Bug#875615: please document that --digest-algo must be used to sign
Package: apt
Version: 1.4.8
Followup-For: Bug #875615
Hi,
I have the same problem, not using a homemade repo, but using that for Epson
printer drivers [1]. Running apt-get update leads to the following error:
W: GPG error: http://download.ebz.epson.net/dsc/op/stable/debian lsb3.2
Release: The following signatures were invalid:
E5220FB7014D0FBDA50DFC2BE5E86C008AA65D56
W: The repository 'http://download.ebz.epson.net/dsc/op/stable/debian lsb3.2
Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore
potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration
details.
I have check that the signature was OK (although the key from Epson uses
dsa1024). I have also checked using strace that the call to gpgv from apt-get
resulted in a VALIDSIG.
Here is the relevant part:
[pid 16805] execve("/usr/bin/gpgv", ["gpgv", "--homedir", "/tmp/apt-key-
gpghome.sxAuZhFxxd", "--keyring", "/tmp/apt-key-
gpghome.sxAuZhFxxd/pubring.gpg", "--ignore-time-conflict", "--status-fd", "3",
"/var/lib/apt/lists/partial/download.ebz.epson.net_dsc_op_stable_debian_dists_lsb3.2_Release.gpg",
"/var/lib/apt/lists/download.ebz.epson.net_dsc_op_stable_debian_dists_lsb3.2_Release"],
[/* 22 vars */]) = 0
[pid 16805] write(3<pipe:[1041956]>, "[GNUPG:] KEY_CONSIDERED
E5220FB7014D0FBDA50DFC2BE5E86C008AA65D56 0\n", 67) = 67
[pid 16805] write(3<pipe:[1041956]>, "[GNUPG:] SIG_ID
S+6Mraiq7SfaBNvnalpm+mH2OwI 2014-07-22 1406003740\n", 66) = 66
[pid 16805] write(3<pipe:[1041956]>, "[GNUPG:] KEY_CONSIDERED
E5220FB7014D0FBDA50DFC2BE5E86C008AA65D56 0\n", 67) = 67
[pid 16805] write(3<pipe:[1041956]>, "[GNUPG:] GOODSIG E5E86C008AA65D56 Seiko
Epson Corporation (Epson Inkjet Printer Driver) <epson-linux-
inkjet@avasys.jp>\n", 119) = 119
[pid 16805] write(3<pipe:[1041956]>, "[GNUPG:] VALIDSIG
E5220FB7014D0FBDA50DFC2BE5E86C008AA65D56 2014-07-22 1406003740 0 4 0 17 2 00
E5220FB7014D0FBDA50DFC2BE5E86C008"..., 136) = 136
I guess there is an additional requirement, other than the signature being
valid.
Best,
L.
[1] http://download.ebz.epson.net/dsc/op/stable/debian/dists/lsb3.2/
-- Package-specific info:
-- apt-config dump --
APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "1";
APT::Install-Suggests "0";
APT::Sandbox "";
APT::Sandbox::User "_apt";
APT::Authentication "";
APT::Authentication::TrustCDROM "true";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image-4\.8\.0-0\.bpo\.2-amd64$";
APT::NeverAutoRemove:: "^linux-image-4\.9\.0-4-amd64$";
APT::NeverAutoRemove:: "^linux-headers-4\.8\.0-0\.bpo\.2-amd64$";
APT::NeverAutoRemove:: "^linux-headers-4\.9\.0-4-amd64$";
APT::NeverAutoRemove:: "^linux-image-extra-4\.8\.0-0\.bpo\.2-amd64$";
APT::NeverAutoRemove:: "^linux-image-extra-4\.9\.0-4-amd64$";
APT::NeverAutoRemove:: "^linux-signed-image-4\.8\.0-0\.bpo\.2-amd64$";
APT::NeverAutoRemove:: "^linux-signed-image-4\.9\.0-4-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-image-4\.8\.0-0\.bpo\.2-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-image-4\.9\.0-4-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-headers-4\.8\.0-0\.bpo\.2-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-headers-4\.9\.0-4-amd64$";
