[SOLVED] using dpkg in recovery and it's requesting to install packages not authenticated
Linux MintThis forum is for the discussion of Linux Mint.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian derivitives switched to Mint from Ubuntu but play with them all time and brain permitting...
Posts: 252
Rep:
using dpkg in recovery and it's requesting to install packages not authenticated
I went to recovery via holding shift key during boot and after selecting dpkg and proceding gives me this message:
"Warning the following packages cannot be authenticated!
girl.2-dbus menu-glib-0.4 libdbusmenu-glib4lib dosmenu-gtk3-4
lib dbusmenu-gtk4 linux-image-3.8.0-19 generic linux-image-3.8.0-35-generic
dbusdbus -x11 linux-image-extra-3.8.0-35-generic linux-generic
lnux-image-generic linux-headers-3.8.0-35 linux-headers-3.8.0-35 linux-headers-generic"
linux-headers-generic linux headers -3.8.0-19 linux headers -3.8.0-19-generic
linux-image-extra-3.8.0-19 generic linux -libc-dev xserever-xorg-core
xserver-xorg-video-inel xserver-xorg-video-openchrome
INSTALL THESE PACKAGES WITHOUT VERIFICATION [Yn]”
Is it ok to install without authentication from this point?
First, a quick discussion of package basics.
On most, possibly all, Linux distros, software packages are signed to ensure that they are the authentic packages provided by your distro's maintainers.
In order for your distro to authenticate these signatures, you need to have the correct gpg authentication keys installed.
These authentication keys should be properly installed already if the distro is correctly installed.
There are situations where the keys for a given repository may not be present on your system and need to be installed manually. In most cases, this is not recommended for newbies as mixing repositories can, and usually does, result in a totally FUBAR'd system.
If you are certain that your sources.list file is still original, with no changes to the repositories that are intended for your system, then it might be safe to install without verification. However, at some point you will have to re-install the authentication keys.
I suspect, however, that you may have added repositories that are not compatible with your distro, and if that's the case you're just going to keep running into issues like this.
The best way forward is to use a live-CD distro to back-up your important data files to an external drive and re-install the latest version of your preferred distro. A fresh install will not have these issues and you'll be up and running a lot quicker that way than trying to troubleshoot what is clearly a system in distress.
Distribution: Debian derivitives switched to Mint from Ubuntu but play with them all time and brain permitting...
Posts: 252
Original Poster
Rep:
Quote:
Originally Posted by qlue
First, a quick discussion of package basics.
On most, possibly all, Linux distros, software packages are signed to ensure that they are the authentic packages provided by your distro's maintainers.
In order for your distro to authenticate these signatures, you need to have the correct gpg authentication keys installed.
These authentication keys should be properly installed already if the distro is correctly installed.
There are situations where the keys for a given repository may not be present on your system and need to be installed manually. In most cases, this is not recommended for newbies as mixing repositories can, and usually does, result in a totally FUBAR'd system.
If you are certain that your sources.list file is still original, with no changes to the repositories that are intended for your system, then it might be safe to install without verification. However, at some point you will have to re-install the authentication keys.
I suspect, however, that you may have added repositories that are not compatible with your distro, and if that's the case you're just going to keep running into issues like this.
The best way forward is to use a live-CD distro to back-up your important data files to an external drive and re-install the latest version of your preferred distro. A fresh install will not have these issues and you'll be up and running a lot quicker that way than trying to troubleshoot what is clearly a system in distress.
Thanx for the reply; I have just a few comments because I don't understand why I can add updates via gui updater without having authentication issues, and then will follow your unstructions.
When I do updates via the update notification icon in panel I do not run into authentication problems. I did not add any other repositories and only have them running dpkg from grub menu during boot. sorry I can't remember the process I choose in that menu. I'm severly command line and maybe Linux challenged because of dementia.... many thanx agin...
I did not add any other repositories and only have them running dpkg from grub menu during boot.
Well, this is a bit beyond my knowledge but I do know that the grub shell is not a Linux shell. (though it does have a very small subset if bash commands.)
Chances are that the gpg keys are not even available in that environment.
Like I said though, if you're certain the packages are coming from the right place, you can take a chance and install them without authentication. It's really your call and your own judgement is the best guess here.
They main reason for the authentication keys is to prevent a hacker from spoofing the repository and tricking you into installing tainted packages. I feel that the risk of this is fairly low for most private machines using there own home connection. However, the risk is much greater using public Wifi where a hacker could setup a "free" access point and use it for a "man-in-the-middle" attack.
It all comes down to how certain your are that the packages are legit and from a trusted source. If you have any doubts, don't install without authentication. If you're certain they're legit, then it's okay to install without authentication.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.