I am trying to install Jenkins on Ubuntu 13.10 and I am getting the above mentioned error when i try to run the following command:
wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
asked Jan 24, 2014 at 17:26
2
This problem might occur if you are behind corporate proxy and corporation uses its own certificate. Just add «—no-check-certificate» in the command.
e.g.
wget --no-check-certificate -qO - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
It works.
If you want to see what is going on, you can use verbose command instead of quiet before adding «—no-check-certificate» option.
e.g.
wget -vO - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
This will tell you to use «—no-check-certificate» if you are behind proxy.
Louis Lac
4,4601 gold badge18 silver badges33 bronze badges
answered Jun 26, 2016 at 15:09
LakeLake
1,2971 gold badge8 silver badges4 bronze badges
5
I got this error in an Ubuntu Docker container. I believe the cause was that the container was missing CA certs. To fix it, I had to run:
apt-get update
apt-get install ca-certificates
answered Feb 18, 2018 at 16:46
Yevgeniy BrikmanYevgeniy Brikman
8,4235 gold badges44 silver badges60 bronze badges
3
Managed to resolve it.
separated the command in to two commands and used directly the file name which was downloaded
example —
wget -q -O - https://pkg.jenkins.io/debian/jenkins-ci.org.key | sudo apt-key add -
can be separated into
wget -q -O - https://pkg.jenkins.io/debian/jenkins-ci.org.keysudo apt-key add jenkins-ci.org.key
Kevin Burke
58.9k73 gold badges184 silver badges298 bronze badges
answered Sep 23, 2016 at 6:52
ZiaZia
2,3052 gold badges17 silver badges14 bronze badges
3
gpg: no valid OpenPGP data found.
In this scenario, the message is a cryptic way of telling you that the download failed. Piping these two steps together is nice when it works, but it kind of breaks the error reporting — especially when you use wget -q (or curl -s), because these suppress error messages from the download step.
There could be any number of reasons for the download failure. My case, which wasn’t exactly listed so far, was that the proxy settings were lost when I called the enclosing script with sudo.
answered Jan 24, 2019 at 18:53
Brent BradburnBrent Bradburn
49.7k17 gold badges146 silver badges169 bronze badges
2
I too got the same error, when I did this behind a proxy. But after I exported the following from a terminal and re-tried the same command, the problem got resolved:
export http_proxy="http://username:password@proxy_ip_addr:port/"
export https_proxy="https://username:password@proxy_ip_addr:port/"
answered Mar 9, 2015 at 6:29
Aananth C NAananth C N
3986 silver badges14 bronze badges
2
i got this problem «gpg-no-valid-openpgp-data-found» and solve it with the following first i open browser and paste https://pkg.jenkins.io/debian/jenkins-ci.org.key
then i download the key in Downloads folder then
cd /Downloads/ then
sudo apt-key add jenkins-ci.org.key
if Appear «OK» then you success to add the key 
answered Aug 3, 2017 at 9:27
0
I had a similar issue.
The command I used was as follows:
wget -qO https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
I forgot a hyphen between the flags and the URL, which is why wget threw an error.
This is the command that finally worked for me:
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
answered May 7, 2020 at 1:24
1
In my case, the problem turned out to be that the keyfile was behind a 301 Moved Permanently redirect, which the curl command failed to follow. I fixed it by using wget instead:
wget URL
sudo apt-key add FILENAME
…where FILENAME is the file name that wget outputs after it downloads the file.
Update: Alternatively, you can use curl -L to make curl follow redirects.
answered Feb 17, 2018 at 23:12
Soren BjornstadSoren Bjornstad
1,2021 gold badge12 silver badges23 bronze badges
1
you forgot sudo … try with sudo and you will get OK
sudo wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
answered Mar 18, 2020 at 1:01
2
Try executing the commands separately.
