Yes, that solution is more secure, as I think
Op Wed, 01 Oct 2014 09:18:10 +0200 schreef Valery Mamonov <valerymamonov@gmail.com>:2014-10-01 11:02 GMT+04:00 Ansgar Burchardt <ansgar@debian.org>:Yes, i'm using apt from experimental:severity 647001 important
thanks
Hi,
Valery Mamonov <valerymamonov@gmail.com> writes:
> 2014-10-01 3:30 GMT+04:00 Ansgar Burchardt <ansgar@43-1.org>:
>> Valery Mamonov <valerymamonov@gmail.com> writes:
>> > I'm experiencing some troubles with updating my debian machine.
>> > After aptitude update i'm having multiple errors like these:
>> >
>> > W: GPG error: http://deb.ianod.es unstable InRelease: The following
>> > signatures couldn't be verified because the public key is not available:
>> > NO_PUBKEY 498F1DF0598C5C38
>>
>> Hmm, all the keys APT complains about come from /etc/apt/trusted.gpg?
>> What happens if you move them to a file in /etc/apt/trusted.gpg.d?
>>
> After moving trusted.gpg from /etc/apt to /etc/apt/trusted.gpg.d all keys
> were missing.
> I have manually added keys, but after 'aptitude update' I've got same
> result - all keys not found.
> The size of new /etc/apt/trusted.gpg was 0 kb.
> The size of new /etc/apt/trusted.gpg.d/trusted.gpg was ~106 kb.
Are you using apt from experimental?
With apt_1.1~exp3 I could reproduce the issue: /etc/apt/trusted.gpg is
not world-readable and apt now uses a _apt user for some tasks. So it
cannot access the public keys for verification.
Please try making the keyring world-readable (chmod a+r ...).
Ansgar
LANG=C apt-cache policy aptapt:Installed: 1.1~exp3Candidate: 1.0.9.1Version table:*** 1.1~exp3 01110 http://mirror.yandex.ru/debian/ experimental/main amd64 Packages1110 ftp://ftp.de.debian.org/debian/ experimental/main amd64 Packages1110 ftp://mirror.mephi.ru/debian/ experimental/main amd64 Packages1110 http://mirrors.kernel.org/debian/ experimental/main amd64 Packages100 /var/lib/dpkg/statusSo I made /etc/apt/trusted.gpg world readable and my problem seemed to be solved.I also use the experimental version of apt, and solved the issue with:$ sudo setfacl -m u:_apt:r trusted.gpg
I'm not sure, but I think it is a little saver solution. Only the _apt user isallowed to read the file, but correct me if I am wrong.Thanks Ansgar for pointing to a solution,floris