Re: Expired GPG keys of older release
On 6/20/2018 9:55 AM, Adam Cecile wrote:
On 06/20/2018 09:43 AM, john doe wrote:
Well, that's a docker image, I'm not using Squeeze on production
anywhere except this hacky stuff for a friend ;-)
On 6/20/2018 8:47 AM, Adam Cecile wrote:
On 06/20/2018 08:39 AM, john doe wrote:
On 6/19/2018 10:55 PM, Adam Cecile wrote:
On 06/19/2018 10:48 PM, Don Armstrong wrote:
With apt ? I had to set allowunauthenticated = 1 in apt.conf,
otherwise apt wouldn't install anything.
On Tue, 19 Jun 2018, Adam Cecile wrote:
That's a pity, don't you think so ? I think Debian should renew the
archive key, so we can still verify packages signatures.
You can still verify them. Key expiration doesn't make existing
signatures invalid. [Indeed, gpgv doesn't even check for expired
Can you give us the warning/error you're getting?
---> Running in 2300490ebb96
Get:1 http://archive.debian.org squeeze Release.gpg [1655 B]
Get:2 http://archive.debian.org squeeze-lts Release.gpg [819 B]
Get:3 http://archive.debian.org squeeze Release [96.0 kB]
Ign http://archive.debian.org squeeze Release
Get:4 http://archive.debian.org squeeze-lts Release [34.3 kB]
Get:5 http://archive.debian.org squeeze/main amd64 Packages [8370 kB]
Get:6 http://archive.debian.org squeeze-lts/main amd64 Packages [390 kB]
Fetched 8893 kB in 0s (10.0 MB/s)
Reading package lists...
W: GPG error: http://archive.debian.org squeeze Release: The
following signatures were invalid: KEYEXPIRED 1520281423 KEYEXPIRED
Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
The following NEW packages will be installed:
ca-certificates libssl0.9.8 openssl wget
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 2980 kB of archives.
After this operation, 7578 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
E: There are problems and -y was used without --force-yes
As other as pointed out if the expiration date is not extended on the
key your out of luck! :)
One workaroungd could be:
1) Download all required packages
2) Verify the downloaded packages using 'gpg --verify'
3) Install the verified pkgs
The best workaround would be to upgrade to Debian Stretch (6 to 7, 7
to 8, 8 to 9)! :)
For sake of completeness:
apt-key update - update keys using the keyring package
apt-key net-update - update keys using the network
sudo apt-get -o Acquire::Check-Valid-Until=false update"