Devuan signing key doesn't get passed to apt keyring.
After the update to devuan-keyring_2016.10.10_all.deb, my two Jessies failed to
apt-get updatewith the following error:
W: GPG error: http://de.mirror.devuan.org jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 94532124541922FB
The key exists in /usr/share/keyrings/devuan-keyring.gpg, but not in /etc/apt/trusted.gpg, so the command
$ gpg --keyring /usr/share/keyrings/devuan-keyring.gpg --export 94532124541922FB | apt-key add -
fixes the issue locally.
yes, it's cause i'm rebuilding the package to comply with some changes in how keys are managed, the new version 2016.10.11 i'm building right now and will be in the repository for tomorrow for amprolla time will fix this issue.
As a work-around, just copy the keyring /usr/share/keyrings/devuan-keyring.gpg to /etc/apt/trusted.gpg.d/ this will fix the issue for you while waiting the new version is available tomorrow.
Also, the fixed package can be downloaded manually from here: https://ci.devuan.org/job/devuan-keyring-repos/lastSuccessfulBuild/artifact/architecture=all,label=all/devuan-keyring_2016.10.11_all.deb
Franco Lanza wrote:
time will fix this issue
The problem I see here is, that the missing key inhibits package list updating ('apt-get update' returns error), so the follow-up version can't be installed without manual intervention.
@florian yes, i know, the broken package is online from yesterday, sadly it's my bad, shame on me!
Anyway, we are in beta, of course for release an issue like this one isn't acceptable, hope this time it is and will not cause too many trubbles.
Status changed to closed