Skip to content

GitLab

Open
Created by michael.neuffer@michael.neuffer

Debian/Ubuntu Repository: Release.gpg must be signed properly

I belive the error below is related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921685 which fixes CVE-2019-3462 in apt 1.8.0

apt (1.8.0) unstable; urgency=medium

[ David Kalnischkies ]

  • Add explicit message for unsupported binary signature (Closes: #921685) [...] apt (1.8.0~rc1) unstable; urgency=medium

[ David Kalnischkies ]

  • Fail instead of warn for unsigned lines in InRelease
  • Fail on non-signature lines in Release.gpg
root@charion-new:/etc/apt/sources.list.d#apt-get update
[...]
Ign:4 http://download.videolan.org/pub/debian/stable  InRelease                                                                                       
[...]
Ign:6 http://download.videolan.org/pub/debian/testing  InRelease                                                                             
[...]
Get:10 http://download.videolan.org/pub/debian/stable  Release [1.487 B]                                                                              
[...]
Get:12 http://download.videolan.org/pub/debian/testing  Release [1.487 B]                                                   
[...]
Get:14 http://download.videolan.org/pub/debian/stable  Release.gpg [287 B]                       
Get:15 http://download.videolan.org/pub/debian/testing  Release.gpg [287 B]                                
[...]
Ign:14 http://download.videolan.org/pub/debian/stable  Release.gpg
Ign:15 http://download.videolan.org/pub/debian/testing  Release.gpg
Reading package lists... Done
W: GPG error: http://download.videolan.org/pub/debian/stable  Release: Detached signature file '/var/lib/apt/lists/partial/download.videolan.org_pub_debian_stable_Release.gpg' is in unsupported binary format
E: The repository 'http://download.videolan.org/pub/debian/stable  Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://download.videolan.org/pub/debian/testing  Release: Detached signature file '/var/lib/apt/lists/partial/download.videolan.org_pub_debian_testing_Release.gpg' is in unsupported binary format
E: The repository 'http://download.videolan.org/pub/debian/testing  Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

VideoLAN code repository instance