• Serveurs
  • [Résolu] Problème avec Trusted.gpg

Bonjour, j'ai besoin de votre aide !!!

j'ai lancé une mise à jour "apt-get update" et j'ai eu comme réponse :
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://nginx.org jessie Release: The following signatures were invalid: KEYEXPIRED 1471427554

W: Failed to fetch http://nginx.org/packages/debian/dists/jessie/Release

W: Some index files failed to download. They have been ignored, or old ones used instead.
j'ai regardé plusieurs article pour essayer de résoudre mon problème mais c'est pire qu'avant, j'ai maintenant :
W: There is no public key available for the following key IDs:
9D6D8F6BC857C906
W: There is no public key available for the following key IDs:
CBF8D6FD518E17E1
W: GPG error: http://www.deb-multimedia.org jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5C808C2B65558117
W: There is no public key available for the following key IDs:
CBF8D6FD518E17E1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://nginx.org jessie Release: The following signatures were invalid: KEYEXPIRED 1471427554

W: Failed to fetch http://nginx.org/packages/debian/dists/jessie/Release

W: Some index files failed to download. They have been ignored, or old ones used instead.
pour en arriver la j'ai essayé :
apt-key adv --recv-keys --keyserver keyserver.download.opensuse.org (AVEC PLUSIEURS KEY) 
wget http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_8.0/Release.key
apt-key add - < Release.key 
Help me plz
Salut,

Lister tes clés
sudo apt-key list
Retirer celles qui foirent (ou toutes et comme ça au moins plus de doute !)
sudo apt-key del ID_Clé
Remettre celles qui sont nécessaires (voici pour Nginx).
Tu es sûr que tu as téléchargé la bonne clé publique ?
apt key list me donne :
root@ns518106:~# apt-key list
/etc/apt/trusted.gpg
--------------------
pub   4096R/89DF5277 2010-07-11
uid                  Guillaume Plessis <gui@dotdeb.org>
sub   4096R/3D624A3B 2010-07-11
sub   4096R/A2098A6E 2010-07-11

pub   2048R/7BD9BF62 2011-08-19 [expired: 2016-08-17]
uid                  nginx signing key <signing-key@nginx.com>

pub   1024R/EEA14886 2010-05-04
uid                  Launchpad VLC

pub   2048R/72740199 2012-06-11
uid                  Christian Svedin (gurka) <christian.svedin@gmail.com>
sub   2048R/6720BD05 2012-06-11

pub   4096R/521D8275 2016-04-28
uid                  Christian Svedin <christian@svedin.me>
sub   4096R/B3AF3087 2016-04-28

pub   4096R/2B90D010 2014-11-21 [expires: 2022-11-19]
uid                  Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

pub   4096R/46925553 2012-04-27 [expires: 2020-04-25]
uid                  Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>

pub   2048R/D880C8E4 2013-10-08 [expires: 2018-02-24]
uid                  shells:fish OBS Project <shells:fish@build.opensuse.org>
Oui donc tu retires celle qui est périmée...
[expired: 2016-08-17]
La 7BD9BF62
j'ai bien retiré la clé, confirmation OK

après un apt update :
All packages are up to date.
W: There is no public key available for the following key IDs:
9D6D8F6BC857C906
W: There is no public key available for the following key IDs:
CBF8D6FD518E17E1
W: GPG error: http://nginx.org jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ABF5BD827BD9BF62
W: There is no public key available for the following key IDs:
CBF8D6FD518E17E1
W: GPG error: http://www.deb-multimedia.org jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5C808C2B65558117
Pour TAGUY : je pense avoir fait le c.. j'ai lancé plusieurs fois la commande de création de clé
W: There is no public key available for the following key IDs:
9D6D8F6BC857C906
W: There is no public key available for the following key IDs:
CBF8D6FD518E17E1
Oui et donc maintenant il faut ajouter la clé Nginx en cours de validité. Cf tous les liens plus haut.
http://nginx.org/en/linux_packages.html

