Problem with package signing in Debian

Mauro Fontana shared this problem 6 years ago

In Progress

Hello

I don't know if this has already came to your attention but with the recent changes in APT tolerance to SHA1 algorithms, the geogebra repository is now non-compatible with current Debian Testing and (I think) with future Ubuntu 16.04.

Error message:

W: http://www.geogebra.net/lin...: Signature by key 98272894F6478AA4434B41D3C072A32983A736CF uses weak digest algorithm (SHA1)

Some links about the issue:

https://wiki.debian.org/Tea...

https://juliank.wordpress.c...

Hope this helps

Cheers,

The same problem

Comments (7)

Michael Borcherds ● 6 years ago

Thanks, we'll check!

https://jira.geogebra.org/b...

Reply URL

Michel Iroir ● 6 years ago

Hi, no problem to update today to 5.0.233.0 with Ubuntu Mate 16.04 32bit

Reply URL

Koen Roggemans ● 6 years ago

Same problem on Ubuntu 16.04, using geogebra5.

I tried installing the key from http://www.geogebra.net/lin... and from https://static.geogebra.org... but both give the weak algorithm error.

Reply URL

zoltan ● 6 years ago

Please could you check it again? The repository is now signed by using SHA512 since today morning.

Reply URL

Mauro Fontana ● 6 years ago

I can confirm "apt update" no longer displays the weak-signing warning regarding GeoGebra's repo.

Great work and thank you for your time!

Cheers,

Mauro

Reply URL

zoltan ● 6 years ago

Great, thanks for the check! :-)

Reply URL

Manuel López Mateos ● 1 year ago

Hi, I try to add geogebra repository with

$ sudo apt-add-repository -u 'deb http://www.geogebra.net/linux/ stable main'

but get the message

W: GPG error: http://www.geogebra.net/linux stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C072A32983A736CF

E: The repository 'http://www.geogebra.net/linux stable InRelease' is not signed.

How should I proceed?

Thanks!!

Reply URL