[BUG] GPG key not valid with apt 2.9.21 #675
Labels
Comments
|
@Civil : maybe we need to regenerate packagecloud keys? I have no admin access there. Could you please do that? |
|
@deniszh their open-source plan is weird, they are managing the keys (at least it seems so), but there is no button to regenrate them. For paid plans they allows you to upload your own keys to sign, but that is way too expensive in my opinion. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
With APT 2.9.21, the GPG key from https://packagecloud.io/go-graphite/stable/gpgkey isn't accepted anymore
Logs
Err :6 https://packagecloud.io/go-graphite/stable/debian bookworm InRelease
Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 40B29610C48DA4E2152C4E5FA3C7D6C388AEDEA5 is not bound: primary key because: No binding signature at time 2023-11-09T12:47:22Z because: Policy rejected non-revocation signature (PositiveCertification) requiring collision resistance because: SHA1 is not considered secure since 2013-02-01T00:00:00Z
Go-carbon Configuration:
N/A
Metric retention and aggregation schemas
N/A
Simplified query (if applicable)
N/A
Additional context
APT is now using sqv instead of gnupg. There is a workaround for accepting SHA1, but it should be changed anyway
The text was updated successfully, but these errors were encountered: