On Wed, 2020-12-16 at 19:06 +0100, John Paul Adrian Glaubitz wrote: > Hi! > > For some reason, apt is ignoring the "check-valid-until" flag for me, no > matter whether > I'm passing that option in /etc/apt/sources.list or on the command line > (see below). > > Does anyone have any idea what I'm missing? > > PS: Please CC me, I'm not subscribed to debian-devel. > > Thanks, > Adrian > > ======================================================================== > =============== > > (sid-powerpc-sbuild2)root@kapitsa:/# cat /etc/apt/sources.list > # binary default > [...] > #deb [check-valid-until=no] http://snapshot.debian.org/archive/debian-ports/20190428T083118Z/ unstable main > > deb [check-valid-until=no] http://snapshot.debian.org/archive/debian-ports/20190428T083118Z/ unstable main > deb [check-valid-until=no] http://snapshot.debian.org/archive/debian-ports/20201014T042941Z/ unstable main > > ##deb [arch=all] http://snapshot.debian.org/archive/debian/20190731T151946Z/ unstable main > > [...] > > Hit:10 http://ftp.ports.debian.org/debian-ports experimental InRelease > Err:7 http://snapshot.debian.org/archive/debian-ports/20190428T083118Z unstable InRelease > The following signatures were invalid: EXPKEYSIG DA1B2CEA81DCBC61 Debian Ports Archive Automatic Signing Key (2019) < ftpmaster@ports-master.debian.org> > Reading package lists... Done > W: GPG error: http://snapshot.debian.org/archive/debian-ports/20190428T083118Z unstable InRelease: The following signatures were invalid: EXPKEYSIG DA1B2CEA81DCBC61 Debian Ports Archive Automatic Signing Key (2019) < ftpmaster@ports-master.debian.org> > E: The repository ' http://snapshot.debian.org/archive/debian-ports/20190428T083118Z unstable InRelease' is not signed. > N: Updating from such a repository can't be done securely, and is therefore disabled by default. > N: See apt-secure(8) manpage for repository creation and user configuration details. There's something else happening here. See, the error isn't for a repository that's lapsed its check-valid-until date: That error would look like this: > E: Release file for > http://snapshot.debian.org/archive/debian/20190428T083118Z/dists/unstable/InRelease > is expired (invalid since 591d 20h 48min 38s). Updates for this > repository will not be applied. Instead, the issue is that the GPG key is also expired. Debian-ports has a much shorter duration on their keys than the main archive: only a year. That means apt-secure can't verify it, and thus considers it insecure, and refuses to update. The solution is to use allow-insecure=yes as well. Calum
Attachment:
signature.asc
Description: This is a digitally signed message part