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc
then
sudo apt-key add -
answered Oct 10, 2021 at 15:23
By executing the following command, it will save a jenkins-ci.org.key file in the current working directory:
curl -O http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key
Then use the following command to add the key file:
apt-key add jenkins-ci.org.key
If the system returns OK, then the key file has been successfully added.
answered Jul 17, 2018 at 23:12
Ryan YuanRyan Yuan
2,2862 gold badges12 silver badges23 bronze badges
export https_proxy=http://user:pswd@host:port
^^^^
Use http for https_proxy instead of https
answered Nov 11, 2019 at 9:19
lonstylonsty
1751 silver badge10 bronze badges
1
install gpg and
1-Import the repository’s GPG key:
wget -qO - https://nvidia.github.io/nvidia-docker/gpgkey | sudo apt-key add -
2-this is code repository elasticserach in linux for download
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
3-link download elasticsearch
https://www.elastic.co/downloads/elasticsearch
if error «Job for elasticsearch.service failed because a timeout was exceeded. See «systemctl status elasticsearch.service» and «journalctl -xe» for details.«
solution:
1-sudo journalctl -f
2-sudo systemctl enable elasticsearch.service
3-sudo systemctl start elasticsearch
answered Mar 15, 2021 at 12:02
NetwonsNetwons
98210 silver badges14 bronze badges
I guess the issue is with wrong GPG key. Jenkins changed their GPG key recently (16 April 2020). You might need to import the correct key following the current official directions.
wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add -
answered Sep 19, 2021 at 17:24
Tapan HegdeTapan Hegde
1,2001 gold badge8 silver badges24 bronze badges
wget may not be using up to date root certificates. In that case it will output nothing to stdout, causing apt-key to throw the error of the description. I could resolve this by upgrading my debian 9.5 image to the latest 9.13
apt-get update
apt-get upgrade -y
before running wget
answered Sep 30, 2021 at 22:51
AlejandroVDAlejandroVD
1,50818 silver badges22 bronze badges
There’s another, very basic reason that triggers the error message that is the title of this post:
This error message happens if you try to decrypt an unencrypted file.
The message is saying that gpg did try to read the file to decrypt, but it could not find the info it needed, the info the encrypt process writes there.
So the message can also mean «double-check you gave the correct file to decrypt, it looks like it is not an encrypted file».
Like this:
# Encrypt your file
encrypt my_text_file > my_encrypted_file
# ERROR! You try to decrypt the unencrypted file DON'T DO THIS
decrypt my_text_file > decrypted_file
gpg: no valid OpenPGP data found.
gpg: decrypt_message failed: Unknown system error
# You unencrypt the correct (encrypted) file and it works
decrypt my_encrypted_file > decrypted_file
answered Jan 10, 2022 at 17:27
CyclingDaveCyclingDave
9721 gold badge9 silver badges20 bronze badges
I have solved the error gpg: no valid OpenPGP data found. For my Ubuntu 20.04
Firstly:
sudo apt-get update
then,
sudo apt-get install ca-certificates
Finally,
sudo apt install curl
answered Sep 23, 2022 at 4:03
For those facing gpg: no valid OpenPGP data found. during docker installation due to curl: (5) Could not resolve proxy: could clear their list of proxies and try again;
env | grep -i proxy //for listing all proxies
unset <name of the proxy> // remove all proxies that is shown in the error
Example :
unset http_proxy
unset HTTPS_PROXY
answered Oct 21, 2022 at 7:31
I also got the same error. I’ve referred to the below mentioned link and ran this commands
gpg —import fails with no valid OpenPGP data found
gpg --import KEYS
sudo apt-get update
It worked.
I’m using Ubuntu version 12.04
answered Feb 24, 2014 at 12:21
DheerajGDheerajG
972 silver badges7 bronze badges
3
My operating system is Debian 9.1 with Cinnamon 3.2.7. I installed Audacious (version 3.7.2) from the Package Manager and want to update to the latest released. Per these instructions, I attempted to update by entering the following commands:
sudo add-apt-repository ppa:nilarimogard/webupd8
sudo apt update
sudo apt install audacious
After a prompt to press Enter, I received the following output:
gpg: keybox '/tmp/tmpseyl6p36/pubring.gpg' created
gpg: /tmp/tmpseyl6p36/trustdb.gpg: trustdb created
gpg: key 531EE72F4C9D234C: public key "Launchpad webupd8" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
gpg: no valid OpenPGP data found.
Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python3.5/threading.py", line 914, in _bootstrap_inner
self.run()
File "/usr/lib/python3.5/threading.py", line 862, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/python3/dist-packages/softwareproperties/SoftwareProperties.py", line 688, in addkey_func
func(**kwargs)
File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 386, in add_key
return apsk.add_ppa_signing_key()
File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 273, in add_ppa_signing_key
cleanup(tmp_keyring_dir)
File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 234, in cleanup
shutil.rmtree(tmp_keyring_dir)
File "/usr/lib/python3.5/shutil.py", line 480, in rmtree
_rmtree_safe_fd(fd, path, onerror)
File "/usr/lib/python3.5/shutil.py", line 438, in _rmtree_safe_fd
onerror(os.unlink, fullname, sys.exc_info())
File "/usr/lib/python3.5/shutil.py", line 436, in _rmtree_safe_fd
os.unlink(name, dir_fd=topfd)
FileNotFoundError: [Errno 2] No such file or directory: 'S.gpg-agent.browser'
Then, when I attempted to run the update step (sudo apt-get install), I received more errors:
--only-upgrade audacious
Ign:1 http://deb.debian.org/debian stretch InRelease
Ign:2 http://www.scootersoftware.com bcompare4 InRelease
Ign:3 http://ftp.us.debian.org/debian stretch InRelease
Hit:4 http://deb.debian.org/debian stretch Release
Hit:5 http://www.scootersoftware.com bcompare4 Release
Hit:6 http://ftp.us.debian.org/debian stretch-updates InRelease
Hit:7 http://security.debian.org/debian-security stretch/updates InRelease
Hit:8 http://ftp.us.debian.org/debian stretch Release
Ign:11 http://ppa.launchpad.net/alexanderk23/ppa/ubuntu artful InRelease
Ign:13 http://ppa.launchpad.net/nilarimogard/webupd8/ubuntu disco InRelease
Err:14 http://ppa.launchpad.net/alexanderk23/ppa/ubuntu artful Release
404 Not Found
Err:15 http://ppa.launchpad.net/nilarimogard/webupd8/ubuntu disco Release
404 Not Found
Reading package lists... Done
E: The repository 'http://ppa.launchpad.net/alexanderk23/ppa/ubuntu artful Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://ppa.launchpad.net/nilarimogard/webupd8/ubuntu disco Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Finally, when I ran the install step (sudo apt install audacious), it said the latest was already installed. It must not have accepted the PPA.
Reading package lists... Done
Building dependency tree
Reading state information... Done
audacious is already the newest version (3.7.2-1+b1).
0 upgraded, 0 newly installed, 0 to remove and 241 not upgraded.
After browsing online, I entered the following commands to undo my changes:
sudo add-apt-repository --remove ppa:nilarimogard/webupd8
sudo apt update
sudo apt-key del 531EE72F4C9D234C
sudo apt update
What additional commands do I need to run in order to get the PPA to add properly?
I’m trying to follow the installation instructions for Debian provided on Docker website. Unfortunately adding a GPG key fails for me:
$ curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
I’ve tried to download the key and add it from the local file system, but the effect is the same:
$ apt-key add docker.gpg
gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
The same happens for other keys, e.g. VirtualBox:
$ apt-key add oracle_vbox_2016.asc
gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
The keys looks fine:
$ cat docker.gpg
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
[...]