APT::NeverAutoRemove:: "^gnumach-image-4\.8\.0-0\.bpo\.2-amd64$";
APT::NeverAutoRemove:: "^gnumach-image-4\.9\.0-4-amd64$";
APT::NeverAutoRemove:: "^.*-modules-4\.8\.0-0\.bpo\.2-amd64$";
APT::NeverAutoRemove:: "^.*-modules-4\.9\.0-4-amd64$";
APT::NeverAutoRemove:: "^.*-kernel-4\.8\.0-0\.bpo\.2-amd64$";
APT::NeverAutoRemove:: "^.*-kernel-4\.9\.0-4-amd64$";
APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.8\.0-0\.bpo\.2-amd64$";
APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.9\.0-4-amd64$";
APT::NeverAutoRemove:: "^linux-tools-4\.8\.0-0\.bpo\.2-amd64$";
APT::NeverAutoRemove:: "^linux-tools-4\.9\.0-4-amd64$";
APT::VersionedKernelPackages "";
APT::VersionedKernelPackages:: "linux-image";
APT::VersionedKernelPackages:: "linux-headers";
APT::VersionedKernelPackages:: "linux-image-extra";
APT::VersionedKernelPackages:: "linux-signed-image";
APT::VersionedKernelPackages:: "kfreebsd-image";
APT::VersionedKernelPackages:: "kfreebsd-headers";
APT::VersionedKernelPackages:: "gnumach-image";
APT::VersionedKernelPackages:: ".*-modules";
APT::VersionedKernelPackages:: ".*-kernel";
APT::VersionedKernelPackages:: "linux-backports-modules-.*";
APT::VersionedKernelPackages:: "linux-tools";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "contrib/metapackages";
APT::Never-MarkAuto-Sections:: "non-free/metapackages";
APT::Never-MarkAuto-Sections:: "restricted/metapackages";
APT::Never-MarkAuto-Sections:: "universe/metapackages";
APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
APT::Move-Autobit-Sections "";
APT::Move-Autobit-Sections:: "oldlibs";
APT::Move-Autobit-Sections:: "contrib/oldlibs";
APT::Move-Autobit-Sections:: "non-free/oldlibs";
APT::Move-Autobit-Sections:: "restricted/oldlibs";
APT::Move-Autobit-Sections:: "universe/oldlibs";
APT::Move-Autobit-Sections:: "multiverse/oldlibs";
APT::Update "";
APT::Update::Post-Invoke-Success "";
APT::Update::Post-Invoke-Success:: "[ ! -f /var/run/dbus/system_bus_socket ] || /usr/bin/dbus-send --system --dest=org.debian.apt --type=signal /org/debian/apt org.debian.apt.CacheChanged || true";
APT::Update::Post-Invoke-Success:: "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null";
APT::Update::Post-Invoke-Success:: "if /usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli; then appstreamcli refresh-cache > /dev/null; fi";
APT::Update::Post-Invoke "";
APT::Update::Post-Invoke:: "[ ! -x /usr/bin/debtags ] || debtags update || true";
APT::Architectures "";
APT::Architectures:: "amd64";
APT::Architectures:: "i386";
APT::Compressor "";
APT::Compressor::. "";
APT::Compressor::.::Name ".";
APT::Compressor::.::Extension "";
APT::Compressor::.::Binary "";
APT::Compressor::.::Cost "0";
APT::Compressor::lz4 "";
APT::Compressor::lz4::Name "lz4";
APT::Compressor::lz4::Extension ".lz4";
APT::Compressor::lz4::Binary "false";
APT::Compressor::lz4::Cost "50";
APT::Compressor::gzip "";
APT::Compressor::gzip::Name "gzip";
APT::Compressor::gzip::Extension ".gz";
APT::Compressor::gzip::Binary "gzip";
APT::Compressor::gzip::Cost "100";
APT::Compressor::gzip::CompressArg "";
APT::Compressor::gzip::CompressArg:: "-6n";
APT::Compressor::gzip::UncompressArg "";
