aptly icon indicating copy to clipboard operation
aptly copied to clipboard

Published 20 hours ago verified publisher icon aptly-dev

Error adding Debian 12 main repository

Open ghubz opened this issue 1 year ago • 3 comments

Hi,

I am trying to add a mirror for http://deb.debian.org/debian bookworm main

however I keep getting:

gpgv: Signature made Sat Jun 10 12:33:58 2023 EEST using ? key ID 8783D481
gpgv: Can't check signature: unknown pubkey algorithm

The only difference I noticed between this key and all other on the system is that it is not RSA but EDDSA

/etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.gpg
---------------------------------------------------------
pub   **ed25519** 2023-01-23 [SC] [expires: 2031-01-21]
      4D64 FEC1 19C2 0290 67D6  E791 F8D2 585B 8783 D481
uid           [ unknown] Debian Stable Release Key (12/bookworm) <[email protected]>

I tried everything but nothing works.

The system is running Debian 10 with gpg from backports

gpg --version
gpg (GnuPG) 2.2.27
libgcrypt 1.8.4
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

I am running aptly v1.3.0+ds1-2.2~deb10u2. I have upgraded to 1.4.0+ds1-2~bpo10+1 from backports but made no difference.

Any ideas?

ghubz avatar Jul 12 '23 08:07 ghubz

To add to my previous message, changing the gpgProvider to "internal" in the config returns

Downloading http://deb.debian.org/debian/dists/bookworm/InRelease...
Downloading http://deb.debian.org/debian/dists/bookworm/Release...
Downloading http://deb.debian.org/debian/dists/bookworm/Release.gpg...
ERROR: unable to fetch mirror: failed to verify detached signature: openpgp: unsupported feature: public key algorithm 22

ghubz avatar Jul 13 '23 06:07 ghubz

More info after testing:

On a newly installed Debian 11 it works fine. On a newly installed Debian 10 it does not work. Upgrading the same machine to Debian 11 still does not resolve the issue.

On the Debian 11 that works gpg --list-keys returns no keys at all. :/ Exporting apt keys from This system to the others makes no difference.

ghubz avatar Jul 13 '23 11:07 ghubz

Hi @ghubz , I've faced the same issue and changed the gpgProvider from "gpg" to "gpg2". After that, it works for me. I'm on debian 11 (upgraded from debian 10) and aptly v1.5.0 (nightly).

basti-nis avatar Aug 10 '23 12:08 basti-nis

debian switched to gpg2, this introduced some compatibility problems with existing keyrings...

I assume the issue is solved, closing... (reopen if needed)

neolynx avatar Aug 13 '24 17:08 neolynx