Author Topic: Unsigned repository  (Read 3284 times)

Neil Sands

  • Newbie
  • *
  • Posts: 4
    • View Profile
Unsigned repository
« on: January 15, 2020, 04:51:00 pm »
I have Android and Gemian TP3 on my Gemini.

If I do sudo apt-get update, I get an error message, not always exactly the same but this one is typical.

Quote
W: GPG error: http://gemian.thinkglobally.org/stretch stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6669378035F4918C
W: The repository 'http://gemian.thinkglobally.org/stretch stretch InRelease' is not signed.

I don't fully understand the implications of this. Can I force the upgrade to work with an unsigned repository somehow, and if so is it wise to do so?

Is anyone else getting this? Or am I special?

Thanks
Neil
« Last Edit: January 16, 2020, 06:25:41 pm by Neil Sands »

mithrandir

  • Full Member
  • ***
  • Posts: 191
    • View Profile
    • http://www.mygnu.de
Unsigned repository
« Reply #1 on: January 15, 2020, 04:59:17 pm »
Quote from: Neil Sands
I don't fully understand the implications of this. Can I force the upgrade to work with an unsigned repository somehow, and if so is it wise to do so?
The key has been renewed recently.

wget -O /tmp/archive-key.asc http://gemian.thinkglobally.org/archive-key.asc
apt-key add /tmp/archive-key.asc

Neil Sands

  • Newbie
  • *
  • Posts: 4
    • View Profile
Unsigned repository
« Reply #2 on: January 16, 2020, 06:17:54 pm »
Quote from: mithrandir
The key has been renewed recently.

wget -O /tmp/archive-key.asc http://gemian.thinkglobally.org/archive-key.asc
apt-key add /tmp/archive-key.asc

Wonderful, that's worked very nicely. Thanks.
« Last Edit: January 16, 2020, 06:26:08 pm by Neil Sands »

gemini_user_j

  • Jr. Member
  • **
  • Posts: 86
    • View Profile
Unsigned repository
« Reply #3 on: March 31, 2020, 03:06:49 pm »
Quote from: mithrandir
Quote from: Neil Sands
I don't fully understand the implications of this. Can I force the upgrade to work with an unsigned repository somehow, and if so is it wise to do so?
The key has been renewed recently.

wget -O /tmp/archive-key.asc http://gemian.thinkglobally.org/archive-key.asc
apt-key add /tmp/archive-key.asc

probably wise to use https here:
 https://gemian.thinkglobally.org/archive-key.asc
Gemini PDA x27

geminifrench

  • Newbie
  • *
  • Posts: 38
    • View Profile
    • Stephane Marcellet
Unsigned repository
« Reply #4 on: March 31, 2020, 04:53:27 pm »
working for me in http.

see here : https://www.oesf.org/forum/index.php?showtopic=36209
section [3.5.1]
Gemini x27 4G - Debian only - (sold)

gemini_user_j

  • Jr. Member
  • **
  • Posts: 86
    • View Profile
Unsigned repository
« Reply #5 on: April 01, 2020, 02:27:02 pm »
Quote from: geminifrench
working for me in http.

see here : https://www.oesf.org/forum/index.php?showtopic=36209
section [3.5.1]

Not a question if it works or not, rather a simple precaution to use encrypted data traffic.

Just thought it was particularly relevant when downloading the key used for verifying software packages
Gemini PDA x27