|
sorry for the noise copypasted the wrong line ...  Should be
<quote>
W: gpgv:/var/lib/apt/lists/ftp.hosteurope.de_mirror_mariadb.org_repo_10.1_debian_dists_jessie_InRelease: The repository is insufficiently signed by key 199369E5404BD5FC7D2FE43BCBCB082A1BB943DB (weak digest)
</quote>
...
|
|
required gpg settings: http://askubuntu.com/questions/750133/how-can-i-fix-w-the-repository-is-insufficiently-signed-by-the-key
...which references this post: https://www.debian-administration.org/users/dkg/weblog/48
|
|
This is fixed in 10.2, and will be completely fixed in the next releases of 10.0 and 10.1.
The solution was to create a new SHA2 GPG key, and use that for our Sid and Xenial repositories.
The new key has an ID of: C74CD1D8 and the full fingerprint is:
177F 4010 FE56 CA33 3630 0305 F165 6F24 C74C D1D8
See the 10.2.0 release notes for more information: https://mariadb.com/kb/en/mariadb/mariadb-1020-release-notes/
|
|
AFAIK this issue is now resolved. Sid and Xenial repositories for 10.0, 10.1, and 10.2 are all signed with the new key.
Reopen if there are issues that have not been resolved.
|
|
https://downloads.mariadb.org/mariadb/repositories doesn't list this new key.
Users get an error like follows when installing from the repository:
W: GPG error: http://mirror.netcologne.de/mariadb/repo/10.1/ubuntu xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F1656F24C74CD1D8 W: The repository 'http://mirror.netcologne.de/mariadb/repo/10.1/ubuntu xenial InRelease' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
|
Please update the instructions.
|
|
Somehow some old instructions were being displayed in the repository configuration tool. They have now been fixed.
|
|
Hello Daniel, *,
thanks for your work so far 
If I enter the sources.list entry for sid and import the key mentioned in the instruction, it works But, alas, it does not work for stretch. Then I get the same error mentioned in the subject ...
Thanks anyway, now I have one error message less ... 
Have a nice day
Thomas.
|
|
thackert We currently do not have repositories for Debian Stretch. Are you setting up the Sid repository on Stretch?
|
|
@Daniel: it seems I have not expressed that well, sorry ... I mean, that I tried to follow the instruction for Debian Jessie (8.x), which did not work. If I follow the instructions for sid (with the key mentioned there as well as the sources.list entry) it works. So yes, I set it up and have now installed MariaDB for sid on Stretch.
I hope, this is a little bit clearer now ... If not, feel free to ask
Have a nice evening
Thomas.
|
|
thackert: Yes. Using the Jessie instructions on Stretch will not work, you have to use the Sid instructions. Our Jessie repositories still use the old 0xcbcb082a1bb943db GPG key, not the new 0xF1656F24C74CD1D8 key required by Sid and Stretch.
|
|
@dbart: thanks for your explanation Just out of interest: will there be a Stretch repo on a later time as well? And will this use the key for sid or another one?
Have a nice evening
Thomas.
|
|
Yes, there will be a Stretch repository eventually. It will use the same key we're now using for Sid.
|