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
=0YYhg
-----END PGP PUBLIC KEY BLOCK-----
$ shasum docker.gpg
f5b5bd1487cefc0c53c947e11ca202e86b33dbad docker.gpg
$ gpg --list-packets docker.gpg
# off=0 ctb=99 tag=6 hlen=3 plen=525
:public key packet:
version 4, algo 1, created 1487788586, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: 8D81803C0EBFCD88
# off=528 ctb=b4 tag=13 hlen=2 plen=43
:user ID packet: "Docker Release (CE deb) <docker@docker.com>"
# off=573 ctb=89 tag=2 hlen=3 plen=567
:signature packet: algo 1, keyid 8D81803C0EBFCD88
version 4, created 1487792064, md5len 0, sigclass 0x13
digest algo 10, begin of digest b2 c9
hashed subpkt 2 len 4 (sig created 2017-02-22)
hashed subpkt 27 len 1 (key flags: 2F)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 3)
hashed subpkt 21 len 4 (pref-hash-algos: 10 9 8 11)
hashed subpkt 22 len 4 (pref-zip-algos: 2 3 1 0)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
subpkt 16 len 8 (issuer key ID 8D81803C0EBFCD88)
data: [4094 bits]
# off=1143 ctb=b9 tag=14 hlen=3 plen=525
:public sub key packet:
version 4, algo 1, created 1487788586, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: 7EA0A9C3F273FCD8
# off=1671 ctb=89 tag=2 hlen=3 plen=1086
:signature packet: algo 1, keyid 8D81803C0EBFCD88
version 4, created 1487788586, md5len 0, sigclass 0x18
digest algo 8, begin of digest f2 b8
hashed subpkt 2 len 4 (sig created 2017-02-22)
hashed subpkt 27 len 1 (key flags: 02)
subpkt 16 len 8 (issuer key ID 8D81803C0EBFCD88)
subpkt 32 len 540 (signature: v4, class 0x19, algo 1, digest algo 8)
data: [4095 bits]
Am I doing something wrong? What steps should I take to troubleshoot it further?
I’m on Debian Stretch. I don’t have any firewall. I’ve tried it on several networks.
С помощью «wget» или «завиток», Вы хотите загрузить любое приложение и его ключ в репозиторий apt. Если вы выполните обе указанные операции, вы можете столкнуться с ошибкой «gpg: не найдено действительных данных OpenPGP”. Другие причины, которые следует учитывать для gpg: ошибка не найдены действительные данные OpenPGP, заключается в том, что, возможно, вы по незнанию находитесь за прокси-сервером или сертификаты CA не установлены в вашей системе или «завитокКоманда не может определить путь сертификатов ЦС.
В этой статье собраны наиболее достоверные решения для исправления «gpg: не найдено действительных данных OpenPGP» ошибка. Взгляните на приведенные ниже методы и попробуйте их один за другим в своей системе.
Метод 1: Решить gpg: ошибка не найдены действительные данные OpenPGP (для команд wget и curl)
Если при выполнении команды «wget» или «curl» вы получаете сообщение об ошибке «gpg: не найдены действительные данные OpenPGP», то первое решение, которое вы можете попробовать, — разделить вашу команду на две части, а затем выполнить их по отдельности.
Скажем, команда wget, обнаружившая ошибку:
$ wget-q-O — https://www.postgresql.org/средства массовой информации/ключи/BAAA3GF9.asc |судоapt-key добавить —
Для устранения ошибки «gpg: не найдены действительные данные OpenPGP» сначала загрузите отдельно ключ «BAA3GF9.asc», а затем добавьте его в репозиторий apt.
