debian11 early - apt-get update - At least one invalid signature was encountered
Hi,
Firstly, many thanks for debian-11. I've been looking
forward to the newer bind9 and its dnssec-policy
finally making it trivial to implement DNSSEC on a
stable system. Yay!
My problem: A day or two ago, I tried to upgrade to
debian-11 on a little VM on my laptop and I've run into
a problem.
I know it wasn't official yet, but I thought I could
get away with it. And I wanted to have done it once
before upgrading a more important VM. But I would like
to get this VM unbroken as well.
I wasn't as careful as usual with it (I didn't do the
backups mentioned in Release Notes section 4.1.1) but
I'm not sure if that would have helped.
I added the new the bullseye details to
/etc/apt/sources.list but I didn't comment out the
existing buster details at the same time. I think that
might have been my mistake. Then, I did apt update and
got GPG invalid signature errors.
And I still get them when I only have the buster
details in sources.list and when I only have the
bullseye details there. But before, everything
was fine.
With buster only:
deb http://ftp.au.debian.org/debian/ buster main
deb-src http://ftp.au.debian.org/debian/ buster main
deb http://security.debian.org/debian-security buster/updates main
deb-src http://security.debian.org/debian-security buster/updates main
deb http://ftp.au.debian.org/debian/ buster-updates main
deb-src http://ftp.au.debian.org/debian/ buster-updates main
apt update looks like this:
Err:1 http://security.debian.org/debian-security buster/updates InRelease
At least one invalid signature was encountered.
Get:2 http://ftp.au.debian.org/debian buster InRelease [122 kB]
Get:3 http://ftp.au.debian.org/debian buster-updates InRelease [51.9 kB]
Err:2 http://ftp.au.debian.org/debian buster InRelease
At least one invalid signature was encountered.
Err:3 http://ftp.au.debian.org/debian buster-updates InRelease
At least one invalid signature was encountered.
Fetched 174 kB in 0s (452 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
2 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security buster/updates InRelease: At least one invalid signature was encountered.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.au.debian.org/debian buster InRelease: At least one invalid signature was encountered.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.au.debian.org/debian buster-updates InRelease: At least one invalid signature was encountered.
W: Failed to fetch http://ftp.au.debian.org/debian/dists/buster/InRelease At least one invalid signature was encountered.
W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease At least one invalid signature was encountered.
W: Failed to fetch http://ftp.au.debian.org/debian/dists/buster-updates/InRelease At least one invalid signature was encountered.
W: Some index files failed to download. They have been ignored, or old ones used instead.
With bullseye only:
deb http://ftp.au.debian.org/debian/ bullseye main contrib non-free
deb-src http://ftp.au.debian.org/debian/ bullseye main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free
deb http://ftp.au.debian.org/debian/ bullseye-updates main contrib non-free
deb-src http://ftp.au.debian.org/debian/ bullseye-updates main contrib non-free
apt update looks like:
Get:1 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB]
Err:1 http://security.debian.org/debian-security bullseye-security InRelease
At least one invalid signature was encountered.
Get:2 http://ftp.au.debian.org/debian bullseye InRelease [113 kB]
Get:3 http://ftp.au.debian.org/debian bullseye-updates InRelease [40.1 kB]
Err:2 http://ftp.au.debian.org/debian bullseye InRelease
At least one invalid signature was encountered.
Err:3 http://ftp.au.debian.org/debian bullseye-updates InRelease
At least one invalid signature was encountered.
Fetched 153 kB in 0s (448 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
1416 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security bullseye-security InRelease: At least one invalid signature was encountered.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.au.debian.org/debian bullseye InRelease: At least one invalid signature was encountered.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.au.debian.org/debian bullseye-updates InRelease: At least one invalid signature was encountered.
W: Failed to fetch http://ftp.au.debian.org/debian/dists/bullseye/InRelease At least one invalid signature was encountered.
W: Failed to fetch http://security.debian.org/debian-security/dists/bullseye-security/InRelease At least one invalid signature was encountered.
W: Failed to fetch http://ftp.au.debian.org/debian/dists/bullseye-updates/InRelease At least one invalid signature was encountered.
W: Some index files failed to download. They have been ignored, or old ones used instead.
Changing security.debian.org to ftp.au.debian.org added this:
Err:3 http://ftp.au.debian.org/debian-security bullseye-security Release
404 Not Found [IP: 150.203.164.37 80]
Changing http to https (for ftp.au.debian.org) gives TLS certificate errors:
Could not handshake: Error in the certificate verification
Changing ftp.au.debian.org to deb.debian.org still had the signature errors.
Here's what I think the preferred sources.list should be:
deb https://deb.debian.org/debian/ bullseye main contrib non-free
deb-src https://deb.debian.org/debian/ bullseye main contrib non-free
deb https://deb.debian.org/debian-security bullseye-security main contrib non-free
deb-src https://deb.debian.org/debian-security bullseye-security main contrib non-free
deb https://deb.debian.org/debian/ bullseye-updates main contrib non-free
deb-src https://deb.debian.org/debian/ bullseye-updates main contrib non-free
(but I want to keep using ftp.au.debian.org if I can)
But the apt update output is still bad:
Get:1 https://deb.debian.org/debian bullseye InRelease [113 kB]
Err:1 https://deb.debian.org/debian bullseye InRelease
At least one invalid signature was encountered.
Get:2 https://deb.debian.org/debian-security bullseye-security InRelease [44.1 kB]
Err:2 https://deb.debian.org/debian-security bullseye-security InRelease
At least one invalid signature was encountered.
Get:3 https://deb.debian.org/debian bullseye-updates InRelease [40.1 kB]
Err:3 https://deb.debian.org/debian bullseye-updates InRelease
At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: https://deb.debian.org/debian bullseye InRelease: At least one invalid signature was encountered.
E: The repository 'https://deb.debian.org/debian bullseye InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://deb.debian.org/debian-security bullseye-security InRelease: At least one invalid signature was encountered.
E: The repository 'https://deb.debian.org/debian-security bullseye-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://deb.debian.org/debian bullseye-updates InRelease: At least one invalid signature was encountered.
E: The repository 'https://deb.debian.org/debian bullseye-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
I just noticed that the bullseye items in sources.list
had "contrib non-free" which the buster details didn't
include. I removed them and tried again but it didn't
help.
This is a pure debian stable system.
apt-forktracer reported nothing when I started.
Now it reports 1682 packages.
The time on the VM is correct.
The VM disk isn't full (86% used, 950MB free).
Any idea what I can do to fix this?
Thanks for your time,
raf
Reply to: