OESF Portables Forum

Model Specific Forums => Gemini PDA => Gemini PDA - Linux => Topic started by: Neil Sands on January 15, 2020, 04:51:00 pm

Title: Unsigned repository
Post by: Neil Sands on January 15, 2020, 04:51:00 pm

I have Android and Gemian TP3 on my Gemini.

If I do sudo apt-get update, I get an error message, not always exactly the same but this one is typical.

Quote

W: GPG error: http://gemian.thinkglobally.org/stretch (http://gemian.thinkglobally.org/stretch) stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6669378035F4918C
W: The repository 'http://gemian.thinkglobally.org/stretch stretch InRelease' is not signed.

I don't fully understand the implications of this. Can I force the upgrade to work with an unsigned repository somehow, and if so is it wise to do so?

Is anyone else getting this? Or am I special?

Thanks
Neil

Title: Unsigned repository
Post by: mithrandir on January 15, 2020, 04:59:17 pm

Quote from: Neil Sands

I don't fully understand the implications of this. Can I force the upgrade to work with an unsigned repository somehow, and if so is it wise to do so?

The key has been renewed recently.

wget -O /tmp/archive-key.asc http://gemian.thinkglobally.org/archive-key.asc (http://gemian.thinkglobally.org/archive-key.asc)
apt-key add /tmp/archive-key.asc

Title: Unsigned repository
Post by: Neil Sands on January 16, 2020, 06:17:54 pm

Quote from: mithrandir

The key has been renewed recently.

wget -O /tmp/archive-key.asc http://gemian.thinkglobally.org/archive-key.asc (http://gemian.thinkglobally.org/archive-key.asc)
apt-key add /tmp/archive-key.asc

Wonderful, that's worked very nicely. Thanks.

Title: Unsigned repository
Post by: gemini_user_j on March 31, 2020, 03:06:49 pm

Quote from: mithrandir

Quote from: Neil Sands

I don't fully understand the implications of this. Can I force the upgrade to work with an unsigned repository somehow, and if so is it wise to do so?

The key has been renewed recently.

wget -O /tmp/archive-key.asc http://gemian.thinkglobally.org/archive-key.asc (http://gemian.thinkglobally.org/archive-key.asc)
apt-key add /tmp/archive-key.asc

probably wise to use https here:
 https://gemian.thinkglobally.org/archive-key.asc (https://gemian.thinkglobally.org/archive-key.asc)

Title: Unsigned repository
Post by: geminifrench on March 31, 2020, 04:53:27 pm

working for me in http.

see here : https://www.oesf.org/forum/index.php?showtopic=36209 (https://www.oesf.org/forum/index.php?showtopic=36209)
section [3.5.1]

Title: Unsigned repository
Post by: gemini_user_j on April 01, 2020, 02:27:02 pm

Quote from: geminifrench

working for me in http.

see here : https://www.oesf.org/forum/index.php?showtopic=36209 (https://www.oesf.org/forum/index.php?showtopic=36209)
section [3.5.1]

Not a question if it works or not, rather a simple precaution to use encrypted data traffic.

Just thought it was particularly relevant when downloading the key used for verifying software packages