Чтобы получить ключ ключевого файла, наберем следующую команду:
$ wget-q-O — https://www.postgresql.org/средства массовой информации/ключи/BAAA3GF9.asc
После этого мы добавим ключ в репозиторий apt, добавив его имя файла в команду «apt-key»:
$ судоapt-key добавить BAAA3GF9.asc
Точно так же, если вы выполнили «завиток»С выводом ошибки« gpg: не найдены допустимые данные OpenPGP », то вам необходимо выполнить над ней ту же операцию разделения:
$ завиток -O https://www.postgresql.org/средства массовой информации/ключи/BAAA3GF9.asc |судоapt-key добавить —
Сначала мы загрузим ключ, указанный в команде curl:
$ завиток -O https://www.postgresql.org/средства массовой информации/ключи/BAAA3GF9.asc
На следующем шаге добавьте загруженный ключ в качестве «доверенного ключа» в свой «apt» репозиторий следующим образом:
$ судоapt-key добавить BAAA3GF9.asc
Метод 2: Решить gpg: ошибка не найдены действительные данные OpenPGP (для команд wget и curl)
В случае, если политика безопасности вашей компании ограничила ваш доступ к Интернету и удалила доверенный ЦС или корневой центр сертификации сертификаты, то вы должны установить сертификаты CA для подписания сертификатов серверов, с которыми вам необходимо безопасно общаться. Это решение также поможет вам избавиться от ошибки «gpg: не найдены действительные данные OpenPGP».
Для установки «сертификатов CA» введите в терминале следующую команду:
$ судоapt-get install CA-сертификаты
Метод 3: Решить gpg: ошибка не найдены действительные данные OpenPGP (для команды wget)
Предположим, ваша организация использует собственный сертификат, а вы находитесь за корпоративным прокси-сервером. В этом случае существует возможность столкнуться с ошибкой «gpg: не найдены действительные данные OpenPGP» при выполнении команды «wget». Параметр –no-check-certificate добавлен в команду «wget», чтобы обойти проверку и продолжить загрузку:
Например, команда, которая показала нам ошибку «gpg: не найдены действительные данные OpenPGP»:
$ wget-q-O — https://www.postgresql.org/средства массовой информации/ключи/BAAA3GF9.asc |судоapt-key добавить —
Теперь мы добавим параметр «–no-check-certificate» в ту же команду «wget»:
$ wget—no-check-certificate-q-O — https://www.postgresql.org/средства массовой информации/ключи/BAAA3GF9.asc |судоapt-key добавить —
Метод 4: Решить gpg: ошибка не найдены действительные данные OpenPGP (для команды curl)
Одной из других причин ошибки «gpg: не найдены действительные данные OpenPGP» может быть проблема конфигурации вашего компьютера, когда команда «curl» выполняет поиск корневого центра сертификации в неправильном месте. В этом случае для обработки ошибки «gpg: не найдены действительные данные OpenPGP» необходимо исправить путь сертификатов CURL в файле «.bashrc».
Для этого сначала откройте «.bashrc”В редакторе nano:
$ нано ~/.bashrc
После этого добавьте в открытый файл следующую строку и сохраните ее:
экспортCURL_CA_BUNDLE=/и т.д/ssl/сертификаты/ca-Certific.crt
Вывод
Вы можете встретить «gpg: не найдено действительных данных OpenPGP»При загрузке файла и попытке сразу добавить его ключ в репозитории apt с помощью команды« wget »или« curl ». Кроме того, если сертификаты CA не установлены в вашей системе или для сертификатов CA назначен неправильный путь, то «wget» и «curl» будут выводить только ошибку «gpg: не найдены действительные данные OpenPGP». В этой статье мы обсудили пять различных методов решения ошибки «gpg: не найдены действительные данные OpenPGP». Попробуйте каждый из них последовательно и избавьтесь от указанной ошибки.
Hi tomasbrod
The following libraries were included in the install: qttools5-dev qttools5-dev-tools
The config still did not locate them.
The first possible solution in your list:-
knoppix@Microknoppix:~$ nohup node /usr/local/bin/gridcoinresearchd > /dev/null 2>&1 &
[1] 7362
Nothing was logged in the debug logs so I assume it stopped as soon as it was started.
The second possible solution in your list:-
knoppix@Microknoppix:~$ systemd-run —user —scope /usr/local/bin/gridcoinresearchd
Failed to start transient scope unit: Process org.freedesktop.systemd1 exited with status 1
[1]+ Exit 127 nohup node /usr/local/bin/gridcoinresearchd > /dev/null 2>&1
Nothing was logged in the debug logs so I assume it stopped as soon as it was started.
Interestingly, the 2nd solution procs off the 1st.
The third possible solution, System CTL setup came back with the following:-
knoppix@Microknoppix:~$ sudo systemctl start gridcoinresearchd.service
Failed to start gridcoinresearchd.service: Launch helper exited with unknown return code 1
See system logs and ‘systemctl status gridcoinresearchd.service’ for details.
knoppix@Microknoppix:~$ systemctl status gridcoinresearchd.service
Failed to get properties: Launch helper exited with unknown return code 1
knoppix@Microknoppix:~$
knoppix@Microknoppix:~$ journalctl -e
came back with «— No entries —«.
I don’t know where the logs for these daemon process sit, however the Gridcoin debug log registered nothing at all.
My arcane method came back with:-
knoppix@Microknoppix:~$ sudo service gridcoinresearchd start
[ ok ] Starting GridcoinResearch Daemon: GridcoinResearchd.
The arcane method left a message in the gridcoinresearchd debug.log one word «AppInit». It did not get any further.
knoppix@Microknoppix:~$ /usr/local/bin/gridcoinresearchd
works and logs to the debug.log
The only method that works is to fire it up in a terminal window.
The arcane method does something, but I’ve probably got an obvious error in either the defaults or the script.
Is there any other way to access / view the wallet without the gui?
Cheers
Michael B.
P.S. I got my package manager and Libre Office working.
I’ve re-installed all the dependencies including QT5. The configure routine does not want to recognize that QT is installed???
checking for main in -lminiupnpc… (cached) yes
checking for static Qt… no
checking for QT5… no
checking for QT5… no
configure: WARNING: Qt dependencies not found; bitcoin-qt frontend will not be built
checking whether to build Gridcoin GUI… no (Qt5)
Seriously, this is maddening.
Context
I want to verify the signature of the last version of the slack .deb package (slack-desktop-4.1.2-amd64.deb), which I downloaded from https://slack.com/intl/en-es/downloads/linux.
I am trying to follow the instructions provided by slack for Debian-based distributions https://slack.com/intl/en-es/help/articles/115004809166-Verify-Slack-for-Linux-(beta)-package-signatures#version-4.1.2-and-above-1 , which use debsig-verify.
I am aware of a similar question (same error message from debsig-verify, for a different .deb) in stackoverflow (https://stackoverflow.com/questions/55858700/), but what worked for that OP (changing http to https in the policy file) is not working for me.
Steps followed
I believe I successfully completed the first steps of the slack-provided instructions:
-
debsig-verifycorrectly installed:# apt-get install debsig-verify [...] # debsig-verify --version Debsig Program Version - 0.18-6-g37b7 Signature Version - 1.0 Signature Namespace - https://www.debian.org/debsig/1.0/ Policies Directory - /etc/debsig/policies Keyrings Directory - /usr/share/debsig/keyrings -
Slack’s public key downloaded:
# wget https://slack.com/gpg/slack_pubkey_2019.gpg --2019-11-21 17:19:33-- https://slack.com/gpg/slack_pubkey_2019.gpg Resolving slack.com (slack.com)... 13.249.2.166 Connecting to slack.com (slack.com)|13.249.2.166|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Saving to: ‘slack_pubkey_2019.gpg’ slack_pubkey_2019.g [ <=> ] 1.63K --.-KB/s in 0s 2019-11-21 17:19:33 (31.7 MB/s) - ‘slack_pubkey_2019.gpg’ saved [1670] -
Directories to store debsigs policies and keyrings for Slack’s public key created:
