Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signature Error (Debian 10 / propus) #688

Open
TDS-Software opened this issue Nov 28, 2020 · 4 comments
Open

Signature Error (Debian 10 / propus) #688

TDS-Software opened this issue Nov 28, 2020 · 4 comments

Comments

@TDS-Software
Copy link

Hi,

I get a Signature-Error: (when trying apt update)

W: GPG-Fehler: http://installrepo.kaltura.org/repo/apt/debian propus InRelease: Die folgenden Signaturen waren ungültig: 8118B7B578D4BA50032E3B740E221B84C95650AB

I tried to add this Key: (as described in the Installation-Readme)

http://installrepo.kaltura.org/repo/apt/debian/kaltura-deb-curr.gpg.key

my sources.list.d/kaltura.list:

deb [arch=amd64] http://installrepo.kaltura.org/repo/apt/debian propus main

I am on a fresh Debian 10.6 installation.

Thank you
@odkr
Copy link

odkr commented Jan 11, 2021

This is really odd, because:

$ curl -s http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease | gpg
[...]
gpg: Signature made Mon Jul  6 15:44:25 2020 CEST
gpg:                using RSA key 0E221B84C95650AB
gpg: Can't check signature: No public key
$ curl -s http://installrepo.kaltura.org/repo/apt/debian/kaltura-deb-curr.gpg.key | gpg
[...]
pub   rsa2048 2019-09-08 [SC]
      8118B7B578D4BA50032E3B740E221B84C95650AB
uid           Kaltura Inc deb repo <[email protected]>
sub   rsa2048 2019-09-08 [E]

At first, I thought somebody might just have used the wrong key to sign the repository. But that's not the case.

@odkr
Copy link

odkr commented Mar 22, 2021
edited
Loading

I just realised that the signature is, in fact, valid:

% curl -s http://installrepo.kaltura.org/repo/apt/debian/kaltura-deb-curr.gpg.key | gpg --import
gpg: key 0E221B84C95650AB: public key "Kaltura Inc deb repo <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
% curl -s http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease | gpg --verify
gpg: Signature made Mon 06 Jul 2020 15:44:25 CEST
gpg:                using RSA key 0E221B84C95650AB
gpg: Good signature from "Kaltura Inc deb repo <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8118 B7B5 78D4 BA50 032E  3B74 0E22 1B84 C956 50AB

Any idea why apt thinks otherwise?

@odkr
Copy link

odkr commented Mar 23, 2021

I'm adding my research on this over at https://forum.kaltura.org/t/installing-from-debian-packages-in-buster-fails-because-of-a-signature-error/10922 in the hope that the developers will respond there.

@odkr
Copy link

odkr commented Mar 25, 2021

A developer commented on the thread I've opened over at the Kaltura formus. Debian is no longer supported.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@odkr @TDS-Software