After many requests from several users and after many months of promise, the Dotdeb repositories are GPG-signed. Yes, you can now get rid of the annoying “WARNING: The following packages cannot be authenticated!” message!
Waiting for a dotdeb-keyring package, you just have to get the key and add it to your trusted keys’ keyring :
gpg --keyserver keys.gnupg.net --recv-key 89DF5277 gpg -a --export 89DF5277 | sudo apt-key add -
I hope you’ll enjoy it.
66 replies on “Dotdeb packages are now signed!”
I love you! Seriously, thanx for your work!!
gorgeous
Yes I enjoy that 😛
nice
Hi have a problem,
i added in the /etc/apt/sources.list
deb http://packages.dotdeb.org stable all
deb-src http://packages.dotdeb.org stable all
when i do apt-get update i have this error :
W: GPG error: http://packages.dotdeb.org stable Release: Les signatures suivantes n’ont pas pu être vérifiées car la clé publique n’est pas disponible : NO_PUBKEY E9C74FEEA2098A6E
any idea please ?
[…] billet sur le Blog de DotDeb.org indique une méthode, qui chez moi n’a pas fonctionné pour ajouter les clés de […]
@amine : just fetch the GnuPG key and add it to your APT keyring, as explained in the above post.
Thanks for all your effort!
Thank you! Everything worked fine…as always! 🙂
Cool! Thanks a lot!
thank you! 🙂
Tyrael
Hello,
Great. With these signatures, I (or even my customers) can now upgrade directly from Virtualmin panel.
Thank you very much.
If it doesn’t work first, you may have to open the 11371 port as I did.
Bonjour,
Merci pour la signature des paquets.
Pour chipoter est il vraiment nécessaire d’inscrire “sudo” avant le apt-key add ?
Pour ceux qui utilisent la puissance de root sans autre forme de procès ça peut être perturbant 😉
I got the following error:
W: GPG error: http://php53.dotdeb.org stable Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY E9C74FEEA2098A6E
W: You may want to run apt-get update to correct these problems
After trying the above I got:
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error
and fixed everything with:
wget http://packages.dotdeb.org/dotdeb.gpg && apt-key add dotdeb.gpg && rm dotdeb.gpg
@H.T. : à chacun d’adopter la politique de sécurité qui lui sied 🙂
oh hell ya !!!
Great news!
honestly i tought lets go to see dotdeb if the packages are now signed.. and first message I see was this one.
Thanks a lot man!
[…] […]
Thanks!
@Joshaven Potter
Thank you so much! Your solution worked wonders for me.
Guillaume, did you checked mailbox?
@JarekMk : I’ll answer soon
OK I wait. Thank you.
hello, file on http://packages.dotdeb.org/dotdeb.gpg is not found? 🙁 . this file is for download on another location? help.pls.
@petr : it’s back. Sorry. You could use keys.gnupg.net to receive the key instead.
@Guillaume Plessis
thx , all ok new 🙂
[…] der Key in den eigenen Keyring aufgenommen werden. Auf der Seite von dotdeb selber wird gezeigt wie das funktioniert. Mit folgenden Befehlen sollte alles getan […]
Finally, thanks!
http://packages.dotdeb.org/dotdeb.gpg => 404
@vixns : Please use keys.gnupg.net tu get the key.
Note: if your system doesn’t have the gpg command, the package to get it is called gnupg. Since it took me several hours to figure this out, I figured I should post this here to save any fellow newbs some time.
am new with this keyring issue, how do you fetch for the GnuPG key? i need some guide
> gpg –keyserver keys.gnupg.net –recv-key 89DF5277
gpg: requesting key 89DF5277 from hkp server keys.gnupg.net
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error
> wget http://packages.dotdeb.org/dotdeb.gpg && apt-key add dotdeb.gpg && rm dotdeb.gpg
–2010-09-03 04:43:17– http://packages.dotdeb.org/dotdeb.gpg
Resolving packages.dotdeb.org… 79.125.3.21
Connecting to packages.dotdeb.org|79.125.3.21|:80… connected.
HTTP request sent, awaiting response… 404 Not Found
2010-09-03 04:43:17 ERROR 404: Not Found.
Hey
The key isnt found with your guide! The key doesnt exist in the database
Wow people really do not read anything these days.
The error was “keyserver timed out” doh !! So for the newbies with no education that means the keyserver is having a issue not “key not found”.