# mkdir -pv /usr/share/debsig/keyrings/F18462078E6C9578 mkdir: created directory '/usr/share/debsig/keyrings/F18462078E6C9578' # mkdir -pv /etc/debsig/policies/F18462078E6C9578 mkdir: created directory '/etc/debsig/policies/F18462078E6C9578' -
Slack’s public key imported into the corresponding debsigs keyring:
# gpg --no-default-keyring > --keyring /usr/share/debsig/keyrings/F18462078E6C9578/debsig.gpg > --import slack_pubkey_2019.gpg gpg: keybox '/usr/share/debsig/keyrings/F18462078E6C9578/debsig.gpg' created gpg: directory '/root/.gnupg' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key F18462078E6C9578: public key "Slack Packages (Signing Key) <packages@slack-corp.com>" imported gpg: Total number processed: 1 gpg: imported: 1Content of keyring file checked:
# gpg --no-default-keyring > --keyring /usr/share/debsig/keyrings/F18462078E6C9578/debsig.gpg > --check-sigs /usr/share/debsig/keyrings/F18462078E6C9578/debsig.gpg ------------------------------------------------------ pub rsa4096 2019-07-23 [SC] [expires: 2024-07-21] 93D5D2A628951B4383D8A4CEF18462078E6C9578 uid [ unknown] Slack Packages (Signing Key) <packages@slack-corp.com> sig!3 F18462078E6C9578 2019-07-23 Slack Packages (Signing Key) <packages@slack-corp.com> gpg: 1 good signature -
File
/etc/debsig/policies/F18462078E6C9578/slack.polcreated with the following contents:<?xml version="1.0"?> <!DOCTYPE Policy SYSTEM "https://www.debian.org/debsig/1.0/policy.dtd"> <Policy xmlns="https://www.debian.org/debsig/1.0/"> <Origin Name="Slack" id="F18462078E6C9578" Description="Slack"/> <Selection> <Required Type="origin" File="debsig.gpg" id="F18462078E6C9578"/> </Selection> <Verification> <Required Type="origin" File="debsig.gpg" id="F18462078E6C9578"/> </Verification> </Policy>Note that for the URLs I use
httpsrather than thehttpsuggested by the slack howto, following the advice from https://stackoverflow.com/questions/55858700/ (otherwise I also get an error). Note that this way thePolicyURL also matches theSignature Namespaceproduced bydebsig-verify --versionin step 1. above.
Unfortunately, the final step fails:
# debsig-verify -v -d slack-desktop-4.1.2-amd64.deb
debsig: Starting verification for: slack-desktop-4.1.2-amd64.deb
debsig: getSigKeyID: got F18462078E6C9578 for origin key
debsig: Using policy directory: /etc/debsig/policies/F18462078E6C9578
debsig: Parsing policy file: /etc/debsig/policies/F18462078E6C9578/slack.pol
debsig: parsePolicyFile: parsing '/etc/debsig/policies/F18462078E6C9578/slack.pol'
debsig: parsePolicyFile: completed
debsig: Checking Selection group(s).
debsig: Processing 'origin' key...
gpg: no valid OpenPGP data found.
gpg: processing message failed: Unknown system error
debsig: getKeyID subprocess returned error exit status 2
Alternative method?
If I unpack and repack the contents of the .deb package without the detached signature, I think I can successfuly verify it:
# ar xv slack-desktop-4.1.2-amd64.deb
x - debian-binary
x - control.tar.gz
x - data.tar.xz
x - _gpgorigin
#
# cat debian-binary control.tar.gz data.tar.xz > combined
#
# gpg --no-default-keyring
> --keyring /usr/share/debsig/keyrings/F18462078E6C9578/debsig.gpg
> --verify _gpgorigin combined
gpg: Signature made Fri 25 Oct 2019 02:47:26 CEST
gpg: using RSA key F18462078E6C9578
gpg: Good signature from "Slack Packages (Signing Key) <packages@slack-corp.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 93D5 D2A6 2895 1B43 83D8 A4CE F184 6207 8E6C 9578
Questions
My questions are:
-
Is the output of the last command enough to consider that the
.debpackage has been verified? -
What should I do differently to make
debsig-verifywork?