Web lists-archives.com

Re: Expired GPG keys of older release




On 6/20/2018 8:47 AM, Adam Cecile wrote:
On 06/20/2018 08:39 AM, john doe wrote:
On 6/19/2018 10:55 PM, Adam Cecile wrote:
On 06/19/2018 10:48 PM, Don Armstrong wrote:
On Tue, 19 Jun 2018, Adam Cecile wrote:
That's a pity, don't you think so ? I think Debian should renew the
archive key, so we can still verify packages signatures.
You can still verify them. Key expiration doesn't make existing
signatures invalid. [Indeed, gpgv doesn't even check for expired keys.]

With apt ? I had to set allowunauthenticated = 1 in apt.conf, otherwise apt wouldn't install anything.


Can you give us the warning/error you're getting?

  ---> Running in 2300490ebb96
Get:1 http://archive.debian.org squeeze Release.gpg [1655 B]
Get:2 http://archive.debian.org squeeze-lts Release.gpg [819 B]
Get:3 http://archive.debian.org squeeze Release [96.0 kB]
Ign http://archive.debian.org squeeze Release
Get:4 http://archive.debian.org squeeze-lts Release [34.3 kB]
Get:5 http://archive.debian.org squeeze/main amd64 Packages [8370 kB]
Get:6 http://archive.debian.org squeeze-lts/main amd64 Packages [390 kB]
Fetched 8893 kB in 0s (10.0 MB/s)
Reading package lists...
W: GPG error: http://archive.debian.org squeeze Release: The following signatures were invalid: KEYEXPIRED 1520281423 KEYEXPIRED 1501892461
Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
   libssl0.9.8 openssl
The following NEW packages will be installed:
   ca-certificates libssl0.9.8 openssl wget
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 2980 kB of archives.
After this operation, 7578 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
   ca-certificates
E: There are problems and -y was used without --force-yes


As other as pointed out if the expiration date is not extended on the key your out of luck! :)

https://www.debian.org/News/2011/20110209

One workaroungd could be:
1)   Download all required packages
2)  Verify the downloaded packages using 'gpg --verify'
3)  Install the verified pkgs

The best workaround would be to upgrade to Debian Stretch (6 to 7, 7 to 8, 8 to 9)! :)

For sake of completeness:
  apt-key update              - update keys using the keyring package
  apt-key net-update          - update keys using the network


--
John Doe