APT::Compressor::gzip::UncompressArg:: "-d";
APT::Compressor::xz "";
APT::Compressor::xz::Name "xz";
APT::Compressor::xz::Extension ".xz";
APT::Compressor::xz::Binary "xz";
APT::Compressor::xz::Cost "200";
APT::Compressor::xz::CompressArg "";
APT::Compressor::xz::CompressArg:: "-6";
APT::Compressor::xz::UncompressArg "";
APT::Compressor::xz::UncompressArg:: "-d";
APT::Compressor::bzip2 "";
APT::Compressor::bzip2::Name "bzip2";
APT::Compressor::bzip2::Extension ".bz2";
APT::Compressor::bzip2::Binary "bzip2";
APT::Compressor::bzip2::Cost "300";
APT::Compressor::bzip2::CompressArg "";
APT::Compressor::bzip2::CompressArg:: "-6";
APT::Compressor::bzip2::UncompressArg "";
APT::Compressor::bzip2::UncompressArg:: "-d";
APT::Compressor::lzma "";
APT::Compressor::lzma::Name "lzma";
APT::Compressor::lzma::Extension ".lzma";
APT::Compressor::lzma::Binary "xz";
APT::Compressor::lzma::Cost "400";
APT::Compressor::lzma::CompressArg "";
APT::Compressor::lzma::CompressArg:: "--format=lzma";
APT::Compressor::lzma::CompressArg:: "-6";
APT::Compressor::lzma::UncompressArg "";
APT::Compressor::lzma::UncompressArg:: "--format=lzma";
APT::Compressor::lzma::UncompressArg:: "-d";
Dir "/";
Dir::State "var/lib/apt";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::mirrors "mirrors/";
Dir::State::extended_states "extended_states";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Etc::trusted "trusted.gpg";
Dir::Etc::trustedparts "trusted.gpg.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::solvers "";
Dir::Bin::solvers:: "/usr/lib/apt/solvers";
Dir::Bin::planners "";
Dir::Bin::planners:: "/usr/lib/apt/planners";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Bin::gzip "/bin/gzip";
Dir::Bin::bzip2 "/bin/bzip2";
Dir::Bin::xz "/usr/bin/xz";
Dir::Bin::lz4 "/usr/bin/lz4";
Dir::Bin::lzma "/usr/bin/xz";
Dir::Media "";
Dir::Media::MountPath "/media/cdrom";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Dir::Log::History "history.log";
Dir::Log::Planner "eipp.log.xz";
Dir::Ignore-Files-Silently "";
Dir::Ignore-Files-Silently:: "~$";
Dir::Ignore-Files-Silently:: "\.disabled$";
Dir::Ignore-Files-Silently:: "\.bak$";
Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
Dir::Ignore-Files-Silently:: "\.ucf-[a-z]+$";
Dir::Ignore-Files-Silently:: "\.save$";
Dir::Ignore-Files-Silently:: "\.orig$";
Dir::Ignore-Files-Silently:: "\.distUpgrade$";
Acquire "";
Acquire::AllowInsecureRepositories "0";
Acquire::AllowWeakRepositories "0";
Acquire::AllowDowngradeToInsecureRepositories "0";
Acquire::cdrom "";
Acquire::cdrom::mount "/media/cdrom";
Acquire::IndexTargets "";
Acquire::IndexTargets::deb "";
Acquire::IndexTargets::deb::Packages "";
Acquire::IndexTargets::deb::Packages::MetaKey "$(COMPONENT)/binary-$(ARCHITECTURE)/Packages";
Acquire::IndexTargets::deb::Packages::flatMetaKey "Packages";
Acquire::IndexTargets::deb::Packages::ShortDescription "Packages";
Acquire::IndexTargets::deb::Packages::Description "$(RELEASE)/$(COMPONENT) $(ARCHITECTURE) Packages";
Acquire::IndexTargets::deb::Packages::flatDescription "$(RELEASE) Packages";
Acquire::IndexTargets::deb::Packages::Optional "0";
Acquire::IndexTargets::deb::Translations "";
