Re: Error trying to update Lenny...

To: debian-user@lists.debian.org
Subject: Re: Error trying to update Lenny...
From: Darac Marjal <mailinglist@darac.org.uk>
Date: Fri, 8 Nov 2013 10:46:45 +0000
Message-id: <[🔎] 20131108104645.GB18990@darac.org.uk>
In-reply-to: <[🔎] Pine.LNX.4.64.1311080158400.17444@mail.pcez.com>
References: <[🔎] Pine.LNX.4.64.1311080158400.17444@mail.pcez.com>

On Fri, Nov 08, 2013 at 02:03:57AM -0800, Account for Debian group mail wrote:
> 
> I'm trying to update Lenny and get the following error:
> 
> Reading package lists... Done
> W: GPG error: http://archive.debian.org lenny/updates Release: The following signatures were invalid: KEYEXPIRED 1356982504
> W: GPG error: http://archive.debian.org lenny/volatile Release: The following signatures were invalid: KEYEXPIRED 1358963195
> W: You may want to run apt-get update to correct these problems
> 
> 
> My source list looks like this:
> 
> deb http://archive.debian.org/debian-security lenny/updates main contrib
> deb http://archive.debian.org/debian-volatile lenny/volatile main contrib
> deb http://archive.debian.org/debian/ lenny main contrib non-free
> deb http://archive.debian.org/debian-security lenny/updates main contrib
> deb http://archive.debian.org/debian-volatile lenny/volatile main contrib
> 
> 
> When I try to get an updated keyring:
> 
> apt-get install debian-archive-keyring
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> debian-archive-keyring is already the newest version.
> 
> 
> It tells me it is already up to date.
> 
> How can I get keyring that is not expired so I can up date this machine.

I'm not entirely sure you can.

As you know, Lenny is an old release. The packages were signed with a
key that had a limited validity (I believe the point of doing that is to
minimise the amount of time an attacker has to brute-force they key. If
they can't crack it before it expires, then there's no point in
attempting any further cracks).

To use a new key (i.e. one that has not expired), all the package-lists in
the Lenny repository would have to be re-signed using that key.
Basically, you'd be updating an obsolete release.

However, if we look back at your output you'll notice that the "errors"
are prefixed with "W:". This means they are just warnings. APT is
warning you that, although the signatures verified and the keys are
trusted (which is what you want), the keys have expired. Well, you
already know that Lenny is old, so this is just confirmation. APT
*should* still work (it should still be able to install new packages for
you and so on). Perhaps, instead, you should worry if the warning
*doesn't* appear :)

> 
> Thanks,
> 
> Ken
> 
>

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Error trying to update Lenny...
  - From: Account for Debian group mail <debian@pcez.com>

Prev by Date: Re: tv watching apps
Next by Date: Re: Init system deba{te|cle}
Previous by thread: Error trying to update Lenny...
Next by thread: Re: Error trying to update Lenny...
Index(es):
- Date
- Thread