GPG invalid signature on self-signed repository











up vote
0
down vote

favorite












Foreword: we are using Spacewalk to distribute some internal packages to Ubuntu systems via a private repository, thus necessitating the self-signing. Unfortunately Spacewalk doesn't handle the signing portion of this yet, so it has to be done manually.



We are having issues with apt stating that signatures are invalid for the Release files::



# apt update  

Apt-Spacewalk: Updating sources.list  

Ign:1 spacewalk://spacewalk.server extras-ubuntu InRelease  

[...]  

Reading package lists... Done  

W: GPG error: spacewalk://spacewalk.server extras-ubuntu Release: 

The following signatures were invalid: 41CDF527725B5CD68EA405AA27D22AF72385D175


The key is imported to apt-key 



# apt-key list

/etc/apt/trusted.gpg

--------------------

pub   rsa2048 2018-03-23 [SC]

       41CD F527 725B 5CD6 8EA4  05AA 27D2 2AF7 2385 D175

uid           [ unknown] Spacewalk (For GPG signing APT repos) <nobody@nowhere>


And the Release file is, in fact, signed with the correct key:



# gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   2048R/2385D175 2018-03-23

uid                  Spacewalk (For GPG signing APT repos) <nobody@nowhere>



# gpg ./Release.gpg

Detached signature.

Please enter name of data file: Release

gpg: Signature made Fri 23 Mar 2018 10:43:50 AM EDT using RSA key ID 2385D175

gpg: Good signature from "Spacewalk (For GPG signing APT repos) <nobody@nowhere>"


What is the cause of this invalid signature error and how can we fix it? We strictly followed the instructions on http://www.devops-blog.net/spacewalk/gpg-signing-apt-repository-in-spacewalk so everything seems like it should work, but it doesn't.






apt gnupg







share|improve this question


























    up vote
    0
    down vote

    favorite












    Foreword: we are using Spacewalk to distribute some internal packages to Ubuntu systems via a private repository, thus necessitating the self-signing. Unfortunately Spacewalk doesn't handle the signing portion of this yet, so it has to be done manually.



    We are having issues with apt stating that signatures are invalid for the Release files::



    # apt update  
    
Apt-Spacewalk: Updating sources.list  
    
Ign:1 spacewalk://spacewalk.server extras-ubuntu InRelease  
    
[...]  
    
Reading package lists... Done  
    
W: GPG error: spacewalk://spacewalk.server extras-ubuntu Release: 
    
The following signatures were invalid: 41CDF527725B5CD68EA405AA27D22AF72385D175


    The key is imported to apt-key 



    # apt-key list
    
/etc/apt/trusted.gpg
    
--------------------
    
pub   rsa2048 2018-03-23 [SC]
    
       41CD F527 725B 5CD6 8EA4  05AA 27D2 2AF7 2385 D175
    
uid           [ unknown] Spacewalk (For GPG signing APT repos) <nobody@nowhere>


    And the Release file is, in fact, signed with the correct key:



    # gpg -k
    
/root/.gnupg/pubring.gpg
    
------------------------
    
pub   2048R/2385D175 2018-03-23
    
uid                  Spacewalk (For GPG signing APT repos) <nobody@nowhere>
    

    
# gpg ./Release.gpg
    
Detached signature.
    
Please enter name of data file: Release
    
gpg: Signature made Fri 23 Mar 2018 10:43:50 AM EDT using RSA key ID 2385D175
    
gpg: Good signature from "Spacewalk (For GPG signing APT repos) <nobody@nowhere>"


    What is the cause of this invalid signature error and how can we fix it? We strictly followed the instructions on http://www.devops-blog.net/spacewalk/gpg-signing-apt-repository-in-spacewalk so everything seems like it should work, but it doesn't.






    apt gnupg







    share|improve this question
























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      Foreword: we are using Spacewalk to distribute some internal packages to Ubuntu systems via a private repository, thus necessitating the self-signing. Unfortunately Spacewalk doesn't handle the signing portion of this yet, so it has to be done manually.



      We are having issues with apt stating that signatures are invalid for the Release files::



      # apt update  
      
Apt-Spacewalk: Updating sources.list  
      
Ign:1 spacewalk://spacewalk.server extras-ubuntu InRelease  
      
[...]  
      