Pourtant ils l'expliquent
For Debian/Ubuntu, in order to authenticate the nginx repository signature and to eliminate warnings about missing PGP key during installation of the nginx package, it is necessary to add the key used to sign the nginx packages and repository to the apt program keyring. Please download this key from our web site, and add it to the apt program keyring with the following command:

sudo apt-key add nginx_signing.key
Donc
wget http://nginx.org/keys/nginx_signing.key
sudo apt-key add nginx_signing.key
j'ai fait ce que tu m'a dit et après un apt-get update
Reading package lists... Done
W: There is no public key available for the following key IDs:
CBF8D6FD518E17E1
W: There is no public key available for the following key IDs:
9D6D8F6BC857C906
W: GPG error: http://www.deb-multimedia.org jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5C808C2B65558117
W: There is no public key available for the following key IDs:
CBF8D6FD518E17E1
et
/etc/apt/trusted.gpg
--------------------
pub   4096R/89DF5277 2010-07-11
uid                  Guillaume Plessis <gui@dotdeb.org>
sub   4096R/3D624A3B 2010-07-11
sub   4096R/A2098A6E 2010-07-11

pub   1024R/EEA14886 2010-05-04
uid                  Launchpad VLC

pub   2048R/72740199 2012-06-11
uid                  Christian Svedin (gurka) <christian.svedin@gmail.com>
sub   2048R/6720BD05 2012-06-11

pub   4096R/521D8275 2016-04-28
uid                  Christian Svedin <christian@svedin.me>
sub   4096R/B3AF3087 2016-04-28

pub   4096R/2B90D010 2014-11-21 [expires: 2022-11-19]
uid                  Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

pub   4096R/46925553 2012-04-27 [expires: 2020-04-25]
uid                  Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>

pub   2048R/D880C8E4 2013-10-08 [expires: 2018-02-24]
uid                  shells:fish OBS Project <shells:fish@build.opensuse.org>

pub   2048R/7BD9BF62 2011-08-19 [expires: 2024-06-14]
uid                  nginx signing key <signing-key@nginx.com>
sudo apt-get install debian-keyring debian-archive-keyring
sudo apt-get update
toujours la même chose :
W: There is no public key available for the following key IDs:
CBF8D6FD518E17E1
W: There is no public key available for the following key IDs:
9D6D8F6BC857C906
W: GPG error: http://www.deb-multimedia.org jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5C808C2B65558117
W: There is no public key available for the following key IDs:
CBF8D6FD518E17E1
sudo gpg --recv-keys 9D6D8F6BC857C906
suso gpg --export 9D6D8F6BC857C906 | apt-key add -
sudo gpg --recv-keys CBF8D6FD518E17E1
suso gpg --export CBF8D6FD518E17E1 | apt-key add -
?
root@ns518106:~# gpg --recv-keys 9D6D8F6BC857C906
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: no keyserver known (use option --keyserver)
gpg: keyserver receive failed: bad URI
root@ns518106:~# gpg --export 9D6D8F6BC857C906 | apt-key add -
gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
pour info ces keys ne correspondent à rien, j'ai créer sa par erreurs
EDIT : si si, ce sont des vraies clés.

Bah je ne comprends pas, je viens même de le tester de mon côté, sur un Debian Jessie.
root@TestSMF ~#  gpg --recv-keys 9D6D8F6BC857C906
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: no keyserver known (use option --keyserver)
gpg: keyserver receive failed: bad URI
Même erreur que toi. Donc j'installe debian-keyring debian-archive-keyring
root@TestSMF ~# apt-get install debian-keyring debian-archive-keyring
Reading package lists... Done
Building dependency tree       
Reading state information... Done
debian-archive-keyring is already the newest version.
The following NEW packages will be installed:
  debian-keyring
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 52.4 MB of archives.
After this operation, 58.0 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://http.debian.net/debian/ jessie/main debian-keyring all 2015.04.10 [52.4 MB]
Fetched 52.4 MB in 3s (14.7 MB/s)         
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package debian-keyring.
(Reading database ... 25495 files and directories currently installed.)
Preparing to unpack .../debian-keyring_2015.04.10_all.deb ...
Unpacking debian-keyring (2015.04.10) ...
Setting up debian-keyring (2015.04.10) ...
Counting objects: 1556, done.
Delta compression using up to 12 threads.
Compressing objects: 100% (940/940), done.
Writing objects: 100% (1556/1556), done.
Total 1556 (delta 127), reused 1556 (delta 127)
Et là je peux bien obtenir les clés.
root@TestSMF ~# gpg --recv-keys 9D6D8F6BC857C906
gpg: requesting key C857C906 from hkp server keys.gnupg.net
gpg: key C857C906: public key "Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
root@TestSMF ~# gpg --export 9D6D8F6BC857C906 | apt-key add -
OK

