Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix EXPKEYSIG error at building debian ports #161

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix EXPKEYSIG error at building debian ports #161

wants to merge 2 commits into from

Conversation

vicamo
Copy link
Contributor

@vicamo vicamo commented Nov 27, 2023

At the first time apt-get update after deboostrap, following error fails the process:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://snapshot.debian.org/archive/debian-ports/20220201T000000Z unstable InRelease: The following signatures were invalid: EXPKEYSIG 5A88D659DCB811BB Debian Ports Archive Automatic Signing Key (2021) <ftpmaster@ports-master.debian.org> EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) <ftpmaster@ports-master.debian.org>
E: The repository 'http://snapshot.debian.org/archive/debian-ports/20220201T000000Z unreleased InRelease' is not signed.

This patch add trusted tag to the ports apt source temporarily, and will be rewritten later before creating artifacts.

@tianon
Copy link
Collaborator

tianon commented Nov 27, 2023

I think debuerreotype-gpgv-ignore-expiration-config is probably a better solution to the problem you're trying to solve (it's what I use for EOL releases). 😅

It allows the signature verification to continue and just ignores the key expiration.

vicamo added 2 commits May 6, 2024 22:01
@vicamo
Move debuerreotype-gpgv-ignore-expiration-config into init
bbf4546 
At the first time `apt-get update` after deboostrap, following error
fails the process:

  W: An error occurred during the signature verification. The repository
  is not updated and the previous index files will be used. GPG error:
  http://snapshot.debian.org/archive/debian-ports/20220201T000000Z
  unstable InRelease: The following signatures were invalid: EXPKEYSIG
  5A88D659DCB811BB Debian Ports Archive Automatic Signing Key (2021)
  <ftpmaster@ports-master.debian.org> EXPKEYSIG E852514F5DF312F6 Debian
  Ports Archive Automatic Signing Key (2022)
  <ftpmaster@ports-master.debian.org>
  E: The repository
  'http://snapshot.debian.org/archive/debian-ports/20220201T000000Z
  unreleased InRelease' is not signed.

This change moves debuerreotype-gpgv-ignore-expiration-config invocation
into debuerreotype-init before `apt-get update` is ever called.

Signed-off-by: You-Sheng Yang <vicamo@gmail.com>
@vicamo
Ignore EXPKEYSIG for debian ports as well
46b7315 
Signed-off-by: You-Sheng Yang <vicamo@gmail.com>
@vicamo vicamo force-pushed the for-upstream/add-trusted-to-ports-snapshot-apt-sources branch from ef98dc0 to 46b7315 Compare May 6, 2024 14:20
@vicamo
Copy link
Contributor Author

vicamo commented May 6, 2024

Force push two commits to reuse debuerreotype-gpgv-ignore-expiration-config as suggested by the maintainer.

@vicamo
Copy link
Contributor Author

vicamo commented May 6, 2024

This, along with #166, should fix all failed cases on master branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vicamo @tianon