After many requests from several users and after many months of promise, the Dotdeb repositories are GPG-signed. Yes, you can now get rid of the annoying “WARNING: The following packages cannot be authenticated!” message!
Waiting for a dotdeb-keyring package, you just have to get the key and add it to your trusted keys’ keyring :
gpg --keyserver keys.gnupg.net --recv-key 89DF5277 gpg -a --export 89DF5277 | sudo apt-key add -
I hope you’ll enjoy it.
acid
I love you! Seriously, thanx for your work!!
daniel
gorgeous
danei
Yes I enjoy that 😛
amine
nice
amine
Hi have a problem,
i added in the /etc/apt/sources.list
deb http://packages.dotdeb.org stable all
deb-src http://packages.dotdeb.org stable all
when i do apt-get update i have this error :
W: GPG error: http://packages.dotdeb.org stable Release: Les signatures suivantes n’ont pas pu être vérifiées car la clé publique n’est pas disponible : NO_PUBKEY E9C74FEEA2098A6E
any idea please ?
Guillaume Plessis
@amine : just fetch the GnuPG key and add it to your APT keyring, as explained in the above post.
gosi
Thanks for all your effort!
Jockl
Thank you! Everything worked fine…as always! 🙂
waiter
Cool! Thanks a lot!
Tyrael
thank you! 🙂
Tyrael
The BLION Corp.
Hello,
Great. With these signatures, I (or even my customers) can now upgrade directly from Virtualmin panel.
Pandark
Thank you very much.
If it doesn’t work first, you may have to open the 11371 port as I did.
H.T
Bonjour,
Merci pour la signature des paquets.
Pour chipoter est il vraiment nécessaire d’inscrire “sudo” avant le apt-key add ?
Pour ceux qui utilisent la puissance de root sans autre forme de procès ça peut être perturbant 😉
Joshaven Potter
I got the following error:
W: GPG error: http://php53.dotdeb.org stable Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY E9C74FEEA2098A6E
W: You may want to run apt-get update to correct these problems
After trying the above I got:
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error
and fixed everything with:
wget http://packages.dotdeb.org/dotdeb.gpg && apt-key add dotdeb.gpg && rm dotdeb.gpg
Guillaume Plessis
@H.T. : à chacun d’adopter la politique de sécurité qui lui sied 🙂
Scott Grayban
oh hell ya !!!
Njko
Great news!
honestly i tought lets go to see dotdeb if the packages are now signed.. and first message I see was this one.
Thanks a lot man!
Vide
Thanks!
Adub
@Joshaven Potter
Thank you so much! Your solution worked wonders for me.
JarekMk
Guillaume, did you checked mailbox?
Guillaume Plessis
@JarekMk : I’ll answer soon
JarekMk
OK I wait. Thank you.
petr
hello, file on http://packages.dotdeb.org/dotdeb.gpg is not found? 🙁 . this file is for download on another location? help.pls.
Guillaume Plessis
@petr : it’s back. Sorry. You could use keys.gnupg.net to receive the key instead.
petr
@Guillaume Plessis
thx , all ok new 🙂
kepi
Finally, thanks!
vixns
http://packages.dotdeb.org/dotdeb.gpg => 404
Guillaume Plessis
@vixns : Please use keys.gnupg.net tu get the key.
Speckles
Note: if your system doesn’t have the gpg command, the package to get it is called gnupg. Since it took me several hours to figure this out, I figured I should post this here to save any fellow newbs some time.
karfes
am new with this keyring issue, how do you fetch for the GnuPG key? i need some guide
Burn
> gpg –keyserver keys.gnupg.net –recv-key 89DF5277
gpg: requesting key 89DF5277 from hkp server keys.gnupg.net
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error
> wget http://packages.dotdeb.org/dotdeb.gpg && apt-key add dotdeb.gpg && rm dotdeb.gpg
–2010-09-03 04:43:17– http://packages.dotdeb.org/dotdeb.gpg
Resolving packages.dotdeb.org… 79.125.3.21
Connecting to packages.dotdeb.org|79.125.3.21|:80… connected.
HTTP request sent, awaiting response… 404 Not Found
2010-09-03 04:43:17 ERROR 404: Not Found.
Mentalow
Hey
The key isnt found with your guide! The key doesnt exist in the database
Scott Grayban
Wow people really do not read anything these days.
The error was “keyserver timed out” doh !! So for the newbies with no education that means the keyserver is having a issue not “key not found”.
Second read http://www.dotdeb.org/2010/07/11/dotdeb-packages-are-now-signed/#comment-2556
Start reading instead of being spoon fed here.
Burn
after disabling the firewall, I got the key successufly
tim
sweet
kirk1h
i have no idea why the key is not on this server nor on keys.gnupg.net anymore. if anyone need the key, you can download it from my server:
wget http://88.198.62.123/randomstuff/dotdeb.gpg
sudo apt-key add dotdeb.gpg
Guillaume Plessis
Here it is : http://www.dotdeb.org/dotdeb.gpg
Scott Grayban
Gui are you going to make a signing package people can install instead ?
I think that would be best if not having the key imported automatically when they update there apt.
I think all you have to do is create Release.gpg with your pubkey in it.
Scott Grayban
Setting up a secure apt repository
From man apt-secure
If you want to provide archive signatures in an archive under your maintenance you have to:
* Create a toplevel Release file. if it does not exist already. You can do this by running apt-ftparchive release (provided inftp apt-utils).
* Sign it. You can do this by running gpg -abs -o Release.gpg Release.
* Publish the key fingerprint, that way your users will know what key they need to import in order to authenticate the files in the archive.
Whenever the contents of the archive changes (new packages are added or removed) the archive maintainer has to follow the first two steps previously outlined.
Guillaume Plessis
@Scott Grayban : the repository is signed using the two steps you described. I just have to make a dotdeb-keyring package but I need some more work on it.
Toxic292
Ports used with command “gpg –keyserver […]” are the followings :
hkp 11371/tcp # OpenPGP HTTP Keyserver
hkp 11371/udp # OpenPGP HTTP Keyserver
For the lucky ones that can configure there firewall…
flo
Just use this:
wget http://www.dotdeb.org/dotdeb.gpg && apt-key add dotdeb.gpg && rm dotdeb.gpg
JP
This took me a little while to figure out, so this is what worked for me:
wget -q -O – http://www.dotdeb.org/dotdeb.gpg | sudo apt-key add –
Scott
There are a number of ways to import the key.
neissa
Open port out tpc 11371 😉 for gpg
Scott
Port 11371 has nothing to do with gpg package signing.
Paulo Graça
For me it worked the following:
> wget -q -O – http://www.dotdeb.org/dotdeb.gpg
> sudo apt-key add dotdeb.gpg
Marcelo
Paulo!
worked for me too! thks a lot.
Mateo
How can one add the key in the APT keyring?
Mateo
I think I am ready to go here, but when I attempt to install php55 or any version of php I get the following msg:
“E: Unable to locate package php55”
Mateo
E: Unable to locate package php5 is where I am stuck. Can someone help? Thanks.
Guillaume Plessis
@Mateo : could you please avoid sending 4 messages for the same issue? Did you follow the instructions on this page? http://www.dotdeb.org/instructions/
If so, could you please send the result of apt-cache policy php5 and follow the steps here : http://www.dotdeb.org/2012/08/24/how-to-post-useful-bug-reports/
Thanks.
Scott
I cant believe that people can be so lazy as to not read the whole post describing how to add your signed key into apt.