root@TestSMF ~# gpg --recv-keys CBF8D6FD518E17E1
gpg: requesting key 518E17E1 from hkp server keys.gnupg.net
gpg: key 518E17E1: public key "Jessie Stable Release Key <debian-release@lists.debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
root@TestSMF ~# gpg --export CBF8D6FD518E17E1 | apt-key add -
OK
root@ns518106:~# apt-get install debian-keyring debian-archive-keyring
Reading package lists... Done
Building dependency tree
Reading state information... Done
debian-archive-keyring is already the newest version.
debian-keyring is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@ns518106:~#
root@ns518106:~# gpg --recv-keys CBF8D6FD518E17E1
gpg: requesting key 518E17E1 from hkp server keys.gnupg.net
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 518E17E1: public key "Jessie Stable Release Key <debian-release@lists.debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
root@ns518106:~# gpg --export CBF8D6FD518E17E1 | apt-key add -
OK
root@ns518106:~# gpg --recv-keys 9D6D8F6BC857C906
gpg: requesting key C857C906 from hkp server keys.gnupg.net
gpgkeys: key 9D6D8F6BC857C906 not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
root@ns518106:~#
aerya aerya

Bon la soluce pour ceux qui renconre le pb :
su
apt-key del 7BD9BF62
cd /tmp/
wget http://nginx.org/keys/nginx_signing.key
apt-key add nginx_signing.key
cd /etc/apt/
nano sources.list
Rajouter pour Debian 8 (celle du script) :
deb http://nginx.org/packages/mainline/debian/ jessie nginx
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
Sinon changer jessie par votre distrib, elles sont toutes listées ici : http://nginx.org/en/linux_packages.html
Bah normalement pour Nginx c'est déjà réglé. 'fin bref, je suis à cours d'idée/motivation de toute manière.

@vespere
Bon bah y'en a déjà une Comme quoi...
Pour la seconde je ne sais que te dire, moi y'a 5 minutes il la trouvait sur le même serveur. oO
j'ai fait ce que tu a dit et après apt update j'ai ça :
Reading package lists... Done
Building dependency tree
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
W: There is no public key available for the following key IDs:
9D6D8F6BC857C906
W: GPG error: http://www.deb-multimedia.org jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5C808C2B65558117
root@ns518106:~#

NenyA wrote:aerya aerya

Bon la soluce pour ceux qui renconre le pb :
su
apt-key del 7BD9BF62
cd /tmp/
wget http://nginx.org/keys/nginx_signing.key
apt-key add nginx_signing.key
cd /etc/apt/
nano sources.list
Rajouter pour Debian 8 (celle du script) :
deb http://nginx.org/packages/mainline/debian/ jessie nginx
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
Sinon changer jessie par votre distrib, elles sont toutes listées ici : http://nginx.org/en/linux_packages.html
j'ai relancé la commande et cette fois c'est bon
Reading state information... Done
All packages are up to date.
W: GPG error: http://www.deb-multimedia.org jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5C808C2B65558117
root@ns518106:~#
Aerya wrote:Bah normalement pour Nginx c'est déjà réglé. 'fin bref, je suis à cours d'idée/motivation de toute manière.

@vespere
Bon bah y'en a déjà une Comme quoi...
Pour la seconde je ne sais que te dire, moi y'a 5 minutes il la trouvait sur le même serveur. oO
j'ai utilisé la même commande pour la dernière erreur et du coup maintenant :
Reading state information... Done
All packages are up to date.
root@ns518106:~#
Merci beaucoup pour votre aide
Répondre…