Debian Packages Not Trusted, APT Linux
-
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
When doing an "apt update", getting this error on Debian 11 Bullseye..
The repository 'http://ftp.debian.org/debian bullseye-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.We have the GPG keys, and the initial install was fine. This is a system that has been in production for a while. How do we get it to accept these repos?
It's not hard to get past that message. But the real question is why you get it. Something has to be wrong.
Maybe it's because Bullseye is stable now.
What does
/etc/apt/sources.listlook like?I don't think so. I have scores of these servers with the same package list. But most don't have this issue.
It's also strange that you have
ftp.debian.orgas repository whendeb.debian.orgshould be the default.If you use the latter you will be fetching files over a CDN.
-
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
When doing an "apt update", getting this error on Debian 11 Bullseye..
The repository 'http://ftp.debian.org/debian bullseye-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.We have the GPG keys, and the initial install was fine. This is a system that has been in production for a while. How do we get it to accept these repos?
It's not hard to get past that message. But the real question is why you get it. Something has to be wrong.
Maybe it's because Bullseye is stable now.
What does
/etc/apt/sources.listlook like?I don't think so. I have scores of these servers with the same package list. But most don't have this issue.
It's also strange that you have
ftp.debian.orgas repository whendeb.debian.orgshould be the default.If you use the latter you will be fetching files over a CDN.
oh, good point. ftp works elsewhere and is provided by ProxMox, but I'll check that.
-
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
When doing an "apt update", getting this error on Debian 11 Bullseye..
The repository 'http://ftp.debian.org/debian bullseye-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.We have the GPG keys, and the initial install was fine. This is a system that has been in production for a while. How do we get it to accept these repos?
It's not hard to get past that message. But the real question is why you get it. Something has to be wrong.
Maybe it's because Bullseye is stable now.
What does
/etc/apt/sources.listlook like?I don't think so. I have scores of these servers with the same package list. But most don't have this issue.
It's also strange that you have
ftp.debian.orgas repository whendeb.debian.orgshould be the default.If you use the latter you will be fetching files over a CDN.
I wonder if this is a clean bullseye (debian 11) install or has it been updated from buster or earlier?
-
Updated, but same issue...
deb http://db.debian.org/debian bullseye main contrib deb http://deb.debian.org/debian bullseye-updates main contrib # PVE pve-no-subscription repository provided by proxmox.com, # NOT recommended for production use deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription # security updates deb http://security.debian.org/debian-security bullseye-security main contrib -
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
Updated, but same issue...
deb http://db.debian.org/debian bullseye main contrib deb http://deb.debian.org/debian bullseye-updates main contrib # PVE pve-no-subscription repository provided by proxmox.com, # NOT recommended for production use deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription # security updates deb http://security.debian.org/debian-security bullseye-security main contribAh, it's proxmox. If I remember correctly they started to use Debian 11 before it became Debian stable. It should probably not matter though.
When I look at debian gpg keys (
apt-key list) on Debian 11 in front of me, it looks like this:
Do you have the same three Bullseye keys?
-
You should probably check that you can get to the repository at all from that machine. It could potentially be a repository problem.
For example using wget or curl fetch this file:
http://deb.debian.org/debian/dists/bullseye-updates/InReleaseIt's the first file that apt is trying to fetch.
-
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
deb http://deb.debian.org/debian bullseye-updates main contrib
If you just want to get past the error, you can change the above line to:
deb [trusted=yes] http://deb.debian.org/debian/dists/bullseye-updates/InReleaseI think you might end up with another error instead though. Because I don't think it's the actual problem.
-
@Pete-S said in Debian Packages Not Trusted, APT Linux:
http://deb.debian.org/debian/dists/bullseye-updates/InRelease
YOu are right, it's blocked. I get a 403 error on that machine. But not on others!
-
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
deb http://deb.debian.org/debian bullseye-updates main contrib
If you just want to get past the error, you can change the above line to:
deb [trusted=yes] http://deb.debian.org/debian/dists/bullseye-updates/InReleaseI think you might end up with another error instead though. Because I don't think it's the actual problem.
Right, I think that the CDN is blocking this for some reason.
-
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
deb http://deb.debian.org/debian bullseye-updates main contrib
If you just want to get past the error, you can change the above line to:
deb [trusted=yes] http://deb.debian.org/debian/dists/bullseye-updates/InReleaseI think you might end up with another error instead though. Because I don't think it's the actual problem.
Right, I think that the CDN is blocking this for some reason.
Go to the bottom of the page and you'll find all official debian mirrors all over the world.
https://www.debian.org/mirror/listPick a mirror and see if you can access the InRelease file from the server. Then you can change the
/etc/apt/sources.listand then runapt updateagain. -
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
deb http://deb.debian.org/debian bullseye-updates main contrib
If you just want to get past the error, you can change the above line to:
deb [trusted=yes] http://deb.debian.org/debian/dists/bullseye-updates/InReleaseI think you might end up with another error instead though. Because I don't think it's the actual problem.
Right, I think that the CDN is blocking this for some reason.
Go to the bottom of the page and you'll find all official debian mirrors all over the world.
https://www.debian.org/mirror/listPick a mirror and see if you can access the InRelease file from the server. Then you can change the
/etc/apt/sources.listand then runapt updateagain.Yup, I grabbed one manually and it "just worked". It's something broken in the mirrors!!
-
Thanks, we are up and running again!
