[wellylug] Gpg / Debian problem persists

E Chalaron e.chalaron at xtra.co.nz
Tue Jan 28 14:09:36 NZDT 2014 

Hey Grant & all

I start to see a little clearer with this gpg stuff.

Maybe I should have called on the LUG meeting in nov ... :-[ <- another 
embarrasement


back to step 1
apt-key advanced --keyserver pgp.net.nz --recv-keys 1F41B907

gpg: requesting key 1F41B907 from hkp server pgp.net.nz
gpg: key 1F41B907: "Christian Marillat <marillat at debian.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
root at manawatu:~# apt-key update
gpg: key B98321F9: "Squeeze Stable Release Key 
<debian-release at lists.debian.org>" not changed
gpg: key 473041FA: "Debian Archive Automatic Signing Key (6.0/squeeze) 
<ftpmaster at debian.org>" not changed
gpg: key 65FFB764: "Wheezy Stable Release Key 
<debian-release at lists.debian.org>" not changed
gpg: key 46925553: "Debian Archive Automatic Signing Key (7.0/wheezy) 
<ftpmaster at debian.org>" not changed
gpg: Total number processed: 4
gpg:              unchanged: 4

So first question where the hell is 1F41B907 ???


Out of curiosity I went on
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/24234/comments/20

and applied
gpg --keyring /etc/apt/trusted.gpg --edit-key 1F41B907

to get

pub  1024D/1F41B907  created: 1999-10-03  expires: never usage: SC
                      trust: unknown       validity: unknown
sub  1536g/C28DCC42  created: 1999-10-03  expires: never usage: E
sub  1024D/5D3877A7  created: 2002-08-26  expires: never usage: SCA
[ unknown] (1). Christian Marillat <marillat at debian.org>
[ unknown] (2)  Christian Marillat <marillat at free.fr>
[ revoked] (3)  Christian Marillat <marillat at alpes-net.fr>
[ unknown] (4)  Christian Marillat <marillat at deb-multimedia.org>
[ revoked] (5)  Christian Marillat <marillat.christian at wanadoo.fr>


Does that mean that the key has been revoked without the owner renewing 
it or something ?

Pedro's |--allow-unauthenticated| does not do anything for the report of 
the bad signature. But does it mean it does not fetch the data??

I am lost :'(

Edouard


On 28/01/14 12:08, Pedro Worcel wrote:
> Hey, how about something like this?
>
> http://parijatmishra.wordpress.com/2008/07/28/ubuntu-bad-signature-problems-prevent-apt-get-update-from-working/
>
> Otherwise, the *very insecure* parameter
> |--allow-unauthenticated
>
> |
> will allow you to bypass the warnings|
>
>
> |
>
>
> 2014-01-28 Grant McLean <grant at mclean.net.nz <mailto:grant at mclean.net.nz>>
>
>     You could try:
>
>       $ sudo -i
>       # apt-key advanced --keyserver pgp.net.nz <http://pgp.net.nz>
>     --recv-keys 1F41B907
>
>     This will download the latest repository key from a keyserver and
>     install it into the APT keyring.  The key ID '1F41B907' came from the
>     FAQ here:
>
>     http://www.deb-multimedia.org/faq
>
>     Regards
>     Grant
>
>     On Tue, 2014-01-28 at 11:32 +1300, E Chalaron wrote:
>     > Na ... does not work, wrong signature like before.
>     > Did remove, autoclean etc ...
>     > reinstalled
>     > same stuff
>     >
>     > Reading package lists... Done
>     > W: GPG error: http://www.deb-multimedia.org wheezy Release: The
>     > following signatures were invalid: BADSIG 07DC563D1F41B907 Christian
>     > Marillat <marillat at debian.org <mailto:marillat at debian.org>>
>     > W: GPG error: http://www.deb-multimedia.org wheezy Release: The
>     > following signatures were invalid: BADSIG 07DC563D1F41B907 Christian
>     > Marillat <marillat at debian.org <mailto:marillat at debian.org>>
>     >
>     > cheers
>     > E
>     >
>     >
>     > On 01/28/2014 10:01 AM, Daniel Reurich wrote:
>     > > Ho Edouard
>     > >
>     > > Glad to see you've switched.
>     > >
>     > > From the deb-mulitmedia website is this instruction:
>     > >
>     > > apt-get install deb-multimedia-keyring
>     > >
>     > > regards,
>     > >     Daniel.
>     > >
>     > > On 28/01/14 09:26, E Chalaron wrote:
>     > >>
>     > >> Hello all
>     > >> Long time since my last post, but my usual distro (Suse) is
>     giving me a
>     > >> serious hard time with some firewire modules.
>     > >>
>     > >> Anyway, falled back to Debian stable, that worked out of the
>     box, apart
>     > >> from 1 little problem with a gpg / apt-get
>     > >>
>     > >> GPG error: http://www.deb-multimedia.org wheezy Release: The
>     following
>     > >> signatures were invalid: BADSIG 07DC563D1F41B907 Christian
>     Marillat
>     > >> <marillat at debian.org <mailto:marillat at debian.org>>
>     > >>
>     > >> I tried several googling and solution that did not resolve
>     anything.
>     > >>
>     > >> Point is that I had to get it to work to get some multimedia
>     packages
>     > >> few months ago.
>     > >>
>     > >> So how can I get rid of that error and replace with a proper
>     signature
>     > >> (embarrassingly enough I can't even remember how I did it in
>     the first
>     > >> place). :-[
>     > >>
>     > >> Many thanks
>     > >> Edouard
>     > >>
>     > >>
>     > >
>     > >
>     >
>     >
>
>
>
>     --
>     Wellington Linux Users Group Mailing List:
>     wellylug at lists.wellylug.org.nz <mailto:wellylug at lists.wellylug.org.nz>
>     To Leave: http://lists.wellylug.org.nz/mailman/listinfo/wellylug
>
>
>
>
> -- 
> GPG: http://is.gd/droope <http://is.gd/signature_>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20140128/ddf12f9f/attachment-0001.html>

More information about the wellylug mailing list