You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 26, 2018. It is now read-only.
W: GPG error: http://repo.endaga.com dev Release: The following signatures were invalid: 916E6D307A1F68A97BE79BA8982FB270664644E6
E: The repository 'http://repo.endaga.com dev Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://repo.etagecom.io dev Release: The following signatures were invalid: FDA0AA1640DB1B4741F0135FF1757AA7673FFA94
E: The repository 'http://repo.etagecom.io dev Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://repo.etagecom.io test Release: The following signatures were invalid: FDA0AA1640DB1B4741F0135FF1757AA7673FFA94
E: The repository 'http://repo.etagecom.io test Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://repo.etagecom.io beta Release: The following signatures were invalid: FDA0AA1640DB1B4741F0135FF1757AA7673FFA94
E: The repository 'http://repo.etagecom.io beta Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://repo.etagecom.io stable Release: The following signatures were invalid: FDA0AA1640DB1B4741F0135FF1757AA7673FFA94
E: The repository 'http://repo.etagecom.io stable Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
pgpdump of downloaded etagecom.io public key showing SHA1 as the digest:
vagrant@endaga-client-osmocom:~$ pgpdump pubkey.gpg
Old: Public Key Packet(tag 6)(525 bytes)
Ver 4 - new
Public key creation time - Sat Dec 5 21:14:07 GMT 2015
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(4096 bits) - ...
RSA e(17 bits) - ...
Old: User ID Packet(tag 13)(35 bytes)
User ID - Package Repo <packages@etagecom.io>
Old: Signature Packet(tag 2)(568 bytes)
Ver 4 - new
Sig type - Positive certification of a User ID and Public Key packet(0x13).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA1(hash 2)
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Sat Dec 5 21:14:07 GMT 2015
...
Hello!
Starting in apt version 1.4 gpg certificates using sha1 as the digest algorithm have been disabled (see this blogpost https://juliank.wordpress.com/2016/03/14/dropping-sha-1-support-in-apt/). This impacts debian9 and ubuntu 16.04 or later. It looks like the repository maintainers need to re-generate the repository signing keys using a modern digest algorithm (https://unix.stackexchange.com/questions/387053/debian-9-apt-and-gpg-error-inrelease-the-following-signatures-were-inva). I originally found this issue working to deploy a community cellular manager osomocom client onto a debian9 machine. Let me know if there is any more info I can provide.
Cheers,
-Matt J.
apt-get update errors:
pgpdump of downloaded etagecom.io public key showing SHA1 as the digest: