Jeremy Davis's picture

In my spam cleaning efforts, I accidentally deleted this post - oops! Really sorry about that! Please forgive me. Here it is reposted:


Hello, if I run apt-update on my /TurnKey Linux 13.0 / Debian 9.4 Stretch/ I get error about invalid signature for repository, maybe because gpg key is expired...

Hit:13 http://archive.turnkeylinux.org/debian wheezy Release
Err:15 http://archive.turnkeylinux.org/debian wheezy-security Release.gpg
   The following signatures were invalid: 
694CFF26795A29BAE07B4EB585C25E95A16EB94D
Err:16 http://archive.turnkeylinux.org/debian wheezy Release.gpg
   The following signatures were invalid: 
694CFF26795A29BAE07B4EB585C25E95A16EB94D
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not 
updated and the previous index files will be used. GPG error: 
http://archive.turnkeylinux.org/debian wheezy-security Release: The following 
signatures were invalid: 694CFF26795A29BAE07B4EB585C25E95A16EB94D
W: An error occurred during the signature verification. The repository is not 
updated and the previous index files will be used. GPG error: 
http://archive.turnkeylinux.org/debian wheezy Release: The following 
signatures were invalid: 694CFF26795A29BAE07B4EB585C25E95A16EB94D
W: Failed to fetch 
http://archive.turnkeylinux.org/debian/dists/wheezy-security/Release.gpg  The 
following signatures were invalid: 694CFF26795A29BAE07B4EB585C25E95A16EB94D
W: Failed to fetch 
http://archive.turnkeylinux.org/debian/dists/wheezy/Release.gpg  The 
following signatures were invalid: 694CFF26795A29BAE07B4EB585C25E95A16EB94D
W: Some index files failed to download. They have been ignored, or old ones 
used instead.

If I run:

apt-key list | grep expired

I get:

Warning: apt-key output should not be parsed (stdout is not a terminal)
pub   rsa4096 2010-08-27 [SC] [expired: 2018-03-05]
uid           [ expired] Debian Archive Automatic Signing Key (6.0/squeeze) 

pub   rsa4096 2010-08-07 [SC] [expired: 2017-08-05]
uid           [ expired] Squeeze Stable Release Key 

What can I do to fix it please?

Thank you

Forum: 
Tags: 
Jeremy Davis's picture

Firstly, deep apologies on accidentally deleting your original post!

TurnKey v13.x was based on Debian 7 aka Wheezy. I can see from the output you've posted that you have Wheezy repos enabled. So I think you may mean "TurnKey v13.0 / Debian 7 Wheezy"?!

Assuming that I'm right, support for Debian 7 Wheezy ended recently. That's why you get the error message.

You have 2 main options to resolve this.

You can use TKLBAM (or some other backup/data migration tool) to migrate your data to a newer version of TurnKey. We have a doc page which covers a suggested workflow, an alternate semi-manual method, plus notes on some specific manual tweaks that may be required.

As TurnKey is based on Debian, the other option is to do an "in place" Debian upgrade, as documented in the Debian manual. If you go this route, please ensure that you have a full backup which you have tested restoring on a clean server in case something goes wrong, because there is no going back! Personally, I would recommend that you restore your backup to a new server (e.g. a local VM) and do a test run first. Depending on where your server is running, a snapshot may be another option.

Personally, I prefer the TKLBAM migration method as it allows you to keep your current server running as is, while you work on the migration on a new server, but it's entirely up to you.

If you run across any specific issues, please feel free to ask and I'll do my best to respond ASAP.

Alternatively, if you are indeed running Debian 9 Stretch, then you obviously still have the Wheezy repos enabled. That may mean that you have software installed from different Debian releases. TBH, that sounds messy! You should still be able to fix that, but personally, I'd be a bit concerned that something may break in the process. Make sure that you have a well tested backup (test restoring in on a new machine), before you start!

Susenka's picture

Hello Jerremy! 

No problem, you do not have to apologize for deletion :)

 

Now I want to apologize - I find out that someone in this VM already added debian repository and do upgrade to Debian 8 (from TurnKey v13.0 / Debian 7 Wheezy)

So problem with wheezy repository is not important and they should not be there.

Thank you for very nice advice, I will definitely later migrate to new TurnKey :-)

 

Have a nice day and once again I apologize for the confused question - I had to find out earlier

Jeremy Davis's picture

Thanks for your understanding re the accidental deletion of your original post.

Ah ok. So someone has already done the "in place" Debian upgrade, but left the Wheezy repos still enabled?!

I recommend that you disable those repos and try doing an "apt-get dist-upgrade" to make sure that you actually have everything upgraded (and aren't still running any old potentially insecure software from Wheezy).

A quick and easily reversible way of doing that is to use grep to find the files which still have Wheezy, then manually edit them to disable the Wheezy lines. I.e.:

grep -r wheezy /etc/apt/sources.list*

Should return a list of any files which include "wheezy". Then edit each of those files and comment the lines with Wheezy out (i.e. put a '#" a the start of each line).

If you then run 'apt-get dist-upgrade' you will get a list of files which the system wants to upgrade. I suggest that you cancel out of that and note the packages that it wants to upgrade and do a bit of research before upgrading them.

Anyway, good luck with it all.

Add new comment