Page 1 of 1
Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 5:14 pm
by SilverX
Hey, I think I somehow accidently toasted my apt signatures...
It's 99% sure it's my own fault as I verified they work fine on fresh MX23, but not on mine.
I tried copying .gpg files from fresh MX in /usr/share/keyrings
I tried copying .list files from /etc/apt/sources.list.d/ and removed all old files but nothing seems to help...
Im pretty sure it's more of a me & debian issue than MX thing, but when I asked on Debian IRC, their proposed solution was to "use Debian"
Im attaching a log:
Code: Select all
Get:1 http://security.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian bookworm InRelease [151 kB]
Err:2 http://deb.debian.org/debian bookworm-updates InRelease
At least one invalid signature was encountered.
Get:4 http://nl.mxrepo.com/mx/repo bookworm InRelease [25.3 kB]
Err:1 http://security.debian.org/debian-security bookworm-security InRelease
At least one invalid signature was encountered.
Err:3 http://deb.debian.org/debian bookworm InRelease
At least one invalid signature was encountered.
Err:4 http://nl.mxrepo.com/mx/repo bookworm InRelease
At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://security.debian.org/debian-security bookworm-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://security.debian.org/debian-security bookworm-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bookworm InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://nl.mxrepo.com/mx/repo bookworm InRelease: At least one invalid signature was encountered.
E: The repository 'http://nl.mxrepo.com/mx/repo bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Id be glad for any help, as reinstalling entire system is not an option in this case, I have to fix it on current os.
Will reinstalling entire APT help? Is there any proposed solution other than "try Debian" or reinstall system?
Thanks.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 5:49 pm
by fehlix
Post full QSI please.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 5:58 pm
by SilverX
QSI? Which info exactly you mean?
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 6:01 pm
by fehlix
SilverX wrote: Tue Sep 17, 2024 5:58 pm
QSI? Which info exactly you mean?
The "Quick System Info" normally available with the favorite menu also in MX Tools.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 6:04 pm
by SilverX
Well... Im actually using MX Minimal, which does not come with the tool.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 6:08 pm
by j2mcgreg
SilverX wrote: Tue Sep 17, 2024 6:04 pm
Well... Im actually using MX Minimal, which does not come with the tool.
In that case, please post the results of:
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 6:11 pm
by SilverX
Code: Select all
❯ inxi -Fxxxrza
System:
Kernel: 6.1.0-17-amd64 arch: x86_64 bits: 64
compiler: gcc v: 12.2.0
parameters: BOOT_IMAGE=/boot/vmlinuz-6.1.0-17-amd64
root=UUID=8ec2d7a6-cf4b-40c4-9dd0-1b9cc46b20eb ro
quiet splash
Desktop: Xfce v: 4.18.1 tk: Gtk v: 3.24.36
info: xfce4-panel wm: xfwm v: 4.18.0 vt: 7 dm: LightDM
v: 1.26.0 Distro: MX-23.2 Minimal base: Debian
GNU/Linux 12 (bookworm)
Machine:
Type: Virtualbox System: innotek GmbH product: VirtualBox
v: 1.2 serial: <superuser required>
Chassis: Oracle Corporation type: 1
serial: <superuser required>
Mobo: Oracle model: VirtualBox v: 1.2
serial: <superuser required> BIOS: innotek GmbH
v: VirtualBox date: 12/01/2006
CPU:
Info: model: AMD Ryzen 5 5600X bits: 64 type: MCP
arch: Zen 3+ gen: 4 level: v2 built: 2022
process: TSMC n6 (7nm) family: 0x19 (25)
model-id: 0x21 (33) stepping: 2 microcode: N/A
Topology: cpus: 1x cores: 6 smt: <unsupported> cache:
L1: 384 KiB desc: d-6x32 KiB; i-6x32 KiB L2: 3 MiB
desc: 6x512 KiB L3: 32 MiB desc: 1x32 MiB
Speed (MHz): avg: 3704 min/max: N/A cores: 1: 3704
