INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: The repository is insufficiently signed by key (weak digest)  (Read 7205 times)

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7812
  • Autumn shade...
The repository is insufficiently signed by key (weak digest)
« on: March 23, 2016, 10:46:00 am »

Adding the GPG key and repository in Ubuntu 16.04 and updating the package list results in an error...

Code: [Select]
W: gpgv:/var/lib/apt/lists/dist.jriver.com_latest_mediacenter_dists_jessie_InRelease: The repository is insufficiently signed by key AFCABAC2C6F16C0E1F2D9707C30B25C6077765D5 (weak digest)
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1558331
https://wiki.debian.org/Teams/Apt/Sha1Removal

This is likely because of the depreciation of SHA-1 and the GPG key appears to only be SHA-1 and it'll require SHA-256. I'm not sure if the packages are SHA-1 signed or not, if they are they'll need to be SHA-256 signed too. It was bound to happen sooner or later. Even Google's Chrome repository is half-broken right now because of this.

Manually updating via dpkg still works, but right now the repository is half-broken on Ubuntu 16.04 because of this.
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

geier22

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 427
Re: The repository is insufficiently signed by key (weak digest)
« Reply #1 on: March 31, 2016, 01:04:07 am »

I got the same error in Debian stretch:
Code: [Select]
W: gpgv:/var/lib/apt/lists/dist.jriver.com_latest_mediacenter_dists_jessie_InRelease: The repository is insufficiently signed by key AFCABAC2C6F16C0E1F2D9707C30B25C6077765D5 (weak digest)
Logged
Debian Testing x64 (multiarch) Xfce
TEAC UD-H01 - Yamaha A-S1000 /
Midrange- Studiomonitore by FÖÖN
AsRock Z390 Extreme4- Intel Core i9 9900/ 32 GB Ram

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13874
Re: The repository is insufficiently signed by key (weak digest)
« Reply #2 on: March 31, 2016, 04:58:40 pm »

Sigh.
Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7812
  • Autumn shade...
Re: The repository is insufficiently signed by key (weak digest)
« Reply #3 on: March 31, 2016, 05:12:48 pm »

Sigh.

That's exactly what I thought the response to be. ;)

It's a bummer though that they're starting to enforce it.
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

Hendrik

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 10941
Re: The repository is insufficiently signed by key (weak digest)
« Reply #4 on: April 01, 2016, 06:11:39 am »

It's a bummer though that they're starting to enforce it.

Did it even warn before, or did it really go from nothing to broken?
Logged
~ nevcairiel
~ Author of LAV Filters

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7812
  • Autumn shade...
Re: The repository is insufficiently signed by key (weak digest)
« Reply #5 on: April 01, 2016, 07:29:04 am »

Nothing to broken.

Ubuntu 15.10 works fine, whereas upgrading to Ubuntu 16.04 LTS was broken. It surprised me too, but when I did some searching and found that it's affecting Chrome's repo too.
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7812
  • Autumn shade...
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13874
Re: The repository is insufficiently signed by key (weak digest)
« Reply #7 on: April 05, 2016, 12:57:11 pm »

That is just a warning though. It still installs MC properly (I tried from a fresh 16.04 AMD64 install).
Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7812
  • Autumn shade...
Re: The repository is insufficiently signed by key (weak digest)
« Reply #8 on: April 29, 2016, 09:26:07 pm »

Heads up Mint users, it looks like the APT update is pushed out to Linux Mint 17.x, so expect seeing this error when updating!
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

astromo

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 2251
Re: The repository is insufficiently signed by key (weak digest)
« Reply #9 on: April 29, 2016, 10:03:13 pm »

That is just a warning though. It still installs MC properly (I tried from a fresh 16.04 AMD64 install).

I concur. Did the same to QNAP VM runing Ubuntu 16.04 with the AMD64. Saw the warning but the install completed without issue and MC fired up and loaded the registration file successfully.

It would appear that the term "error" in this context is a bit strong unless there's contrary experience to hand.
Logged
MC33, Win10 x64, HD-Plex H5 Gen2 Case, HD-Plex 400W Hi-Fi DC-ATX / AC-DC PSU, Gigabyte Z370 ULTRA Gaming 2.0 MoBo, Intel Core i7 8700 CPU, 4x8GB GSkill DDR4 RAM, Schiit Modi Multibit DAC, Freya Pre, Nelson Pass Aleph J DIY Clone, Ascension Timberwolf 8893BSRTL Speakers, BJC 5T00UP cables, DVB-T Tuner HDHR5-4DT
Pages: [1]   Go Up