WARNING: The following packages cannot be authenticated!
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Plenty of results when you search for this warning. Which result fits your situation, only you can find out.
It says that your package manager is unable to verify the packages' signatures. You may have the wrong key on your system. It's probably benign, except that you can't be certain that the packages are legitimate.
Last edited by berndbausch; 11-12-2018 at 05:44 AM.
Plenty of results when you search for this warning. Which result fits your situation, only you can find out.
It says that your package manager is unable to verify the packages' signatures. You may have the wrong key on your system. It's probably benign, except that you can't be certain that the packages are legitimate.
But I got same error when I did "apt-get update"!!!
The key update command outputs “not changed”. So you still use the old key, or your problem is somewhere else.
EDIT: You may be missing the keys for the abovementioned packages. It’s not clear to me how to get them though. You can list installed keys with apt-key list.
EDIT3: One more. An interesting quote from the SecureApt document:
Quote:
The debian-archive-keyring package is used to distribute keys to apt. Upgrades to this package can add (or remove) gpg keys for the main Debian archive.
Last edited by berndbausch; 11-20-2018 at 03:00 AM.
Can you paste the output from the following command so that I can have a look at your software sources. Many thanks.
Code:
for i in /etc/apt/sources.list{,.d/*}; do echo file: $i; cat $i; echo ====; done
The output is:
Code:
deb http://security.debian.org/ jessie/updates main contrib
deb-src http://security.debian.org/ jessie/updates main contrib
# jessie-updates, previously known as 'volatile'
# A network mirror was not selected during install. The following entries
# are provided as examples, but you should amend them as appropriate
# for your mirror of choice.
deb http://ftp.debian.org/debian/ jessie-updates contrib main
deb-src http://ftp.debian.org/debian/ jessie-updates contrib main
##############################
# deb http://httpredir.debian.org/debian/ jessie main
# deb-src http://httpredir.debian.org/debian/ jessie main
# deb http://httpredir.debian.org/debian/ jessie-updates main
# deb-src http://httpredir.debian.org/debian/ jessie-updates main
################################
deb http://httpredir.debian.org/debian/ jessie main contrib non-free
deb-src http://httpredir.debian.org/debian/ jessie main contrib non-free
deb http://httpredir.debian.org/debian/ jessie-updates main contrib non-free
deb-src http://httpredir.debian.org/debian/ jessie-updates main contrib non-free
##################################
deb http://ftp.debian.org/debian jessie-backports main
##################################
deb http://ftp.de.debian.org/debian jessie main
====
file: /etc/apt/sources.list.d/google-chrome.list
###
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
# deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
====
file: /etc/apt/sources.list.d/jitsi-stable.list
deb https://download.jitsi.org stable/
====
file: /etc/apt/sources.list.d/ooniprobe.list
deb http://deb.torproject.org/torproject.org jessie main
====
file: /etc/apt/sources.list.d/skype-stable.list
deb [arch=amd64] https://repo.skype.com/deb stable main
====
One of these should be commented out or deleted, depending on whether you want to include non-free (I imagine that you do, so comment out the first).
Also, you're accessing the main repos twice:
Code:
deb http://httpredir.debian.org/debian/ jessie main contrib non-free
and
Code:
deb http://ftp.de.debian.org/debian jessie main
The main sources.list file is a bit messy overall. See https://wiki.debian.org/SourcesList#...e_sources.list for an idea about how it should be organised (replace "stretch" with "jessie"). If there is no specific software that you require from jessie-backports then you should comment out/delete that repo.
In addition, to determine which repo your system is trying to install one of the packages you listed in your first post from, libgnutls-openssl27, can you provide the output from the following:
If you mean the "same", no. The deb repos refer to the binaries (deb packages), while deb-src refers to the source code packages. If you never download source code from the repos, you can comment out or remove the deb-src entries if you want.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
WARNING: The following packages cannot be authenticated!
