Ubuntu Packet missing signature! #26176

Closed
martin-zh opened this Issue Sep 22, 2016 · 5 comments

Comments

Projects
None yet
5 participants

When trying to update to 9.1.1 using ubuntu packets I get the following error:

Fehl:7 http://download.owncloud.org/download/repositories/9.1/Ubuntu_16.04 Release.gpg
Die folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher Schlüssel nicht verfügbar ist: NO_PUBKEY 47AE7F72479BC94B

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.owncloud.org/download/repositories/9.1/Ubuntu_16.04 Release: Die folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher Schlüssel nicht verfügbar ist: NO_PUBKEY 47AE7F72479BC94B
W: Failed to fetch http://download.owncloud.org/download/repositories/9.1/Ubuntu_16.04/Release.gpg Die folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher Schlüssel nicht verfügbar ist: NO_PUBKEY 47AE7F72479BC94B
W: Einige Indexdateien konnten nicht heruntergeladen werden. Sie wurden ignoriert oder alte an ihrer Stelle benutzt.

Owner

DeepDiver1975 commented Sep 22, 2016

Did you follow the instructions on importing the key? https://download.owncloud.org/download/repositories/9.1/owncloud/

wget -nv https://download.owncloud.org/download/repositories/9.1/Ubuntu_16.04/Release.key -O Release.key
apt-key add - < Release.key

Yes, but running importing it using this steps resolves the issue. Thanks!

FYI there's another warning:
W: http://download.owncloud.org/download/repositories/9.1/Ubuntu_16.04/Release.gpg: Signature by key DDA2C105C4B73A6649AD2BBD47AE7F72479BC94B uses weak digest algorithm (SHA1)

Owner

DeepDiver1975 commented Sep 22, 2016

FYI there's another warning:
W: http://download.owncloud.org/download/repositories/9.1/Ubuntu_16.04/Release.gpg: Signature by key DDA2C105C4B73A6649AD2BBD47AE7F72479BC94B uses weak digest algorithm (SHA1)

this is a know issue - already reported somewhere in here - thx

b01t commented Sep 23, 2016

Why has the key changed? What's wrong with the old one?
pub 1024D/BA684223 2012-02-08 [expires: 2017-04-19]
uid isv:ownCloud OBS Project isv:ownCloud@build.opensuse.org

i think the new key is not legit:

pub   2048R/479BC94B 2013-08-26 [expires: 2018-08-25]
uid                  ownCloud build service <obsrun@localhost>

surely, owncloud does not expect me to trust a key for an @localhost address...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment