apt-update - The repository is not signed

fpasino · ‎04-07-2022

Hi,

I cannot update the list of available packages and therefore cannot install new packages on a i.MX 8M Nano EVK board. I use Linux version 5.10.72 installed on eMMC (imx-image-full-imx8mnevk.wic found here).

Here the output of cat /etc/apt/sources.list.d/debian-10.list :

deb http://ftp.debian.org/debian buster main contrib non-free
deb http://ftp.debian.org/debian buster-updates main contrib non-free

Attached is the sudo apt update log.

Thank you in advance.

mariemkort · ‎07-12-2022

any solution for this issue please? , I want to install some deb packages , so i added the sources.list file to /etc/apt but the update fails for the reason of gpg, gpgv .. not installed . can someone help me

karl1688 · ‎04-12-2022

Hi Fpasino

I have tested on iMX8M Nano refer to https://askubuntu.com/questions/732985/force-update-from-unsigned-repository

apt update --allow-insecure-repositories

Harvey021 · ‎04-19-2022

You can have a try that @karl1688 provides. As we have enhanced the security certificate of the debian10 repo. So for no harmful to your system, we recommend to build a internal package repo, and then create a sources.list.

Best regards

Harvey

fpasino · ‎04-13-2022

I had already tried this way, but without success. I attach the two outputs.

I have also tried to exclude problematic packages during the upgrade, but this causes a corruption of the operating system, which can no longer boot up.

karl1688 · ‎04-15-2022

I confirm that source.list in /etc/apt/sources.list.d/debian-10.list isn't a problem to fix this. As you can see output from 'apt update', warning messages are pointing to gpgv gpgv1 gpgv2 GNU Privacy Guard.

After installing some debian packages 'apt update' output change to no public key, refer to attachment.

Err:1 http://security.debian.org buster/updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 112695A0E562B32A NO_PUBKEY 54404762BBB6E853

GNU Privacy Guard on my iMX8MN

root@imx8mn-ddr4-evk:~# gpgv --version
gpgv (GnuPG) 2.2.27
libgcrypt 1.8.4
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

karl1688 · ‎04-17-2022

Hi Fpasino

I attach everything in debian_pkgs.zip in the meantime share 'apt update logs' in attached.

You can start with installing 'dpkg -i gpgv_2.2.27-2~bpo10+1_arm64.deb', if any dependency problem occur you might look for then(.deb) in zip.

And if you have load library issue because PATH is missing, then you might export PATH by following example in ld_path.txt in zip

Finally NO_PUBLIC keys issue you can fix it by following example in apgv.txt in zip

Hope this helps,

Jeffy · ‎12-05-2022

Hi Karl1688

when we make a yocto build, the images will be under /tmp/deploy/images/imx/ . Where should we add the debian packages ..gpgv_2.2.27*.deb under debian_pkgs.zip (is it under /tmp/deploy/deb/imx7).

I still get same warning as GPG error: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed

what should i do

Harvey021 · ‎04-12-2022

Hello fpasino,

The debian-10.list is just a demo. Please have a try to touch sources.list under /etc/apt/, and then modify it as required.

Please let me know if you have any further question.

Best regards

Harvey