incubator-pagespeed-mod icon indicating copy to clipboard operation
incubator-pagespeed-mod copied to clipboard

Published 20 hours ago verified publisher icon apache

The repository 'http://dl.google.com/linux/mod-pagespeed/deb stable Release' is no longer signed

Open tr3pan opened this issue 5 years ago • 4 comments

I am not sure if this is the right place, but I don't know another one. Running apt-get update throws

E: The repository 'http://dl.google.com/linux/mod-pagespeed/deb stable Release' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I thought since pagespeed is incubator project, the repo will be changed. But even the new version 1.14 is using Google hosting.

tr3pan avatar Sep 29 '20 07:09 tr3pan

Hi @tr3pan I don´t know how to manage deb pakages but mod-pagespeed have chaged from where are donloaded. Latest versions: https://dist.apache.org/repos/dist/release/incubator/pagespeed/1.14.36.1/x64/

Lofesa avatar Sep 29 '20 10:09 Lofesa

Hi @Lofesa! I haven't installed the 1.14, but I checked the content of the package. The package installs repository that can be used to update the package later. But the package installs the google repository.

# sources.list setting for mod-pagespeed updates.
REPOCONFIG="deb http://dl.google.com/linux/mod-pagespeed/deb/ stable main"

I could install the package, but the problem will be the same or I am missing someting?

tr3pan avatar Sep 29 '20 14:09 tr3pan

sources.list setting for mod-pagespeed updates.

REPOCONFIG="deb http://dl.google.com/linux/mod-pagespeed/deb/ stable main"

Are you sure this wasn't pre-existing? That release ought to include https://github.com/apache/incubator-pagespeed-mod/commit/e515ddc905510a7041560a8fc712f1624e776e02

oschaaf avatar Sep 29 '20 14:09 oschaaf

@oschaaf It was my fault that I didn't check the downloaded package. I downloaded the latest stable thinking that 1.4.36 is stable and I just download the stable package. Nowhere on the download page is written what is the latest stable and even the beta version. The old google packages file name doesn't specify the package version which adds to the confusion.

I installed the package from @Lofesa link. I suppose because this is transition period the package name is different and installs different repo.list file. To my surprise there is a script to install a repo.list file, but because there is no assigned repo the repo.list file is not created. So even though I installed the package, this didn't fix my original problem.

I understand that time is needed for the transition, but can someone from google at least sign the Release file so apt-get update won't fail.

If it is not possible, then just write it on the official page so people won't have false hopes or expectations.

@oschaaf if it wasn't the issue you posted I am not sure how I am supposed to know which key was used to sign the package.

tr3pan avatar Sep 30 '20 08:09 tr3pan