Second read http://localhost:8080/2010/07/11/dotdeb-packages-are-now-signed/#comment-2556
Start reading instead of being spoon fed here.
after disabling the firewall, I got the key successufly
sweet
i have no idea why the key is not on this server nor on keys.gnupg.net anymore. if anyone need the key, you can download it from my server:
wget http://88.198.62.123/randomstuff/dotdeb.gpg
sudo apt-key add dotdeb.gpg
Here it is : http://localhost:8080/dotdeb.gpg
Gui are you going to make a signing package people can install instead ?
I think that would be best if not having the key imported automatically when they update there apt.
I think all you have to do is create Release.gpg with your pubkey in it.
Setting up a secure apt repository
From man apt-secure
If you want to provide archive signatures in an archive under your maintenance you have to:
* Create a toplevel Release file. if it does not exist already. You can do this by running apt-ftparchive release (provided inftp apt-utils).
* Sign it. You can do this by running gpg -abs -o Release.gpg Release.
* Publish the key fingerprint, that way your users will know what key they need to import in order to authenticate the files in the archive.
Whenever the contents of the archive changes (new packages are added or removed) the archive maintainer has to follow the first two steps previously outlined.
@Scott Grayban : the repository is signed using the two steps you described. I just have to make a dotdeb-keyring package but I need some more work on it.
Ports used with command “gpg –keyserver […]” are the followings :
hkp 11371/tcp # OpenPGP HTTP Keyserver
hkp 11371/udp # OpenPGP HTTP Keyserver
For the lucky ones that can configure there firewall…
[…] http://www.dotdeb.org […]
Just use this:
wget http://localhost:8080/dotdeb.gpg && apt-key add dotdeb.gpg && rm dotdeb.gpg
[…] Answers nbartolomeo Accord to this: http://localhost:8080/2009/03/11/php-529-is-packaged-at-last/#comment-1332 the packages in that repo are not GPG signed so there is no key. Considering that comment is 6 months old now I could be wrong but I can’t find anything to the contrary. April 23, 2010 12:29 pm ax The Dotdeb repositories just (July 11th, 2010) got GPG-signed: […]
This took me a little while to figure out, so this is what worked for me:
wget -q -O – http://localhost:8080/dotdeb.gpg | sudo apt-key add –
There are a number of ways to import the key.
Open port out tpc 11371 😉 for gpg
Port 11371 has nothing to do with gpg package signing.
[…] packages are GPGsigned. Issue the following commands to add the keys to key-ring {"error":"Not Found"}<html> […]
[…] stable all deb-src http://php53.dotdeb.org stable allAjout des clés GPG pour DotdebLes paquets Dotdeb sont signés, pour ne pas avoir de message d’alerte, tapez donc les commandes suivantes pour télécharger […]
[…] Les paquets Dotdeb sont signés, pour ne pas avoir de message d’alerte, tapez donc les commandes suivantes pour télécharger et ajouter la clé Dotdeb : […]
[…] if you don’t want to get those error messages about untrusted packages, don’t forget to add Dotdeb’s keys to your keyring.We can now test that nginx is working by starting it up then fetch the default served page: $ […]
[…] The Dotdeb repositories just (July 11th, 2010) got GPG-signed: […]
For me it worked the following:
> wget -q -O – http://localhost:8080/dotdeb.gpg
> sudo apt-key add dotdeb.gpg
[…] packages are GPGsigned. Issue the following commands to add the keys to key-ring gpg –keyserver keys.gnupg.net […]
[…] ググってみると、Dotdebの公式ブログの記事がでてきたので、記事に書かれているコマンドを実行してみます。 […]
Paulo!
worked for me too! thks a lot.
[…] The Dotdeb repositories just (July 11th, 2010) got GPG-signed: […]
How can one add the key in the APT keyring?
I think I am ready to go here, but when I attempt to install php55 or any version of php I get the following msg:
“E: Unable to locate package php55”
E: Unable to locate package php5 is where I am stuck. Can someone help? Thanks.
@Mateo : could you please avoid sending 4 messages for the same issue? Did you follow the instructions on this page? http://localhost:8080/instructions/
If so, could you please send the result of apt-cache policy php5 and follow the steps here : http://localhost:8080/2012/08/24/how-to-post-useful-bug-reports/
Thanks.
I cant believe that people can be so lazy as to not read the whole post describing how to add your signed key into apt.