First Last Prev Next    No search results available
Bug 8702 - GPG error when updating Extras from repository.maemo.org
: GPG error when updating Extras from repository.maemo.org
Status: NEW
Product: maemo.org Website
Downloads
: unspecified
: All Maemo
: Unspecified normal with 11 votes (vote)
: ---
Assigned To: Niels Breet
: downloads@maemo.org
:
:
:
:
  Show dependency tree
 
Reported: 2010-01-30 22:09 UTC by Akos Polster
Modified: 2011-12-23 15:20 UTC (History)
14 users (show)

See Also:

Attachments
Script for downloading missign public keys. (744 bytes, application/octet-stream)
2011-04-08 03:56 UTC, burivoy 		Details
Add an attachment (proposed patch, testcase, etc.)


Note

You need to log in before you can comment on or make changes to this bug.

Description Akos Polster (reporter) 2010-01-30 22:09:23 UTC 
SOFTWARE VERSION:
Maemo 5 1.2009.42-11

EXACT STEPS LEADING TO PROBLEM: 
1. Enable Extras repository
2. apt-get update

EXPECTED OUTCOME:
Update succeeds

ACTUAL OUTCOME:
Update error: "W: GPG error: http://repository.maemo.org fremantle Release: The
following signatures were invalid: BADSIG E40DC434616730BD maemo.org Extras
repositories (Fremantle Extras) <repositories@maemo.org>"

REPRODUCIBILITY:
Always (since a week or two)

EXTRA SOFTWARE INSTALLED:

OTHER COMMENTS:

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us)
AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Comment 1 Bartek Piech 2010-03-30 21:35:04 UTC 
Same here.
Comment 2 Niels Breet maemo.org 2010-03-31 22:55:19 UTC 
We did some server changes today to prevent this issue from happening. Does it
look better for you now?
Comment 3 pete 2010-04-19 13:50:44 UTC 
I am still having this issue.
Comment 4 luma 2010-04-19 14:45:55 UTC 
Same here with 3.2010.02-8
Comment 5 Miles 2010-05-27 01:25:45 UTC 
*** This bug has been confirmed by popular vote. ***
Comment 6 Miles 2010-05-27 01:28:30 UTC 
Same here,

adding the key doesn't seem to help.
Comment 7 waldg3ist 2010-09-01 06:51:07 UTC 
just got the same bug any solution
Comment 8 Linux Eventually 2010-10-09 10:47:31 UTC 
Diablo user, just ran apt-get update.
Maemo4 5.2008.43-7

apt-key adv --keyserver repository.maemo.org --recv-keys ********** 

Does NOT solve the problem.

Error persists:
W: GPG error: http://repository.maemo.org diablo Release: The following
signatures couldn't be verified because the public key is not available:
NO_PUBKEY ************ (key is of course obscured for the purpose of this bug
report)

Affected repos:
extras (Diablo)
extras-devel (Diablo)

Unaffected repos:
extras (Chinook)

The bug is on the server end, in case that wasn't blatantly obvious to you.

HAM seems to ignore the error but it's obnoxious nonetheless.
Comment 9 burivoy 2011-04-08 03:55:00 UTC 
There is a nice script found here:
http://linux.newtag.ru/files/2010/02/add-keys.sh
Why don't you guys implement something like this and simplify the process?

#!/bin/sh

if [ -z $1 ]
then
    KEYS=`sudo apt-get -qq update 2>&1 | awk '/NO_PUBKEY/ {print($NF)}' | uniq`
    if [ -z $KEYS ]
        then
        echo "No missed public keys found."
    else
        echo "Missed public keys: $KEYS"
        for KEY in $KEYS
        do
            sudo apt-key adv --recv-keys --keyserver repository.maemo.org $KEY
&&\
            echo "Public key $KEY has been added."
        done
    fi
else
    KEYS=`echo $@ | tr '\ ' '\n' | grep '\([[:alnum:]_]\|[a-fA-F]\)\{8,\}' |
uniq | tr '\n' '\ '`
    echo "Public keys to add: $KEYS"
    for KEY in $KEYS
    do
        sudo apt-key adv --recv-keys --keyserver repository.maemo.org $KEY >
/dev/null &&\
        echo "Public key $KEY has been added."
    done
fi
Comment 10 burivoy 2011-04-08 03:56:48 UTC 
Created an attachment (id=3344) [details]
Script for downloading missign public keys.
Comment 11 pintorbo 2011-04-26 17:00:30 UTC 
> Script for downloading missign public keys.
It do not works ("No missed public keys found")

It looks like repository.maemo.org keyserver is down (gpg: keyserver time out)
and invalid key is uploaded to MIT keyserver
Comment 12 ben.stern 2011-05-12 22:48:17 UTC 
This seems to be the same bug as 11384.
Comment 13 jomat+maemobugs 2011-12-23 15:20:08 UTC 
Not the same as 11384, there's the key missing.

Here we have a bad signature, caused by up- and outdated files on the server:

Release                                                         17.12.2011
08:48    8252
Release.gpg                                                     27.08.2010
10:34     489
First Last Prev Next    No search results available