Reading package lists... Done  
      
W: GPG error: spacewalk://spacewalk.server extras-ubuntu Release: 
      
The following signatures were invalid: 41CDF527725B5CD68EA405AA27D22AF72385D175


      The key is imported to apt-key 



      # apt-key list
      
/etc/apt/trusted.gpg
      
--------------------
      
pub   rsa2048 2018-03-23 [SC]
      
       41CD F527 725B 5CD6 8EA4  05AA 27D2 2AF7 2385 D175
      
uid           [ unknown] Spacewalk (For GPG signing APT repos) <nobody@nowhere>


      And the Release file is, in fact, signed with the correct key:



      # gpg -k
      
/root/.gnupg/pubring.gpg
      
------------------------
      
pub   2048R/2385D175 2018-03-23
      
uid                  Spacewalk (For GPG signing APT repos) <nobody@nowhere>
      

      
# gpg ./Release.gpg
      
Detached signature.
      
Please enter name of data file: Release
      
gpg: Signature made Fri 23 Mar 2018 10:43:50 AM EDT using RSA key ID 2385D175
      
gpg: Good signature from "Spacewalk (For GPG signing APT repos) <nobody@nowhere>"


      What is the cause of this invalid signature error and how can we fix it? We strictly followed the instructions on http://www.devops-blog.net/spacewalk/gpg-signing-apt-repository-in-spacewalk so everything seems like it should work, but it doesn't.






      apt gnupg







      share|improve this question













      Foreword: we are using Spacewalk to distribute some internal packages to Ubuntu systems via a private repository, thus necessitating the self-signing. Unfortunately Spacewalk doesn't handle the signing portion of this yet, so it has to be done manually.



      We are having issues with apt stating that signatures are invalid for the Release files::



      # apt update  
      
Apt-Spacewalk: Updating sources.list  
      
Ign:1 spacewalk://spacewalk.server extras-ubuntu InRelease  
      
[...]  
      
Reading package lists... Done  
      
W: GPG error: spacewalk://spacewalk.server extras-ubuntu Release: 
      
The following signatures were invalid: 41CDF527725B5CD68EA405AA27D22AF72385D175


      The key is imported to apt-key 



      # apt-key list
      
/etc/apt/trusted.gpg
      
--------------------
      
pub   rsa2048 2018-03-23 [SC]
      
       41CD F527 725B 5CD6 8EA4  05AA 27D2 2AF7 2385 D175
      
uid           [ unknown] Spacewalk (For GPG signing APT repos) <nobody@nowhere>


      And the Release file is, in fact, signed with the correct key:



      # gpg -k
      
/root/.gnupg/pubring.gpg
      
------------------------
      
pub   2048R/2385D175 2018-03-23
      
uid                  Spacewalk (For GPG signing APT repos) <nobody@nowhere>
      

      
# gpg ./Release.gpg
      
Detached signature.
      
Please enter name of data file: Release
      
gpg: Signature made Fri 23 Mar 2018 10:43:50 AM EDT using RSA key ID 2385D175
      
gpg: Good signature from "Spacewalk (For GPG signing APT repos) <nobody@nowhere>"


      What is the cause of this invalid signature error and how can we fix it? We strictly followed the instructions on http://www.devops-blog.net/spacewalk/gpg-signing-apt-repository-in-spacewalk so everything seems like it should work, but it doesn't.






      apt gnupg




      apt gnupg






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Mar 23 at 15:06









      ngst

      11




      11






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          I was running into the same issue on a local Debian 9 repo, not Spacewalk specific. Tracked it down to:




          • Needed SHA-256 for the key

          • Using "signed-by" to the gpg key in the sources.list

          • Device public key could not be ASCII, must be binary


          Figured it out by reading the documentation Instructions to connect to a third-party repository






          share|improve this answer

















          • 1




            Welcome to Ask Ubuntu! ;-) I recommend editing this answer to expand it with specific details about how to do this. (See also How do I write a good answer? for general advice about what sorts of answers are considered most valuable on Ask Ubuntu.) Keep up the good work!
            – Fabby
            Nov 29 at 22:12











