Invalid Signatures on updating

    • Resolved

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Invalid Signatures on updating

      11 days ago I noticed a problem doing updates
      I get the following message after running apt-get update
      ----------------

      Source Code

      1. Ign file: Release.gpg
      2. Ign file: Release
      3. Err file: Packages
      4. Err file: Packages
      5. Err file: Packages
      6. Get:1 [url]http://packages.openmediavault.org[/url] kralizec Release.gpg [181 B]
      7. Get:2 [url]http://packages.openmediavault.org[/url] kralizec-proposed Release.gpg [181 B]
      8. Hit [url]http://packages.openmediavault.org[/url] kralizec Release
      9. Ign [url]http://packages.openmediavault.org[/url] kralizec Release
      10. Hit [url]http://packages.openmediavault.org[/url] kralizec-proposed Release
      11. Get:3 [url]http://mirror.cc.columbia.edu[/url] wheezy Release.gpg [1,655 B]
      12. Hit [url]http://mirror.cc.columbia.edu[/url] wheezy Release
      13. Get:4 [url]http://debian.mirrors.tds.net[/url] wheezy-updates Release.gpg [836 B]
      14. Hit [url]http://debian.mirrors.tds.net[/url] wheezy-updates Release
      15. W: GPG error: [url]http://packages.openmediavault.org[/url] kralizec Release: The following signatures were invalid: BADSIG 7E7A6C592EF35D13 OpenMediaVault.org (OpenMediaVault packages archive) <[email=packages@openmediavault.org]packages@openmediavault.org[/email]>
      16. E: Release file for [url]http://debian.mirrors.tds.net/debian/dists/wheezy-updates/Release[/url] is expired (invalid since 13d 13h 28min 16s). Updates for this repository will not be applied.
      Display All


      the output from the GUI is

      Source Code

      1. Failed to execute command 'export LANG=C; apt-get update 2>&1': Ign file: Release.gpg Ign file: Release Err file: Packages Err file: Packages Err file: Packages Get:1 [url]http://mirror.cc.columbia.edu[/url] wheezy Release.gpg [1655 B] Get:2 [url]http://packages.openmediavault.org[/url] kralizec Release.gpg [181 B] Hit [url]http://mirror.cc.columbia.edu[/url] wheezy Release Hit [url]http://packages.openmediavault.org[/url] kralizec-proposed Release.gpg Hit [url]http://packages.openmediavault.org[/url] kralizec Release Hit [url]http://packages.openmediavault.org[/url] kralizec-proposed Release Ign [url]http://packages.openmediavault.org[/url] kralizec Release Get:3 [url]http://security.debian.org[/url] wheezy/updates Release.gpg [836 B] Hit [url]http://security.debian.org[/url] wheezy/updates Release Get:4 [url]http://debian.mirrors.tds.net[/url] wheezy-updates Release.gpg [836 B] Hit [url]http://debian.mirrors.tds.net[/url] wheezy-updates Release Ign [url]http://security.debian.org[/url] wheezy/updates Release W: GPG error: [url]http://packages.openmediavault.org[/url] kralizec Release: The following signatures were invalid: BADSIG 7E7A6C592EF35D13 OpenMediaVault.org (OpenMediaVault packages archive) W: GPG error: [url]http://security.debian.org[/url] wheezy/updates Release: The following signatures were invalid: BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) E: Release file for [url]http://debian.mirrors.tds.net/debian/dists/wheezy-updates/Release[/url] is expired (invalid since 13d 13h 35min 56s). Updates for this repository will not be applied.

      --------------------------
      Current version is 1.0.29
      --------------------------
      I looked for a list of other mirror sites but could not locate any information
      --------------------------
      my /etc/apt/sources.list file is

      Source Code

      1. # deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official Snapshot amd64 LIVE/INSTALL Binary 20140520-18:28]/ wheezy main non-free
      2. #deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official Snapshot amd64 LIVE/INSTALL Binary 20140520-18:28]/ wheezy main non-free
      3. deb [url]ftp://mirror.cc.columbia.edu/debian/[/url] wheezy main
      4. deb-src [url]http://mirror.cc.columbia.edu/debian/[/url] wheezy main
      5. deb [url]http://security.debian.org/[/url] wheezy/updates main non-free
      6. deb-src [url]http://security.debian.org/[/url] wheezy/updates main non-free
      7. # wheezy-updates, previously known as 'volatile'
      8. deb [url]ftp://mirror.cc.columbia.edu/debian/[/url] wheezy-updates main non-free
      9. deb-src [url]http://mirror.cc.columbia.edu/debian/[/url] wheezy-updates main non-free
      Display All

      The post was edited 1 time, last by WastlJ ().

