Debian Packages Not Trusted, APT Linux
-
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
When doing an "apt update", getting this error on Debian 11 Bullseye..
The repository 'http://ftp.debian.org/debian bullseye-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
We have the GPG keys, and the initial install was fine. This is a system that has been in production for a while. How do we get it to accept these repos?
It's not hard to get past that message. But the real question is why you get it. Something has to be wrong.
-
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
When doing an "apt update", getting this error on Debian 11 Bullseye..
The repository 'http://ftp.debian.org/debian bullseye-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
We have the GPG keys, and the initial install was fine. This is a system that has been in production for a while. How do we get it to accept these repos?
It's not hard to get past that message. But the real question is why you get it. Something has to be wrong.
Maybe it's because Bullseye is stable now.
What does
/etc/apt/sources.list
look like? -
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
When doing an "apt update", getting this error on Debian 11 Bullseye..
The repository 'http://ftp.debian.org/debian bullseye-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
We have the GPG keys, and the initial install was fine. This is a system that has been in production for a while. How do we get it to accept these repos?
It's not hard to get past that message. But the real question is why you get it. Something has to be wrong.
Maybe it's because Bullseye is stable now.
What does
/etc/apt/sources.list
look like?I don't think so. I have scores of these servers with the same package list. But most don't have this issue.
-
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
When doing an "apt update", getting this error on Debian 11 Bullseye..
The repository 'http://ftp.debian.org/debian bullseye-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
We have the GPG keys, and the initial install was fine. This is a system that has been in production for a while. How do we get it to accept these repos?
It's not hard to get past that message. But the real question is why you get it. Something has to be wrong.
Maybe it's because Bullseye is stable now.
What does
/etc/apt/sources.list
look like?I don't think so. I have scores of these servers with the same package list. But most don't have this issue.
It's also strange that you have
ftp.debian.org
as repository whendeb.debian.org
should be the default.If you use the latter you will be fetching files over a CDN.
-
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
When doing an "apt update", getting this error on Debian 11 Bullseye..
The repository 'http://ftp.debian.org/debian bullseye-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
We have the GPG keys, and the initial install was fine. This is a system that has been in production for a while. How do we get it to accept these repos?
It's not hard to get past that message. But the real question is why you get it. Something has to be wrong.
Maybe it's because Bullseye is stable now.
What does
/etc/apt/sources.list
look like?I don't think so. I have scores of these servers with the same package list. But most don't have this issue.
It's also strange that you have
ftp.debian.org
as repository whendeb.debian.org
should be the default.If you use the latter you will be fetching files over a CDN.
oh, good point. ftp works elsewhere and is provided by ProxMox, but I'll check that.
-
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
When doing an "apt update", getting this error on Debian 11 Bullseye..
The repository 'http://ftp.debian.org/debian bullseye-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
We have the GPG keys, and the initial install was fine. This is a system that has been in production for a while. How do we get it to accept these repos?
It's not hard to get past that message. But the real question is why you get it. Something has to be wrong.
Maybe it's because Bullseye is stable now.
What does
/etc/apt/sources.list
look like?I don't think so. I have scores of these servers with the same package list. But most don't have this issue.
It's also strange that you have
ftp.debian.org
as repository whendeb.debian.org
should be the default.If you use the latter you will be fetching files over a CDN.
I wonder if this is a clean bullseye (debian 11) install or has it been updated from buster or earlier?
-
Updated, but same issue...
deb http://db.debian.org/debian bullseye main contrib deb http://deb.debian.org/debian bullseye-updates main contrib # PVE pve-no-subscription repository provided by proxmox.com, # NOT recommended for production use deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription # security updates deb http://security.debian.org/debian-security bullseye-security main contrib
-
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
Updated, but same issue...
deb http://db.debian.org/debian bullseye main contrib deb http://deb.debian.org/debian bullseye-updates main contrib # PVE pve-no-subscription repository provided by proxmox.com, # NOT recommended for production use deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription # security updates deb http://security.debian.org/debian-security bullseye-security main contrib
Ah, it's proxmox. If I remember correctly they started to use Debian 11 before it became Debian stable. It should probably not matter though.
When I look at debian gpg keys (
apt-key list
) on Debian 11 in front of me, it looks like this:
Do you have the same three Bullseye keys?
-
You should probably check that you can get to the repository at all from that machine. It could potentially be a repository problem.
For example using wget or curl fetch this file:
http://deb.debian.org/debian/dists/bullseye-updates/InReleaseIt's the first file that apt is trying to fetch.
-
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
deb http://deb.debian.org/debian bullseye-updates main contrib
If you just want to get past the error, you can change the above line to:
deb [trusted=yes] http://deb.debian.org/debian/dists/bullseye-updates/InRelease
I think you might end up with another error instead though. Because I don't think it's the actual problem.
-
@Pete-S said in Debian Packages Not Trusted, APT Linux:
http://deb.debian.org/debian/dists/bullseye-updates/InRelease
YOu are right, it's blocked. I get a 403 error on that machine. But not on others!
-
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
deb http://deb.debian.org/debian bullseye-updates main contrib
If you just want to get past the error, you can change the above line to:
deb [trusted=yes] http://deb.debian.org/debian/dists/bullseye-updates/InRelease
I think you might end up with another error instead though. Because I don't think it's the actual problem.
Right, I think that the CDN is blocking this for some reason.
-
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
deb http://deb.debian.org/debian bullseye-updates main contrib
If you just want to get past the error, you can change the above line to:
deb [trusted=yes] http://deb.debian.org/debian/dists/bullseye-updates/InRelease
I think you might end up with another error instead though. Because I don't think it's the actual problem.
Right, I think that the CDN is blocking this for some reason.
Go to the bottom of the page and you'll find all official debian mirrors all over the world.
https://www.debian.org/mirror/listPick a mirror and see if you can access the InRelease file from the server. Then you can change the
/etc/apt/sources.list
and then runapt update
again. -
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
@Pete-S said in Debian Packages Not Trusted, APT Linux:
@scottalanmiller said in Debian Packages Not Trusted, APT Linux:
deb http://deb.debian.org/debian bullseye-updates main contrib
If you just want to get past the error, you can change the above line to:
deb [trusted=yes] http://deb.debian.org/debian/dists/bullseye-updates/InRelease
I think you might end up with another error instead though. Because I don't think it's the actual problem.
Right, I think that the CDN is blocking this for some reason.
Go to the bottom of the page and you'll find all official debian mirrors all over the world.
https://www.debian.org/mirror/listPick a mirror and see if you can access the InRelease file from the server. Then you can change the
/etc/apt/sources.list
and then runapt update
again.Yup, I grabbed one manually and it "just worked". It's something broken in the mirrors!!
-
Thanks, we are up and running again!