Acquire::IndexTargets::deb::Translations::MetaKey "$(COMPONENT)/i18n/Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::flatMetaKey "$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::ShortDescription "Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::Description "$(RELEASE)/$(COMPONENT) Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::flatDescription "$(RELEASE) Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::DEP-11 "";
Acquire::IndexTargets::deb::DEP-11::MetaKey "$(COMPONENT)/dep11/Components-$(NATIVE_ARCHITECTURE).yml";
Acquire::IndexTargets::deb::DEP-11::ShortDescription "Components-$(NATIVE_ARCHITECTURE)";
Acquire::IndexTargets::deb::DEP-11::Description "$(RELEASE)/$(COMPONENT) $(NATIVE_ARCHITECTURE) DEP-11 Metadata";
Acquire::IndexTargets::deb::DEP-11::KeepCompressed "true";
Acquire::IndexTargets::deb::DEP-11::KeepCompressedAs "gz";
Acquire::IndexTargets::deb::DEP-11-icons "";
Acquire::IndexTargets::deb::DEP-11-icons::MetaKey "$(COMPONENT)/dep11/icons-64x64.tar";
Acquire::IndexTargets::deb::DEP-11-icons::ShortDescription "icons-64x64";
Acquire::IndexTargets::deb::DEP-11-icons::Description "$(RELEASE)/$(COMPONENT) DEP-11 64x64 Icons";
Acquire::IndexTargets::deb::DEP-11-icons::KeepCompressed "true";
Acquire::IndexTargets::deb::DEP-11-icons::KeepCompressedAs "gz";
Acquire::IndexTargets::deb::DEP-11-icons::DefaultEnabled "true";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi "";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi::MetaKey "$(COMPONENT)/dep11/icons-128x128.tar";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi::ShortDescription "icons-128x128";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi::Description "$(RELEASE)/$(COMPONENT) DEP-11 128x128 Icons";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi::KeepCompressed "true";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi::KeepCompressedAs "gz";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi::DefaultEnabled "false";
Acquire::IndexTargets::deb-src "";
Acquire::IndexTargets::deb-src::Sources "";
Acquire::IndexTargets::deb-src::Sources::MetaKey "$(COMPONENT)/source/Sources";
Acquire::IndexTargets::deb-src::Sources::flatMetaKey "Sources";
Acquire::IndexTargets::deb-src::Sources::ShortDescription "Sources";
Acquire::IndexTargets::deb-src::Sources::Description "$(RELEASE)/$(COMPONENT) Sources";
Acquire::IndexTargets::deb-src::Sources::flatDescription "$(RELEASE) Sources";
Acquire::IndexTargets::deb-src::Sources::Optional "0";
Acquire::Changelogs "";
Acquire::Changelogs::URI "";
Acquire::Changelogs::URI::Origin "";
Acquire::Changelogs::URI::Origin::Debian "http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog";;
Acquire::Changelogs::URI::Origin::Tanglu "http://metadata.tanglu.org/changelogs/@CHANGEPATH@_changelog";;
Acquire::Changelogs::URI::Origin::Ubuntu "http://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog";;
Acquire::Changelogs::URI::Origin::Ultimedia "http://packages.ultimediaos.com/changelogs/pool/@CHANGEPATH@/changelog.txt";;
Acquire::Changelogs::AlwaysOnline "";
Acquire::Changelogs::AlwaysOnline::Origin "";
Acquire::Changelogs::AlwaysOnline::Origin::Ubuntu "1";
Acquire::Languages "";