2: 3704 3: 3704 4: 3704 5: 3704 6: 3704 bogomips: 44451
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1
sse4_2 sse4a ssse3
Vulnerabilities:
Type: gather_data_sampling status: Not affected
Type: itlb_multihit status: Not affected
Type: l1tf status: Not affected
Type: mds status: Not affected
Type: meltdown status: Not affected
Type: mmio_stale_data status: Not affected
Type: retbleed status: Not affected
Type: spec_rstack_overflow mitigation: safe RET
Type: spec_store_bypass status: Not affected
Type: spectre_v1 mitigation: usercopy/swapgs barriers
and __user pointer sanitization
Type: spectre_v2 mitigation: Retpolines, STIBP:
disabled, RSB filling, PBRSB-eIBRS: Not affected
Type: srbds status: Not affected
Type: tsx_async_abort status: Not affected
Graphics:
Device-1: VMware SVGA II Adapter driver: vmwgfx
v: 2.20.0.0 ports: active: Virtual-1 empty: Virtual-2,
Virtual-3, Virtual-4, Virtual-5, Virtual-6, Virtual-7,
Virtual-8 bus-ID: 00:02.0 chip-ID: 15ad:0405
class-ID: 0300
Display: x11 server: X.Org v: 1.21.1.7 compositors:
1: xfwm v: 4.18.0 2: Picom v: 9.1 driver: X:
loaded: vmware unloaded: fbdev,modesetting,vesa
dri: swrast gpu: vmwgfx display-ID: :0.0 screens: 1
Screen-1: 0 s-res: 1280x627 s-dpi: 96
s-size: 339x166mm (13.35x6.54") s-diag: 377mm (14.86")
Monitor-1: Virtual-1 mapped: Virtual1 res: 1280x627
hz: 60 size: N/A modes: max: 1280x627 min: 640x480
API: OpenGL v: 4.5 Mesa 22.3.6 renderer: llvmpipe
(LLVM 15.0.6 256 bits) direct-render: Yes
Audio:
Device-1: Intel 82801AA AC97 Audio vendor: Dell
driver: snd_intel8x0 v: kernel bus-ID: 00:05.0
chip-ID: 8086:2415 class-ID: 0401
API: ALSA v: k6.1.0-17-amd64 status: kernel-api
tools: alsamixer,amixer
Server-1: PipeWire v: 1.0.0 status: off with:
1: pipewire-pulse status: off 2: wireplumber status: off
3: pw-jack type: plugin tools: pw-cat,pw-cli,wpctl
Server-2: PulseAudio v: 16.1 status: active
tools: pacat,pactl,pavucontrol
Network:
Device-1: Intel 82540EM Gigabit Ethernet driver: e1000
v: kernel port: d020 bus-ID: 00:03.0 chip-ID: 8086:100e
class-ID: 0200
IF: eth0 state: up speed: 1000 Mbps duplex: full
mac: <filter>
Device-2: Intel 82371AB/EB/MB PIIX4 ACPI
type: network bridge driver: piix4_smbus v: N/A
modules: i2c_piix4 port: N/A bus-ID: 00:07.0
chip-ID: 8086:7113 class-ID: 0680
Drives:
Local Storage: total: 46.59 GiB used: 12.08 GiB (25.9%)
SMART Message: Unable to run smartctl. Root privileges
required.
ID-1: /dev/sda maj-min: 8:0 vendor: VirtualBox
model: VBOX HARDDISK size: 46.59 GiB block-size:
physical: 512 B logical: 512 B speed: 3.0 Gb/s
type: N/A serial: <filter> rev: 1.0 scheme: MBR
Partition:
ID-1: / raw-size: 46.59 GiB size: 45.55 GiB (97.78%)
used: 12.08 GiB (26.5%) fs: ext4 dev: /dev/sda1
maj-min: 8:1
Swap:
Kernel: swappiness: 15 (default 60)
cache-pressure: 100 (default)
ID-1: swap-1 type: file size: 4 GiB used: 0 KiB (0.0%)
priority: -2 file: /swap/swap
Sensors:
Src: lm-sensors+/sys Message: No sensor data found using
/sys/class/hwmon or lm-sensors.
Repos:
Packages: pm: dpkg pkgs: 1929 libs: 1013
tools: apt,apt-get,aptitude,nala
No active apt repos in: /etc/apt/sources.list
Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list
1: deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
Active apt repos in: /etc/apt/sources.list.d/debian.list
1: deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
2: deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
Active apt repos in: /etc/apt/sources.list.d/mx.list
1: deb http://nl.mxrepo.com/mx/repo/ bookworm main non-free
Info:
Processes: 215 Uptime: 1h 35m wakeups: 1472
Memory: 15.37 GiB used: 1.22 GiB (8.0%) Init: SysVinit
v: 3.06 runlevel: 5 default: graphical tool: systemctl
Compilers: gcc: 12.2.0 alt: 12 Shell: Zsh v: 5.9
running-in: xfce4-terminal inxi: 3.3.26
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 6:49 pm
by fehlix
What would this command show?
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 6:56 pm
by SilverX
Code: Select all
create_gpg_home:trap:14: undefined signal: ABRT
Wasn't apt-key deprecated after Debian 10?
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 7:38 pm
by fehlix
SilverX wrote: Tue Sep 17, 2024 6:56 pm
Code: Select all
create_gpg_home:trap:14: undefined signal: ABRT
I see bad signals.
SilverX wrote: Tue Sep 17, 2024 6:56 pm
Wasn't apt-key deprecated after Debian 10?
Not for queries, but mainly to avoid blindly adding keys to the shared trust space.
It will probably be removed one day, but Debian is trying not to break too much.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 7:40 pm
by SilverX
Any chance reinstalling apt-key might help?
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 8:22 pm
by fehlix
SilverX wrote: Tue Sep 17, 2024 7:40 pm
Any chance reinstalling apt-key might help?
I guess that's not a apt-key issue.
Probably simply to many changes at once, or to much removed
Maybe mini checks:
Code: Select all
ls -al /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/*
and
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 8:29 pm
by SilverX
Code: Select all
❯ ls -al /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/*
zsh: no matches found: /etc/apt/trusted.gpg.d/*
And no output for mount | grep /tmp
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 8:36 pm
by fehlix
SilverX wrote: Tue Sep 17, 2024 8:29 pm
Code: Select all
❯ ls -al /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/*
zsh: no matches found: /etc/apt/trusted.gpg.d/*
No idea, why you have removed those files uner /etc/apt/trusted.gpg.d/*. Perhaps, check your snapshot or the host the snapshot is build from, in case some other file have also been removed. I'd realy rty to fix the snapshot, or the reason,
to avoid other sideffects.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Tue Sep 17, 2024 8:46 pm
by SilverX
I transplanted /etc/apt/trusted.gpg.d/ folder from source distribution
This is output now:
Code: Select all
❯ ls -al /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/*
ls: cannot access '/etc/apt/trusted.gpg': No such file or directory
-rw-r--r-- 1 root root 11861 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.asc
-rw-r--r-- 1 root root 11873 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-bookworm-security-automatic.asc
-rw-r--r-- 1 root root 461 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.asc
-rw-r--r-- 1 root root 11861 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.asc
-rw-r--r-- 1 root root 11873 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.asc
-rw-r--r-- 1 root root 3403 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.asc
-rw-r--r-- 1 root root 11093 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.asc
-rw-r--r-- 1 root root 11105 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.asc
-rw-r--r-- 1 root root 1704 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-buster-stable.asc
-rw-r--r-- 1 root root 1211 Jan 21 2024 /etc/apt/trusted.gpg.d/mx23-archive-keyring.gpg
updating apt still won't work
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Wed Sep 18, 2024 5:56 am
by fehlix
SilverX wrote: Tue Sep 17, 2024 8:46 pm
I transplanted /etc/apt/trusted.gpg.d/ folder from source distribution
This is output now:
Code: Select all
❯ ls -al /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/*
ls: cannot access '/etc/apt/trusted.gpg': No such file or directory
-rw-r--r-- 1 root root 11861 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.asc
-rw-r--r-- 1 root root 11873 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-bookworm-security-automatic.asc
-rw-r--r-- 1 root root 461 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.asc
-rw-r--r-- 1 root root 11861 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.asc
-rw-r--r-- 1 root root 11873 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.asc
-rw-r--r-- 1 root root 3403 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.asc
-rw-r--r-- 1 root root 11093 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.asc
-rw-r--r-- 1 root root 11105 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.asc
-rw-r--r-- 1 root root 1704 Jul 30 2023 /etc/apt/trusted.gpg.d/debian-archive-buster-stable.asc
-rw-r--r-- 1 root root 1211 Jan 21 2024 /etc/apt/trusted.gpg.d/mx23-archive-keyring.gpg
updating apt still won't work
Maybe start again, and with every step you tweak, observe whether the system is still healthy or was just broken.
B/c just copy back some files will not explain to find the cause of the issue, and to help get it properly fixed.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Wed Sep 18, 2024 6:58 am
by SilverX
The thing is im not sure what caused the issue to begin with, probably adding some broken repos, and now its stuck this way.
I literally transplanted healthy files from source os, and it still won't get over this issue.
Trying to repeat the action that broke it to analyze is pretty much impossible at this point.
All I can do now, is to keep transplanting file by file from known working source os and hope it works at some point.
