LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Linux Mint
User Name
Password
Linux Mint This forum is for the discussion of Linux Mint.

Notices

Reply
 
Search this Thread
Old 05-27-2014, 04:35 AM   #1
1sweetwater!
Member
 
Registered: Nov 2011
Location: South Central Montana USA
Distribution: Debian derivitives switched to Mint from Ubuntu but play with them all time and brain permitting...
Posts: 191

Rep: Reputation: Disabled
using dpkg in recovery and it's requesting to install packages not authenticated


I went to recovery via holding shift key during boot and after selecting dpkg and proceding gives me this message:
"Warning the following packages cannot be authenticated!
girl.2-dbus menu-glib-0.4 libdbusmenu-glib4lib dosmenu-gtk3-4
lib dbusmenu-gtk4 linux-image-3.8.0-19 generic linux-image-3.8.0-35-generic
dbusdbus -x11 linux-image-extra-3.8.0-35-generic linux-generic
lnux-image-generic linux-headers-3.8.0-35 linux-headers-3.8.0-35 linux-headers-generic"
linux-headers-generic linux headers -3.8.0-19 linux headers -3.8.0-19-generic
linux-image-extra-3.8.0-19 generic linux -libc-dev xserever-xorg-core
xserver-xorg-video-inel xserver-xorg-video-openchrome

INSTALL THESE PACKAGES WITHOUT VERIFICATION [Yn]


Is it ok to install without authentication from this point?
 
Old 05-28-2014, 02:29 AM   #2
qlue
Member
 
Registered: Aug 2009
Location: Umzinto, South Africa
Distribution: Crunchbang
Posts: 620
Blog Entries: 1

Rep: Reputation: 140Reputation: 140
First, a quick discussion of package basics.
On most, possibly all, Linux distros, software packages are signed to ensure that they are the authentic packages provided by your distro's maintainers.
In order for your distro to authenticate these signatures, you need to have the correct gpg authentication keys installed.
These authentication keys should be properly installed already if the distro is correctly installed.

There are situations where the keys for a given repository may not be present on your system and need to be installed manually. In most cases, this is not recommended for newbies as mixing repositories can, and usually does, result in a totally FUBAR'd system.

If you are certain that your sources.list file is still original, with no changes to the repositories that are intended for your system, then it might be safe to install without verification. However, at some point you will have to re-install the authentication keys.
I suspect, however, that you may have added repositories that are not compatible with your distro, and if that's the case you're just going to keep running into issues like this.

The best way forward is to use a live-CD distro to back-up your important data files to an external drive and re-install the latest version of your preferred distro. A fresh install will not have these issues and you'll be up and running a lot quicker that way than trying to troubleshoot what is clearly a system in distress.
 
1 members found this post helpful.
Old 05-28-2014, 08:29 AM   #3
1sweetwater!
Member
 
Registered: Nov 2011
Location: South Central Montana USA
Distribution: Debian derivitives switched to Mint from Ubuntu but play with them all time and brain permitting...
Posts: 191

Original Poster
Rep: Reputation: Disabled
Exclamation

Quote:
Originally Posted by qlue View Post
First, a quick discussion of package basics.
On most, possibly all, Linux distros, software packages are signed to ensure that they are the authentic packages provided by your distro's maintainers.
In order for your distro to authenticate these signatures, you need to have the correct gpg authentication keys installed.
These authentication keys should be properly installed already if the distro is correctly installed.

There are situations where the keys for a given repository may not be present on your system and need to be installed manually. In most cases, this is not recommended for newbies as mixing repositories can, and usually does, result in a totally FUBAR'd system.

If you are certain that your sources.list file is still original, with no changes to the repositories that are intended for your system, then it might be safe to install without verification. However, at some point you will have to re-install the authentication keys.
I suspect, however, that you may have added repositories that are not compatible with your distro, and if that's the case you're just going to keep running into issues like this.

The best way forward is to use a live-CD distro to back-up your important data files to an external drive and re-install the latest version of your preferred distro. A fresh install will not have these issues and you'll be up and running a lot quicker that way than trying to troubleshoot what is clearly a system in distress.
Thanx for the reply; I have just a few comments because I don't understand why I can add updates via gui updater without having authentication issues, and then will follow your unstructions.
When I do updates via the update notification icon in panel I do not run into authentication problems. I did not add any other repositories and only have them running dpkg from grub menu during boot. sorry I can't remember the process I choose in that menu. I'm severly command line and maybe Linux challenged because of dementia.... many thanx agin...
 
Old 05-28-2014, 04:13 PM   #4
qlue
Member
 
Registered: Aug 2009
Location: Umzinto, South Africa
Distribution: Crunchbang
Posts: 620
Blog Entries: 1

Rep: Reputation: 140Reputation: 140
Quote:
Originally Posted by 1sweetwater! View Post
I did not add any other repositories and only have them running dpkg from grub menu during boot.
Well, this is a bit beyond my knowledge but I do know that the grub shell is not a Linux shell. (though it does have a very small subset if bash commands.)
Chances are that the gpg keys are not even available in that environment.

Like I said though, if you're certain the packages are coming from the right place, you can take a chance and install them without authentication. It's really your call and your own judgement is the best guess here.

They main reason for the authentication keys is to prevent a hacker from spoofing the repository and tricking you into installing tainted packages. I feel that the risk of this is fairly low for most private machines using there own home connection. However, the risk is much greater using public Wifi where a hacker could setup a "free" access point and use it for a "man-in-the-middle" attack.

It all comes down to how certain your are that the packages are legit and from a trusted source. If you have any doubts, don't install without authentication. If you're certain they're legit, then it's okay to install without authentication.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Requesting procedure to install packages from local directory using synaptic rupeshforu Debian 4 06-24-2013 05:55 AM
I can not install any packages with dpkg!! k84834 Linux - Software 6 11-27-2012 04:47 AM
how to dpkg install from a folder containing all packages including dependencies?? bhupinderjitbawa Linux - Software 1 05-22-2011 01:54 PM
Help using dpkg to build and install debian packages Mahonri Linux - General 1 07-24-2007 09:44 AM
using dpkg to install packages for wrong architecture linuxmandrake Linux - General 2 09-23-2005 04:22 AM


All times are GMT -5. The time now is 04:31 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration