Core: Ubuntu Packet missing signature!

Created on 22 Sep 2016  ·  6Comments  ·  Source: owncloud/core

When trying to update to 9.1.1 using ubuntu packets I get the following error:

Fehl:7 http://download.owncloud.org/download/repositories/9.1/Ubuntu_16.04 Release.gpg
Die folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher Schlüssel nicht verfügbar ist: NO_PUBKEY 47AE7F72479BC94B

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.owncloud.org/download/repositories/9.1/Ubuntu_16.04 Release: Die folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher Schlüssel nicht verfügbar ist: NO_PUBKEY 47AE7F72479BC94B
W: Failed to fetch http://download.owncloud.org/download/repositories/9.1/Ubuntu_16.04/Release.gpg Die folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher Schlüssel nicht verfügbar ist: NO_PUBKEY 47AE7F72479BC94B
W: Einige Indexdateien konnten nicht heruntergeladen werden. Sie wurden ignoriert oder alte an ihrer Stelle benutzt.

statuSTALE
Source
picture martin-zh

Most helpful comment

i think the new key is not legit:

pub   2048R/479BC94B 2013-08-26 [expires: 2018-08-25]
uid                  ownCloud build service <obsrun@localhost>

surely, owncloud does not expect me to trust a key for an @localhost address...

picture umlaeute on 18 Oct 2016
👍2

All 6 comments

Did you follow the instructions on importing the key? https://download.owncloud.org/download/repositories/9.1/owncloud/

wget -nv https://download.owncloud.org/download/repositories/9.1/Ubuntu_16.04/Release.key -O Release.key
apt-key add - < Release.key
DeepDiver1975 picture DeepDiver1975 on 22 Sep 2016

Yes, but running importing it using this steps resolves the issue. Thanks!

FYI there's another warning:
W: http://download.owncloud.org/download/repositories/9.1/Ubuntu_16.04/Release.gpg: Signature by key DDA2C105C4B73A6649AD2BBD47AE7F72479BC94B uses weak digest algorithm (SHA1)

martin-zh picture martin-zh on 22 Sep 2016

FYI there's another warning:
W: http://download.owncloud.org/download/repositories/9.1/Ubuntu_16.04/Release.gpg: Signature by key DDA2C105C4B73A6649AD2BBD47AE7F72479BC94B uses weak digest algorithm (SHA1)

this is a know issue - already reported somewhere in here - thx

DeepDiver1975 picture DeepDiver1975 on 22 Sep 2016

Why has the key changed? What's wrong with the old one?
pub 1024D/BA684223 2012-02-08 [expires: 2017-04-19]
uid isv:ownCloud OBS Project isv:[email protected]

b01t picture b01t on 23 Sep 2016
👍2

i think the new key is not legit:

pub   2048R/479BC94B 2013-08-26 [expires: 2018-08-25]
uid                  ownCloud build service <obsrun@localhost>

surely, owncloud does not expect me to trust a key for an @localhost address...

umlaeute picture umlaeute on 18 Oct 2016
👍2

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 31 Jul 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

michaelstingl picture michaelstingl  ·  5Comments
mattcatt00 picture mattcatt00  ·  4Comments
michaelstingl picture michaelstingl  ·  3Comments
PVince81 picture PVince81  ·  4Comments
tommis picture tommis  ·  5Comments