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1018585%2fgpg-invalid-signature-on-self-signed-repository%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          I was running into the same issue on a local Debian 9 repo, not Spacewalk specific. Tracked it down to:




          • Needed SHA-256 for the key

          • Using "signed-by" to the gpg key in the sources.list

          • Device public key could not be ASCII, must be binary


          Figured it out by reading the documentation Instructions to connect to a third-party repository






          share|improve this answer

















          • 1




            Welcome to Ask Ubuntu! ;-) I recommend editing this answer to expand it with specific details about how to do this. (See also How do I write a good answer? for general advice about what sorts of answers are considered most valuable on Ask Ubuntu.) Keep up the good work!
            – Fabby
            Nov 29 at 22:12















          up vote
          0
          down vote













          I was running into the same issue on a local Debian 9 repo, not Spacewalk specific. Tracked it down to:




          • Needed SHA-256 for the key

          • Using "signed-by" to the gpg key in the sources.list

          • Device public key could not be ASCII, must be binary


          Figured it out by reading the documentation Instructions to connect to a third-party repository






          share|improve this answer

















          • 1




            Welcome to Ask Ubuntu! ;-) I recommend editing this answer to expand it with specific details about how to do this. (See also How do I write a good answer? for general advice about what sorts of answers are considered most valuable on Ask Ubuntu.) Keep up the good work!
            – Fabby
            Nov 29 at 22:12













          up vote
          0
          down vote










          up vote
          0
          down vote









          I was running into the same issue on a local Debian 9 repo, not Spacewalk specific. Tracked it down to:




          • Needed SHA-256 for the key

          • Using "signed-by" to the gpg key in the sources.list

          • Device public key could not be ASCII, must be binary


          Figured it out by reading the documentation Instructions to connect to a third-party repository






          share|improve this answer












          I was running into the same issue on a local Debian 9 repo, not Spacewalk specific. Tracked it down to:




          • Needed SHA-256 for the key

          • Using "signed-by" to the gpg key in the sources.list

          • Device public key could not be ASCII, must be binary


          Figured it out by reading the documentation Instructions to connect to a third-party repository







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 29 at 21:16









          EE2000

          1




          1








          • 1




            Welcome to Ask Ubuntu! ;-) I recommend editing this answer to expand it with specific details about how to do this. (See also How do I write a good answer? for general advice about what sorts of answers are considered most valuable on Ask Ubuntu.) Keep up the good work!
            – Fabby
            Nov 29 at 22:12














          • 1




            Welcome to Ask Ubuntu! ;-) I recommend editing this answer to expand it with specific details about how to do this. (See also How do I write a good answer? for general advice about what sorts of answers are considered most valuable on Ask Ubuntu.) Keep up the good work!
            – Fabby
            Nov 29 at 22:12








          1




          1




          Welcome to Ask Ubuntu! ;-) I recommend editing this answer to expand it with specific details about how to do this. (See also How do I write a good answer? for general advice about what sorts of answers are considered most valuable on Ask Ubuntu.) Keep up the good work!
          – Fabby
          Nov 29 at 22:12




          Welcome to Ask Ubuntu! ;-) I recommend editing this answer to expand it with specific details about how to do this. (See also How do I write a good answer? for general advice about what sorts of answers are considered most valuable on Ask Ubuntu.) Keep up the good work!
          – Fabby
          Nov 29 at 22:12


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1018585%2fgpg-invalid-signature-on-self-signed-repository%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

          Image
          0 I recently upgraded an Ubuntu 16.04 virtual machine to 18.04. I regularly use this VM to run apt-mirror at school on their high-speed internet, then rsync these files to my rack-mount server at home for updating multiple computers at home without wasting the tiny amount of bandwidth I have there. Since updating I can't get apt-mirror to run on my VM. It keeps giving the error: flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror line 214 immediately followed by: apt-mirror is already running, exiting at /usr/bin/apt-mirror line 217 apt-mirror is NOT running, and does not have a cron job. I've tried rebooting, and even looked for the old-style lockfile to delete, but I guess that method is no longer used. Is there some way to force unlock this so I can run apt-mirror? UPDATE: So... I f
          Read more