Was there maybe some files i missed? Or is there any other way to re-do entire APT in a way that would fix itself?
I really appreciate your time and willingness to help. (sorry for wasting your time with this, but im already pretty helpless here)
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Wed Sep 18, 2024 7:14 am
by fehlix
SilverX wrote: Wed Sep 18, 2024 6:58 am
The thing is im not sure what caused the issue to begin with, probably adding some broken repos, and now its stuck this way.
I literally transplanted healthy files from source os, and it still won't get over this issue.
Trying to repeat the action that broke it to analyze is pretty much impossible at this point.
All I can do now, is to keep transplanting file by file from known working source os and hope it works at some point.
Was there maybe some files i missed? Or is there any other way to re-do entire APT in a way that would fix itself?
I really appreciate your time and willingness to help. (sorry for wasting your time with this, but im already pretty helpless here)
apt and anything around it is one of the most important, essential system level packages on debian systems. Trying now with manual fixes by copying fixing files to revert into a healthy state is maybe possible, but would not be guarantee, the system get broken by the same causing issue one day. So I personally would not try fix, but to start and reinstall, maybe backup all you adjustment and data, so you can redo your tweaking, stepwise with always checking, whether the step just done, has just created a broken system.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Wed Sep 18, 2024 8:19 am
by SilverX
To be fair.
I suspect both trying to add Ubuntu's PPA's, and trying to add Debian testing...
Im using both apt-get and nala (instead of apt).
Once when i tried to install some newer version of package that was supposedly available in debian testing, I came across this very weird behavior from nala.
It tried to remove over 90 different important packages while trying to just install some package.
After that, naturally I removed the debian testing and ubuntu's ppa's, but as you see, to no avail.
So yeah, this im pretty positive 99% it is due to user error, but I can't understand why trying to clear cache & transplant files won't work...
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Wed Sep 18, 2024 8:31 am
by fehlix
SilverX wrote: Wed Sep 18, 2024 8:19 am
I suspect both trying to add Ubuntu's PPA's, and trying to add Debian testing...
Yes, you can quickly create a FrankenDebian, with this type of attitutde.
So, quick and simple advice would be: Start again, and avoid adding any PPA's
or non Debian bookworm repos. In case something missing, formulate a package request,
or seek advice in the forum.
Good luck.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Wed Sep 18, 2024 8:46 am
by SilverX
Thanks
@fehlix .
I think I will actually listen to your advice and start again.
(Im building distro out of MX23.2 Minimal, and Im already at Alpha v7, so starting over again from healthy Alpha v6 is not that big of a deal. I'd loose only a month or so of work, but at least i learned very very important lesson about Debian...)
Thank you for your time and patience!
This system will remain bricked
and I will start over, more carefully.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Wed Sep 18, 2024 9:19 am
by fehlix
SilverX wrote: Wed Sep 18, 2024 8:46 am
Im building distro out of MX23.2 Minimal
Why not start with MX23.4 Minimal instead, at least avoids any side effects of those huge upgrades since MX23.2.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Wed Sep 18, 2024 10:18 am
by SilverX
Well I already have tons of stuff done up to v6, and porting that would take some considerable time, while v6 is also perfectly healthy and fine with all it has at the moment.
Edit: I actually pretty much already ported entire v7 onto healthy previous version, so it was month to create, and only 3 or so hours to redo it as I already had everything layed down on bricked os.
And Im pretty sure i caused the issue last time by trying to install neovim with apt.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Wed Sep 18, 2024 10:28 am
by fehlix
SilverX wrote: Wed Sep 18, 2024 10:18 am
Well I already have tons of stuff done up to v6, and porting that would take some considerable time, while v6 is also perfectly healthy and fine with all it has at the moment.
Edit: I actually pretty much already ported entire v7 onto healthy previous version, so it was month to create, and only 3 or so hours to redo it as I already had everything layed down on bricked os.
And Im pretty sure i caused the issue last time by trying to install neovim with apt.
As mentioned, in case a package or a package with a newer version
is not available within current enabled debian / or MX repos and also not within MX-testrepo,
do formulate a Package Request within the PackageRequest forum, with some reasoning, why you think
it's worth to have the package (or the newer version) within the MX repo.
With this package request, there is a chance that someone from the packaging team will be kind enough to backport the package.
Re: Totally broken APT repo signatures (apt update won't work)
Posted: Wed Sep 18, 2024 11:07 am
by SilverX
That would be cool, and I'll definetly gonna have some suggestions regarding recommended packages :)