Closed momenso closed 5 years ago
Unstrusted signature despite applying the "new" signature:
How to reproduce:
$ apk --no-cache add ca-certificates fetch http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.8/community/x86_64/APKINDEX.tar.gz OK: 111 MiB in 66 packages $ wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand/sgerrand.rsa.pub $ wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.28-r0/glibc-2.28-r0.apk Connecting to github.com (192.30.253.112:443) Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (52.216.85.211:443) glibc-2.28-r0.apk 100% |*******************************| 2219k 0:00:00 ETA $ apk add glibc-2.28-r0.apk fetch http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.8/community/x86_64/APKINDEX.tar.gz ERROR: glibc-2.28-r0.apk: UNTRUSTED signature
My mistake, the pub key URL was wrong. Using https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub, instead of https://alpine-pkgs.sgerrand.com/sgerrand/sgerrand.rsa.pub solves that.
Unstrusted signature despite applying the "new" signature:
How to reproduce: