Invalid Signatures on updating

  • 11 days ago I noticed a problem doing updates
    I get the following message after running apt-get update
    ----------------


    the output from the GUI is

    Code
    Failed to execute command 'export LANG=C; apt-get update 2>&1': Ign file: Release.gpg Ign file: Release Err file: Packages Err file: Packages Err file: Packages Get:1 [url]http://mirror.cc.columbia.edu[/url] wheezy Release.gpg [1655 B] Get:2 [url]http://packages.openmediavault.org[/url] kralizec Release.gpg [181 B] Hit [url]http://mirror.cc.columbia.edu[/url] wheezy Release Hit [url]http://packages.openmediavault.org[/url] kralizec-proposed Release.gpg Hit [url]http://packages.openmediavault.org[/url] kralizec Release Hit [url]http://packages.openmediavault.org[/url] kralizec-proposed Release Ign [url]http://packages.openmediavault.org[/url] kralizec Release Get:3 [url]http://security.debian.org[/url] wheezy/updates Release.gpg [836 B] Hit [url]http://security.debian.org[/url] wheezy/updates Release Get:4 [url]http://debian.mirrors.tds.net[/url] wheezy-updates Release.gpg [836 B] Hit [url]http://debian.mirrors.tds.net[/url] wheezy-updates Release Ign [url]http://security.debian.org[/url] wheezy/updates Release W: GPG error: [url]http://packages.openmediavault.org[/url] kralizec Release: The following signatures were invalid: BADSIG 7E7A6C592EF35D13 OpenMediaVault.org (OpenMediaVault packages archive) W: GPG error: [url]http://security.debian.org[/url] wheezy/updates Release: The following signatures were invalid: BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) E: Release file for [url]http://debian.mirrors.tds.net/debian/dists/wheezy-updates/Release[/url] is expired (invalid since 13d 13h 35min 56s). Updates for this repository will not be applied.


    --------------------------
    Current version is 1.0.29
    --------------------------
    I looked for a list of other mirror sites but could not locate any information
    --------------------------
    my /etc/apt/sources.list file is

  • First: please use code boxes. I updated your post - thanks! ;-)


    did you install OMV on top of Wheezy or with the OMV 1.0 iso?


    Looks like the keyring is missing
    apt-get install openmediavault-keyring postfix


    After that, please post the output of the installation and:
    dpkg -l | grep openmediavault

    OMV 4.x| HP Microserver | 256GB Samsung 830 SSD for system | 4x 2TB in a RAID5
    OMV 4.x| Odroid XU4 | 5TB Data drive | 500GB Backup drive
    OMV 5.x| Raspberry Pi 4 | 6TB Data drive | 500GB SSD drive

  • Thanks for the help

    Code
    sudo apt-get install openmediavault-keyring postfix
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    openmediavault-keyring is already the newest version.
    postfix is already the newest version.
    0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


    Code
    dpkg -l | grep openmediavault
    ii openmediavault 1.0.29 all Open network attached storage solution
    ii openmediavault-keyring 0.3 all GnuPG archive keys of the OpenMediaVault archive
    ii openmediavault-owncloud 1.1.3 all OpenMediaVault ownCloud plugin


    I hope I got the code box thing correct this time

  • hmm. looks good.
    what about:
    cat /etc/apt/sources.list.d/openmediavault.list

    OMV 4.x| HP Microserver | 256GB Samsung 830 SSD for system | 4x 2TB in a RAID5
    OMV 4.x| Odroid XU4 | 5TB Data drive | 500GB Backup drive
    OMV 5.x| Raspberry Pi 4 | 6TB Data drive | 500GB SSD drive

  • deb http://packages.openmediavault.org/public kralizec main
    # deb http://downloads.sourceforge.n…t/openmediavault/packages kralizec main
    ## Uncomment the following line to add software from the proposed repository.
    deb http://packages.openmediavault.org/public kralizec-proposed main
    # deb http://downloads.sourceforge.n…t/openmediavault/packages kralizec-proposed main
    ## This software is not part of OpenMediaVault, but is offered by third-party
    ## developers as a service to OpenMediaVault users.
    deb http://packages.openmediavault.org/public kralizec partner
    # deb http://downloads.sourceforge.n…t/openmediavault/packages kralizec partner

  • WastlJ
    Just reran apt-get update. This time I got the following output



    I do not understand why the difference

  • I found an old fix for the invalid signatures problem and applied the following:

    Code
    /var/lib/apt$ sudo mv lists lists_bu
    :/var/lib/apt$ sudo mkdir -p lists/partial
    :/var/lib/apt$ sudo apt-get clean all
    :/var/lib/apt$ sudo apt-get update


    Then reran apt-get update and received the following feedback

  • @votdev - I tought the signatures come with the keyring postfix?


    This is correct.


    W: GPG error: http://packages.openmediavault.org kralizec Release: The following signatures were invalid: BADSIG 7E7A6C592EF35D13 OpenMediaVault.org (OpenMediaVault packages archive) <packages@openmediavault.org>
    W: GPG error: http://security.debian.org wheezy/updates Release: The following signatures were invalid: BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
    E: Release file for http://mirror.cc.columbia.edu/…ts/wheezy-updates/Release is expired (invalid since 28d 11h 35min 49s). Updates for this repository will not be applied.


    I assume the whole keys are corrupt.

  • After a lot more searching I came across a similar proble on a different Debian based system.
    It apprears that the GPG error and therefore the failure to update is due to a new proxy I installed.
    By turning off the proxy and running the apt-get update and apt-get upgrade everything now appears to be back in sync.


    Interestingly however,I have four other Linux systems and none of them have the problem.


    Thank you for the help.


    I hope that this exercise may help others.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!