search

aptly-dev / aptly

aptly - Debian repository management tool
https://www.aptly.info/
MIT License
2.56k stars 374 forks source link

Error adding Debian 12 main repository #1197

Closed ghubz closed 1 month ago

ghubz commented 1 year ago

Hi,

I am trying to add a mirror for http://deb.debian.org/debian bookworm main

however I keep getting:

gpgv: Signature made Sat Jun 10 12:33:58 2023 EEST using ? key ID 8783D481
gpgv: Can't check signature: unknown pubkey algorithm

The only difference I noticed between this key and all other on the system is that it is not RSA but EDDSA

/etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.gpg
---------------------------------------------------------
pub   **ed25519** 2023-01-23 [SC] [expires: 2031-01-21]
      4D64 FEC1 19C2 0290 67D6  E791 F8D2 585B 8783 D481
uid           [ unknown] Debian Stable Release Key (12/bookworm) <debian-release@lists.debian.org>

I tried everything but nothing works.

The system is running Debian 10 with gpg from backports 

gpg --version
gpg (GnuPG) 2.2.27
libgcrypt 1.8.4
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

I am running aptly v1.3.0+ds1-2.2~deb10u2. I have upgraded to 1.4.0+ds1-2~bpo10+1 from backports but made no difference.

Any ideas?

ghubz commented 1 year ago

To add to my previous message, changing the gpgProvider to "internal" in the config returns

Downloading http://deb.debian.org/debian/dists/bookworm/InRelease...
Downloading http://deb.debian.org/debian/dists/bookworm/Release...
Downloading http://deb.debian.org/debian/dists/bookworm/Release.gpg...
ERROR: unable to fetch mirror: failed to verify detached signature: openpgp: unsupported feature: public key algorithm 22
ghubz commented 1 year ago

More info after testing:

On a newly installed Debian 11 it works fine. On a newly installed Debian 10 it does not work. Upgrading the same machine to Debian 11 still does not resolve the issue.

On the Debian 11 that works gpg --list-keys returns no keys at all. :/ Exporting apt keys from This system to the others makes no difference.

basti-nis commented 1 year ago

Hi @ghubz , I've faced the same issue and changed the gpgProvider from "gpg" to "gpg2". After that, it works for me. I'm on debian 11 (upgraded from debian 10) and aptly v1.5.0 (nightly).

neolynx commented 1 month ago

debian switched to gpg2, this introduced some compatibility problems with existing keyrings...

I assume the issue is solved, closing... (reopen if needed)