Updating from X2Go's Debian repository fails due to GPG error NO_PUBKEY F4A7678C9C6B0B2B
Dear list,
since last night running 'aptitude update' gives an error on a machine with X2Go's Debian repository added:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://packages.x2go.org jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F4A7678C9C6B0B2B
According to http://wiki.x2go.org/doku.php/wiki:repositories:debian I would expect the file to be signed with key E1F958385BFE2B6E. Has the key to sign the repository been changed by the project?
Looking forward to receiving any feedback!
Best,
Holger
On 13.09.2016 12:49 PM, Holger Krause wrote:
since last night running 'aptitude update' gives an error on a machine with X2Go's Debian repository added:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://packages.x2go.org jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F4A7678C9C6B0B2B
According to http://wiki.x2go.org/doku.php/wiki:repositories:debian I would expect the file to be signed with key E1F958385BFE2B6E. Has the key to sign the repository been changed by the project?
Yes, we have always been at war with Oce... err, I have changed the key for signing Debian repository metadata recently to consolidate everything (both RPM and DEB formats now use one key, apart from EPEL 5 which needs a weaker key.)
I'll be reverting back to the old key, then add new keys to the x2go-keyring package, release that and switch to the new key in about 2 weeks. That sounds better, right?
Mihai
-
Holger Krause -
Mihai Moldovan