    • First: please use code boxes. I updated your post - thanks! ;)

      did you install OMV on top of Wheezy or with the OMV 1.0 iso?

      Looks like the keyring is missing
      ​apt-get install openmediavault-keyring postfix

      After that, please post the output of the installation and:
      ​dpkg -l | grep openmediavault
      OMV stoneburner | HP Microserver | 256GB Samsung 830 SSD for system | 4x 2TB in a RAID5
      OMV erasmus| Odroid XU4 | 5TB Data drive | 500GB Backup drive
    • Thanks for the help

      Source Code

      1. sudo apt-get install openmediavault-keyring postfix
      2. Reading package lists... Done
      3. Building dependency tree
      4. Reading state information... Done
      5. openmediavault-keyring is already the newest version.
      6. postfix is already the newest version.
      7. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


      Source Code

      1. dpkg -l | grep openmediavault
      2. ii openmediavault 1.0.29 all Open network attached storage solution
      3. ii openmediavault-keyring 0.3 all GnuPG archive keys of the OpenMediaVault archive
      4. ii openmediavault-owncloud 1.1.3 all OpenMediaVault ownCloud plugin


      I hope I got the code box thing correct this time

      The post was edited 1 time, last by WastlJ ().

    • deb packages.openmediavault.org/public kralizec main
      # deb downloads.sourceforge.net/project/openmediavault/packages kralizec main
      ## Uncomment the following line to add software from the proposed repository.
      deb packages.openmediavault.org/public kralizec-proposed main
      # deb downloads.sourceforge.net/project/openmediavault/packages kralizec-proposed main
      ## This software is not part of OpenMediaVault, but is offered by third-party
      ## developers as a service to OpenMediaVault users.
      deb packages.openmediavault.org/public kralizec partner
      # deb downloads.sourceforge.net/project/openmediavault/packages kralizec partner
    • WastlJ
      Just reran apt-get update. This time I got the following output

      Source Code

      1. Ign file: Release.gpg
      2. Ign file: Release
      3. Err file: Packages
      4. Err file: Packages
      5. Err file: Packages
      6. Get:1 http://mirror.cc.columbia.edu wheezy Release.gpg [1,655 B]
      7. Get:2 http://packages.openmediavault.org kralizec Release.gpg [181 B]
      8. Get:3 http://mirror.cc.columbia.edu wheezy-updates Release.gpg [836 B]
      9. Hit http://packages.openmediavault.org kralizec-proposed Release.gpg
      10. Hit http://mirror.cc.columbia.edu wheezy Release
      11. Hit http://packages.openmediavault.org kralizec Release
      12. Hit http://mirror.cc.columbia.edu wheezy-updates Release
      13. Hit http://packages.openmediavault.org kralizec-proposed Release
      14. Get:4 http://security.debian.org wheezy/updates Release.gpg [836 B]
      15. Ign http://packages.openmediavault.org kralizec Release
      16. Hit http://security.debian.org wheezy/updates Release
      17. Hit http://mirror.cc.columbia.edu wheezy/main Sources
      18. Err http://mirror.cc.columbia.edu wheezy-updates Release
      19. Ign http://security.debian.org wheezy/updates Release
      20. Hit ftp://mirror.cc.columbia.edu wheezy Release.gpg
      21. Get:5 ftp://mirror.cc.columbia.edu wheezy-updates Release.gpg [836 B]
      22. Ign http://security.debian.org wheezy/updates/main Sources/DiffIndex
      23. Ign http://packages.openmediavault.org kralizec/main amd64 Packages/DiffIndex
      24. Hit ftp://mirror.cc.columbia.edu wheezy Release
      25. Hit ftp://mirror.cc.columbia.edu wheezy-updates Release
      26. Ign http://security.debian.org wheezy/updates/non-free Sources/DiffIndex
      27. Hit ftp://mirror.cc.columbia.edu wheezy/main amd64 Packages
      28. Hit ftp://mirror.cc.columbia.edu wheezy-updates/main amd64 Packages/DiffIndex
      29. Ign http://packages.openmediavault.org kralizec/partner amd64 Packages/DiffIndex
      30. Hit http://packages.openmediavault.org kralizec-proposed/main amd64 Packages
      31. Hit ftp://mirror.cc.columbia.edu wheezy-updates/non-free amd64 Packages
      32. Ign http://security.debian.org wheezy/updates/main amd64 Packages/DiffIndex
      33. Ign http://security.debian.org wheezy/updates/non-free amd64 Packages/DiffIndex
      34. Hit http://security.debian.org wheezy/updates/main Sources
      35. Hit http://security.debian.org wheezy/updates/non-free Sources
      36. Hit http://security.debian.org wheezy/updates/main amd64 Packages
      37. Hit http://security.debian.org wheezy/updates/non-free amd64 Packages
      38. Hit http://packages.openmediavault.org kralizec/main amd64 Packages
      39. Hit http://packages.openmediavault.org kralizec/partner amd64 Packages
      40. Fetched 4,344 B in 2s (1,553 B/s)
      41. Reading package lists... Done
      42. W: GPG error: http://packages.openmediavault.org kralizec Release: The following signatures were invalid: BADSIG 7E7A6C592EF35D13 OpenMediaVault.org (OpenMediaVault packages archive) <packages@openmediavault.org>
      43. W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://mirror.cc.columbia.edu wheezy-updates Release: The following signatures were invalid: BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
      44. W: GPG error: http://security.debian.org wheezy/updates Release: The following signatures were invalid: BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
      45. W: Failed to fetch http://mirror.cc.columbia.edu/debian/dists/wheezy-updates/Release
      46. W: Some index files failed to download. They have been ignored, or old ones used instead.
      Display All