Acquire::Languages:: "en";
Acquire::Languages:: "none";
Acquire::Languages:: "fr";
Acquire::CompressionTypes "";
Acquire::CompressionTypes::xz "xz";
Acquire::CompressionTypes::bz2 "bzip2";
Acquire::CompressionTypes::lzma "lzma";
Acquire::CompressionTypes::gz "gzip";
Acquire::CompressionTypes::lz4 "lz4";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -lt 10";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Tools "";
DPkg::Tools::Options "";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
DPkg::Tools::Options::/usr/bin/apt-listchanges::InfoFD "20";
DPkg::Post-Invoke "";
DPkg::Post-Invoke:: "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null";
Unattended-Upgrade "";
Unattended-Upgrade::Origins-Pattern "";
Unattended-Upgrade::Origins-Pattern:: "origin=Debian,codename=${distro_codename},label=Debian-Security";
Binary "apt-config";
Binary::apt "";
Binary::apt::APT "";
Binary::apt::APT::Color "1";
Binary::apt::APT::Cache "";
Binary::apt::APT::Cache::Show "";
Binary::apt::APT::Cache::Show::Version "2";
Binary::apt::APT::Cache::AllVersions "0";
Binary::apt::APT::Cache::ShowVirtuals "1";
Binary::apt::APT::Cache::Search "";
Binary::apt::APT::Cache::Search::Version "2";
Binary::apt::APT::Cache::ShowDependencyType "1";
Binary::apt::APT::Cache::ShowVersion "1";
Binary::apt::APT::Get "";
Binary::apt::APT::Get::Upgrade-Allow-New "1";
Binary::apt::APT::Cmd "";
Binary::apt::APT::Cmd::Show-Update-Stats "1";
Binary::apt::APT::Keep-Downloaded-Packages "0";
Binary::apt::DPkg "";
Binary::apt::DPkg::Progress-Fancy "1";
Binary::apt-get "";
Binary::apt-get::Acquire "";
Binary::apt-get::Acquire::AllowInsecureRepositories "1";
CommandLine "";
CommandLine::AsString "apt-config dump";
-- (no /etc/apt/preferences present) --
-- /etc/apt/preferences.d/debian-multimedia --
Package: *
Pin: release l=Unofficial Multimedia Packages
Pin-Priority: 400
-- /etc/apt/sources.list --
deb http://http.debian.net/debian/ stretch main contrib non-free
deb http://http.debian.net/debian/ stretch-backports main contrib non-free
deb http://http.debian.net/debian/ stretch-updates main contrib non-free
deb http://debian.univ-reims.fr/debian-security stretch/updates main contrib
# deb http://mozilla.debian.net/ stretch-backports firefox-release
# deb http://mirrors.ircam.fr/pub/deb-multimedia/ stretch main non-free
# deb-src ftp://ftp.igh.cnrs.fr/pub/debian-multimedia stretch main
deb http://download.ebz.epson.net/dsc/op/stable/debian/ lsb3.2 epson-inkjet-printer-201106w
-- /etc/apt/sources.list.d/dropbox.list --
deb [arch=i386,amd64] http://linux.dropbox.com/debian jessie main
-- System Information:
Debian Release: 9.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apt depends on:
ii adduser 3.115
ii debian-archive-keyring 2017.5
ii gpgv 2.1.18-8~deb9u1
ii init-system-helpers 1.48
ii libapt-pkg5.0 1.4.8
ii libc6 2.24-11+deb9u1
ii libgcc1 1:6.3.0-18
ii libstdc++6 6.3.0-18
Versions of packages apt recommends:
ii gnupg 2.1.18-8~deb9u1
ii gnupg2 2.1.18-8~deb9u1
Versions of packages apt suggests:
pn apt-doc <none>
ii aptitude 0.8.7-1
ii dpkg-dev 1.18.24
ii powermgmt-base 1.31+nmu1
ii python-apt 1.4.0~beta3
ii synaptic 0.84.2
-- no debconf information
Reply to: