:12; Location: Melbourne, Australia; Has thanked: 119 times; Been thanked: 489 times

Re: apt problem with dns

Quote

#54 Post by sunrat » 2024-02-28 13:20

I just had a look in my system, keys are not marked executable ie. 644. I have not altered these since installation (Bookworm upgraded from Bullseye). /etc/apt/trusted.gpg no longer exists - iirc I renamed it with .bak extension. No apt problems here.

Code: Select all

$ ls -l /etc/apt/trusted.gpg.d/
total 108
-rw-r--r-- 1 root root 11861 Jul 31  2023 debian-archive-bookworm-automatic.asc
-rw-r--r-- 1 root root 11873 Jul 31  2023 debian-archive-bookworm-security-automatic.asc
-rw-r--r-- 1 root root   461 Jul 31  2023 debian-archive-bookworm-stable.asc
-rw-r--r-- 1 root root 11861 Jul 31  2023 debian-archive-bullseye-automatic.asc
-rw-r--r-- 1 root root 11873 Jul 31  2023 debian-archive-bullseye-security-automatic.asc
-rw-r--r-- 1 root root  3403 Jul 31  2023 debian-archive-bullseye-stable.asc
-rw-r--r-- 1 root root 11093 Jul 31  2023 debian-archive-buster-automatic.asc
-rw-r--r-- 1 root root 11105 Jul 31  2023 debian-archive-buster-security-automatic.asc
-rw-r--r-- 1 root root  1704 Jul 31  2023 debian-archive-buster-stable.asc

There are also several .gpg files for 3rd party repos, no issues with them either.
Not sure if any of this is relevant but just for info in case it is.

“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!

fabien: Forum Helper; Posts: 688; Joined: 2019-12-03 12:51; Location: Anarres (Toulouse, France actually); Has thanked: 62 times; Been thanked: 161 times

Re: apt problem with dns

Quote

#55 Post by fabien » 2024-02-28 17:03

Thanks @sunrat

sunrat wrote: ↑2024-02-28 13:20 I just had a look in my system, keys are not marked executable ie. 644.

So just like Probzx's

sunrat wrote: ↑2024-02-28 13:20 There are also several .gpg files for 3rd party repos, no issues with them either.

This (apparently rare) issue is with .asc files, no issues with .gpg files from what I've seen.

@Probzx: the strace program might shed some light on the problem.
Could you please install it and

Code: Select all

#> LANG="C.utf8" strace --output=/tmp/aptUpdateStrace apt update
#> gzip /tmp/aptUpdateStrace

and attach /tmp/aptUpdateStrace.gz to your next post? Thanks.

Share your Debian SCRIPTS

Probzx: Posts: 25; Joined: 2024-01-15 13:17

Re: apt problem with dns

Quote

#56 Post by Probzx » 2024-02-29 15:03

Hello,

For now I use symbolic link between /usr/share/keyrings/debian-archive-keyring.gpg to trusted.gpg.
As you said earlier, it's working but return me a deprecated warning message.

Here is the strace output file : https://we.tl/t-PrbIpBUVOi

Thanks a lot

fabien: Forum Helper; Posts: 688; Joined: 2019-12-03 12:51; Location: Anarres (Toulouse, France actually); Has thanked: 62 times; Been thanked: 161 times

Re: apt problem with dns

Quote

#57 Post by fabien » 2024-02-29 17:23

Hello Probzx, thanks!

What gives

Code: Select all

$> LANG="C" stat /etc/passwd /etc/group /var/cache/apt/ /var/cache/apt/archives/

?

Share your Debian SCRIPTS

Probzx: Posts: 25; Joined: 2024-01-15 13:17

Re: apt problem with dns

Quote

#58 Post by Probzx » 2024-03-01 08:42

Hello Fabien,

It result this

Code: Select all

root@deb12fnccrecodeau:/etc/apt# LANG="C" stat /etc/passwd /etc/group /var/cache/apt/ /var/cache/apt/archives/
  File: /etc/passwd
  Size: 1470            Blocks: 8          IO Block: 4096   regular file
Device: 8,1     Inode: 1443419     Links: 1
Access: (0770/-rwxrwx---)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-02-29 22:44:31.419901921 +0100
Modify: 2023-12-07 16:56:33.077558130 +0100
Change: 2023-12-27 11:10:28.275856198 +0100
 Birth: 2023-12-07 16:56:33.077558130 +0100
  File: /etc/group
  Size: 825             Blocks: 8          IO Block: 4096   regular file
Device: 8,1     Inode: 1443418     Links: 1
Access: (0660/-rw-rw----)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-02-29 17:44:50.412709286 +0100
Modify: 2023-12-27 11:35:08.739955004 +0100
Change: 2023-12-27 11:35:08.739955004 +0100
 Birth: 2023-12-27 11:35:08.739955004 +0100
  File: /var/cache/apt/
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 8,1     Inode: 2752519     Links: 3
Access: (0775/drwxrwxr-x)  Uid: (    0/    root)   Gid: (   27/    sudo)
Access: 2024-02-29 16:04:26.734697888 +0100
Modify: 2024-02-29 16:04:27.394692376 +0100
Change: 2024-02-29 16:04:27.394692376 +0100
 Birth: 2023-11-07 11:06:44.511431633 +0100
  File: /var/cache/apt/archives/
  Size: 12288           Blocks: 24         IO Block: 4096   directory
Device: 8,1     Inode: 2752520     Links: 3
Access: (0775/drwxrwxr-x)  Uid: (    0/    root)   Gid: (   27/    sudo)
Access: 2024-01-22 16:43:29.115383349 +0100
Modify: 2024-02-29 15:33:00.942209625 +0100
Change: 2024-02-29 15:33:00.942209625 +0100
 Birth: 2023-11-07 11:06:44.511431633 +0100