      I do not understand why the difference
    • I found an old fix for the invalid signatures problem and applied the following:

      Source Code

      1. /var/lib/apt$ sudo mv lists lists_bu
      2. :/var/lib/apt$ sudo mkdir -p lists/partial
      3. :/var/lib/apt$ sudo apt-get clean all
      4. :/var/lib/apt$ sudo apt-get update

      Then reran apt-get update and received the following feedback

      Source Code

      1. Ign file: Release.gpg
      2. Ign file: Release
      3. Err file: Packages
      4. Err file: Packages
      5. Err file: Packages
      6. Get:1 http://mirror.cc.columbia.edu wheezy Release.gpg [1,655 B]
      7. Get:2 http://packages.openmediavault.org kralizec Release.gpg [181 B]
      8. Get:3 http://mirror.cc.columbia.edu wheezy-updates Release.gpg [836 B]
      9. Get:4 http://packages.openmediavault.org kralizec-proposed Release.gpg [181 B]
      10. Get:5 http://mirror.cc.columbia.edu wheezy Release [168 kB]
      11. Get:6 http://packages.openmediavault.org kralizec Release [9,696 B]
      12. Ign http://packages.openmediavault.org kralizec Release
      13. Get:7 http://packages.openmediavault.org kralizec-proposed Release [3,722 B]
      14. Get:8 http://security.debian.org wheezy/updates Release.gpg [836 B]
      15. Get:9 http://security.debian.org wheezy/updates Release [102 kB]
      16. Get:10 http://mirror.cc.columbia.edu wheezy-updates Release [124 kB]
      17. Ign http://security.debian.org wheezy/updates Release
      18. Get:11 http://mirror.cc.columbia.edu wheezy/main Sources [5,955 kB]
      19. Get:12 http://security.debian.org wheezy/updates/main Sources [139 kB]
      20. W: GPG error: http://packages.openmediavault.org kralizec Release: The following signatures were invalid: BADSIG 7E7A6C592EF35D13 OpenMediaVault.org (OpenMediaVault packages archive) <packages@openmediavault.org>
      21. W: GPG error: http://security.debian.org wheezy/updates Release: The following signatures were invalid: BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
      22. E: Release file for http://mirror.cc.columbia.edu/debian/dists/wheezy-updates/Release is expired (invalid since 28d 11h 35min 49s). Updates for this repository will not be applied.
      Display All
    • WastlJ wrote:

      @votdev - I tought the signatures come with the keyring postfix?

      This is correct.

      jakoch wrote:

      W: GPG error: packages.openmediavault.org kralizec Release: The following signatures were invalid: BADSIG 7E7A6C592EF35D13 OpenMediaVault.org (OpenMediaVault packages archive) <packages@openmediavault.org>
      W: GPG error: security.debian.org wheezy/updates Release: The following signatures were invalid: BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
      E: Release file for mirror.cc.columbia.edu/debian/dists/wheezy-updates/Release is expired (invalid since 28d 11h 35min 49s). Updates for this repository will not be applied.

      I assume the whole keys are corrupt.
      Absolutely no support through PM!

      I must not fear.
      Fear is the mind-killer.
      Fear is the little-death that brings total obliteration.
      I will face my fear.
      I will permit it to pass over me and through me.
      And when it has gone past I will turn the inner eye to see its path.
      Where the fear has gone there will be nothing.
      Only I will remain.

      Litany against fear by Bene Gesserit
    • After a lot more searching I came across a similar proble on a different Debian based system.
      It apprears that the GPG error and therefore the failure to update is due to a new proxy I installed.
      By turning off the proxy and running the apt-get update and apt-get upgrade everything now appears to be back in sync.

      Interestingly however,I have four other Linux systems and none of them have the problem.

      Thank you for the help.

      I hope that this exercise may help others.