          Mangá

          Image
            Nota:  Não confundir com Manga. Mangás e Animes Mangá Mangaká • Tankōbon Film comic La nouvelle manga Mangá original em inglês Anime História Animação influenciada por animes • Filler • OVA • Seiyū Públicos Kodomo • Shōjo • Shōnen Josei • Seinen Gêneros Mahō shōjo • Mecha • Harém Ecchi • Hentai ( Yaoi • Yuri Futanari • Shotacon • Lolicon Toddlercon ) Termos Bishōjo • Chibi • Fan service Gaiden • Kawaii • Kaitō • Light novel Mahō shōnen • Moe (antropomorfismo • Kemonomimi Nekomimi ) • Super deformed Omake • Tsundere • Yonkoma Listas Mangás • Animes • Ecchi • Mangaka • Estúdios • Revistas Fãs ( otaku ) Anime Music Video Convenções • Cosplay Dōjinshi • Fansub • Fandub • Fujoshi OS-tan • Scanlation Portal de Anime e mangá v d e O mangá (português brasileiro) ou manga (português europeu) [ 1 ] (em japonês: 漫画 , manga ? , lit. “história em quadrinhos”) , é a
          Read more

           ⁒  ․,‪⁊‑⁙ ⁖, ⁇‒※‌, †,⁖‗‌⁝    ‾‸⁘,‖⁔⁣,⁂‾
”‑,‥–,‬ ,⁀‹⁋‴⁑ ‒ ,‴⁋”‼ ⁨,‷⁔„ ‰′,‐‚ ‥‡‎“‷⁃⁨⁅⁣,⁔
⁇‘⁔⁡⁏⁌⁡‿‶‏⁨ ⁣⁕⁖⁨⁩⁥‽⁀  ‴‬⁜‟ ⁃‣‧⁕‮ …‍⁨‴ ⁩,⁚⁖‫ ,‵ ⁀,‮⁝‣‣ ⁑  ⁂– ․, ‾‽ ‏⁁“⁗‸ ‾… ‹‡⁌⁎‸‘ ‡⁏⁌‪ ‵⁛ ‎⁨ ―⁦⁤⁄⁕

          ⁉…‧ ⁩,“⁡‹⁃‽⁞•,⁠‚  ⁓⁎  ⁜ ‴ ⁥⁡⁎‭,‍‑⁁⁌⁦ ⁁‟⁙‥‒“⁈ ,‪⁧ ⁙‿⁇⁦,⁝‘ ⁎“⁘‫‪,‗‹‛‹⁒  ⁇⁄‗‒•“⁇   ‐ ⁂
‘‛, ‶⁦ ⁇ ​⁞‧ 
,⁏ …‹–⁗⁡⁘⁄ ‏‿‬‟″ ‏⁢⁦⁗⁚⁝‬⁢⁏,⁧″⁍′‖⁂※⁄‘– ‵⁡ ‭⁢⁚,⁅‧,‼‛⁗,⁡⁗“⁔⁃⁍‷⁏‗‱⁌‚  
•⁝ ‚‒ ‥‰  ′⁌, ⁄, ⁛—‭‑”⁂,⁑ ‡⁨‴⁖⁙…,‑, ,⁎,․‣‥  ‴‎⁎,″‛⁎‭‿ ⁤ ‷‾‼‖,⁠⁊‾,⁦“‗‑‌†,⁙,†⁝′ 
,―‚․‘, ⁢  ‿‌,⁀„‣,⁌,‭‖ ⁆“‪,―  ⁀ ⁃,
‷⁥,​,‟‗⁄⁉⁐⁗―
,‮⁢⁩⁆⁣‹‭⁅ ⁝‾‏‭⁖ ⁕⁄‷,†‟‒ ⁣‹,​…​,⁤⁂⁨‮⁎⁙–‟‼ ⁍‱‱,‽,‫‽‣ ⁒,⁨ ⁄ ⁝”„‿‑‎⁈‿
 ⁀‛‼‟ ⁑“,⁩​ ‒
–⁡…⁢ ⁂ ⁈⁎,‵‡,⁛,,‱⁧⁋,․‬⁄ “,⁄‴⁊  ‗―,‵⁙⁔—⁀ —  ⁀‬‬ ‒⁋‼⁀― ,⁌′ ‍‶ ’
          Read more