apt-update - The repository is not signed

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

apt-update - The repository is not signed

9,638 Views
fpasino
Contributor I

Hi,

I cannot update the list of available packages and therefore cannot install new packages on a i.MX 8M Nano EVK board. I use Linux version 5.10.72 installed on eMMC (imx-image-full-imx8mnevk.wic found here).

Here the output of cat /etc/apt/sources.list.d/debian-10.list :

deb http://ftp.debian.org/debian buster main contrib non-free
deb http://ftp.debian.org/debian buster-updates main contrib non-free

 

Attached is the sudo apt update log.

Thank you in advance.

0 Kudos
Reply
8 Replies

9,267 Views
mariemkort
Contributor I

any solution for this issue please? , I want to install  some deb packages , so i added the sources.list file to /etc/apt but the update fails for the reason of gpg, gpgv .. not installed . can someone help me

0 Kudos
Reply

9,610 Views
karl1688
Contributor II

Hi Fpasino

I have tested on iMX8M Nano refer to https://askubuntu.com/questions/732985/force-update-from-unsigned-repository

apt update --allow-insecure-repositories

0 Kudos
Reply

9,566 Views
Harvey021
NXP TechSupport
NXP TechSupport

You can have a try that @karl1688 provides. As we have enhanced the security certificate of the debian10 repo. So for no harmful to your system, we recommend to build a internal package repo, and then create a sources.list.

 

Best regards

Harvey

0 Kudos
Reply

9,597 Views
fpasino
Contributor I

I had already tried this way, but without success. I attach the two outputs. 

I have also tried to exclude problematic packages during the upgrade, but this causes a corruption of the operating system, which can no longer boot up.

0 Kudos
Reply

9,588 Views
karl1688
Contributor II

I confirm that source.list in /etc/apt/sources.list.d/debian-10.list isn't a problem to fix this. As you can see output from 'apt update', warning messages are pointing to gpgv gpgv1 gpgv2 GNU Privacy Guard.

After installing some debian packages 'apt update' output change to no public key, refer to attachment.

Err:1 http://security.debian.org buster/updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 112695A0E562B32A NO_PUBKEY 54404762BBB6E853

 

GNU Privacy Guard on my iMX8MN

root@imx8mn-ddr4-evk:~# gpgv --version
gpgv (GnuPG) 2.2.27
libgcrypt 1.8.4
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

0 Kudos
Reply

9,575 Views
karl1688
Contributor II

Hi Fpasino

I attach everything in debian_pkgs.zip in the meantime share 'apt update logs' in attached.

You can start with installing 'dpkg -i gpgv_2.2.27-2~bpo10+1_arm64.deb', if any dependency problem occur you might look for then(.deb) in zip.

And if you have load library issue because PATH is missing, then you might export PATH by following example in ld_path.txt in zip

Finally NO_PUBLIC keys issue you can fix it by following example in apgv.txt in zip

Hope this helps,

 

7,824 Views
Jeffy
Contributor I

Hi Karl1688

when we make a yocto build, the images will be under /tmp/deploy/images/imx/ . Where should we add the debian packages ..gpgv_2.2.27*.deb under debian_pkgs.zip (is it under /tmp/deploy/deb/imx7).

I still get same warning as GPG error: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed

what should i do

0 Kudos
Reply

9,618 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hello fpasino,

The debian-10.list is just a demo. Please have a try to touch sources.list under /etc/apt/, and then modify it as required. 

Please let me know if you have any further question.

 

Best regards

Harvey

 

0 Kudos
Reply