Problem with package signing in Debian

Mauro Fontana shared this problem 6 years ago
In Progress

Hello


I don't know if this has already came to your attention but with the recent changes in APT tolerance to SHA1 algorithms, the geogebra repository is now non-compatible with current Debian Testing and (I think) with future Ubuntu 16.04.


Error message:


W: http://www.geogebra.net/lin...: Signature by key 98272894F6478AA4434B41D3C072A32983A736CF uses weak digest algorithm (SHA1)


Some links about the issue:

https://wiki.debian.org/Tea...

https://juliank.wordpress.c...


Hope this helps


Cheers,

Comments (7)

photo
1

Thanks, we'll check!


https://jira.geogebra.org/b...

photo
1

Hi, no problem to update today to 5.0.233.0 with Ubuntu Mate 16.04 32bit

photo
1

Same problem on Ubuntu 16.04, using geogebra5.


I tried installing the key from http://www.geogebra.net/lin... and from https://static.geogebra.org... but both give the weak algorithm error.

photo
2

Please could you check it again? The repository is now signed by using SHA512 since today morning.

photo
1

I can confirm "apt update" no longer displays the weak-signing warning regarding GeoGebra's repo.


Great work and thank you for your time!


Cheers,

Mauro

photo
1

Great, thanks for the check! :-)

photo
1

Hi, I try to add geogebra repository with

$ sudo apt-add-repository -u 'deb http://www.geogebra.net/linux/ stable main' 

but get the message

W: GPG error: http://www.geogebra.net/linux stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C072A32983A736CF

E: The repository 'http://www.geogebra.net/linux stable InRelease' is not signed.


How should I proceed?

Thanks!!

© 2022 International GeoGebra Institute