fabien: Forum Helper; Posts: 688; Joined: 2019-12-03 12:51; Location: Anarres (Toulouse, France actually); Has thanked: 62 times; Been thanked: 161 times

Re: apt problem with dns

Quote

#59 Post by fabien » 2024-03-01 13:01

Hello Probzx,

The standard permissions are as follows:

Code: Select all

$> stat -c '%A %a %U %G %n' /etc/passwd /etc/group /var/cache/apt/ /var/cache/apt/archives/
-rw-r--r-- 644 root root /etc/passwd
-rw-r--r-- 644 root root /etc/group
drwxr-xr-x 755 root root /var/cache/apt/
drwxr-xr-x 755 root root /var/cache/apt/archives/

The most important thing is to correct /etc/passwd and /etc/group permissions (the current permissions you applied could also affect other programs that expect standard permissions on these files).
As I said, I'm not sure whether the permissions you applied on /var/cache/apt/ and /var/cache/apt/archives/ could be a problem, but, as I also said, until apt behaves normally, you should at least try to revert the changes and test. A good test would be to undo the changes made to /etc/passwd and /etc/group and test before correcting /var/cache/apt/ and /var/cache/apt/archives/.

Before testing, could you please delete the trusted.gpg symlink

Code: Select all

#> rm /etc/apt/trusted.gpg

If there is no change (signature verification errors still occur), could you please

Code: Select all

#> LANG="C.utf8" strace --output=/tmp/aptUpdateStrace2 apt update
#> gzip /tmp/aptUpdateStrace2

so that we have the strace without symlink.
Then you can

Code: Select all

#> ln -s /usr/share/keyrings/debian-archive-keyring.gpg /etc/apt/trusted.gpg

again.
Thanks!

Share your Debian SCRIPTS

Probzx: Posts: 25; Joined: 2024-01-15 13:17

Re: apt problem with dns

Quote

#60 Post by Probzx » 2024-03-01 15:47

fabien wrote: ↑2024-03-01 13:01 Hello Probzx,

The standard permissions are as follows:
Code: Select all
$> stat -c '%A %a %U %G %n' /etc/passwd /etc/group /var/cache/apt/ /var/cache/apt/archives/
-rw-r--r-- 644 root root /etc/passwd
-rw-r--r-- 644 root root /etc/group
drwxr-xr-x 755 root root /var/cache/apt/
drwxr-xr-x 755 root root /var/cache/apt/archives/
The most important thing is to correct /etc/passwd and /etc/group permissions (the current permissions you applied could also affect other programs that expect standard permissions on these files).
As I said, I'm not sure whether the permissions you applied on /var/cache/apt/ and /var/cache/apt/archives/ could be a problem, but, as I also said, until apt behaves normally, you should at least try to revert the changes and test. A good test would be to undo the changes made to /etc/passwd and /etc/group and test before correcting /var/cache/apt/ and /var/cache/apt/archives/.

Before testing, could you please delete the trusted.gpg symlink
Code: Select all
#> rm /etc/apt/trusted.gpg
If there is no change (signature verification errors still occur), could you please
Code: Select all
#> LANG="C.utf8" strace --output=/tmp/aptUpdateStrace2 apt update
#> gzip /tmp/aptUpdateStrace2
so that we have the strace without symlink.
Then you can
Code: Select all
#> ln -s /usr/share/keyrings/debian-archive-keyring.gpg /etc/apt/trusted.gpg
again.
Thanks!

Hello Fabien,
Thanks for your answer !

Permissions are correct now, I tryied the apt update after removing the smbolic link but I still have a warning about key.
Here is the output of the stace command : https://we.tl/t-EXbowy4FF3
What are you looking for in the strace report?

Have a nice day !

Post Reply

65 posts

Previous
1
2
3
4
Next

Return to “System and Network configuration”