FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 04-07-2011, 12:28 AM
Jason Hsu
 
Default The following packages cannot be authenticated

I'm working on the development of the next version of Swift Linux (http://www.swiftlinux.org , http://github.com/swiftlinux). I'm now finding that when I try to add packages in a script with the "apt-get install -y <package>" command, I get an error messages "WARNING: The following packages cannot be authenticated!" and "There are problems and -y was used without --force-yes".

I know that I could add packages manually, but the two reasons not to are:
1. I'm using these "apt-get install y <package>" commands in scripts.
2. I know that I can use the --force-yes option, but is this actually safe?

A Google search yields more information than I can understand, but it sounds like my authentication key is not up-to-date. How do I resolve this matter WITHOUT throwing security under the bus?

--
Jason Hsu <jhsu802701@jasonhsu.com>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110406192831.e0f72964.jhsu802701@jasonhsu.com">h ttp://lists.debian.org/20110406192831.e0f72964.jhsu802701@jasonhsu.com
 
Old 04-07-2011, 02:17 AM
"Huang, Tao"
 
Default The following packages cannot be authenticated

I'm not familiar with the SwiftLinux project.
guess you'll have to manually update your keys.
see this wiki page for instructions.
http://wiki.debian.org/SecureApt


Cheers,

Tao
--
http://huangtao.me/
http://www.google.com/profiles/UniIsland

School of Mathematical Science, Peking University


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: BANLkTinq4O8yP6=nOpU1zESP22FR6JMqGA@mail.gmail.com ">http://lists.debian.org/BANLkTinq4O8yP6=nOpU1zESP22FR6JMqGA@mail.gmail.com
 
Old 11-30-2011, 09:57 AM
Shawn Pringle
 
Default The following packages cannot be authenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Before installing samba, I received this warning:

"The following packages cannot be authenticated!" I didn't know there
was any kind of certificate system in place. Can someone tell me what
this means exactly, how serious is the risk and why common are
packages that can be authenticated?

Shawn Pringle
- --
PGP public key available at pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJO1gwPAAoJEHJVLFhKYbxVkuUH/iNnvT0zlBrFN4JG6R+oU/NF
Pl+GxRf2yo/OtTGhJznZjtSYHU3Bn7sDebFUcvZ+uTJ//IB40FT+2JRywAgMAGUN
jEZgx9uMJW6pTX15T5tUeQk/02d4pO/+dJ29SVqqg56eqtXcsEKpqQNpMOUL+XBN
QGw3LsdDwV+owFpYMzJLyEJUaW+f+UHkquguLqR0n/DXB5WLDGorDz/r71PLIaBG
ciG7e4CGTF89zaiqziLfTwSfYdEpl6nJWOzQYMqwAcmNxAYNX4 fAJadnvymUPAlq
VLsU5F6niCJy+CjvWVn4xOORRwQkWSio2tvPYrMOjQpaaFmdyq KfrdyPkBVaGQI=
=Lywi
-----END PGP SIGNATURE-----

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-30-2011, 10:42 AM
Amichai Rotman
 
Default The following packages cannot be authenticated

First of all,* don't panic!

Please provide more information: what version of obuntu are running?

What did you use to try and install(apt-get,* Software Center)?


--------------

Amichai.

On Nov 30, 2011 12:59 PM, "Shawn Pringle" <shawn.pringle@gmail.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



Before installing samba, I received this warning:



"The following packages cannot be authenticated!" *I didn't know there

was any kind of certificate system in place. *Can someone tell me what

this means exactly, how serious is the risk and why common are

packages that can be authenticated?



Shawn Pringle

- --

PGP public key available at pool.sks-keyservers.net

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (MingW32)



iQEcBAEBAgAGBQJO1gwPAAoJEHJVLFhKYbxVkuUH/iNnvT0zlBrFN4JG6R+oU/NF

Pl+GxRf2yo/OtTGhJznZjtSYHU3Bn7sDebFUcvZ+uTJ//IB40FT+2JRywAgMAGUN

jEZgx9uMJW6pTX15T5tUeQk/02d4pO/+dJ29SVqqg56eqtXcsEKpqQNpMOUL+XBN

QGw3LsdDwV+owFpYMzJLyEJUaW+f+UHkquguLqR0n/DXB5WLDGorDz/r71PLIaBG

ciG7e4CGTF89zaiqziLfTwSfYdEpl6nJWOzQYMqwAcmNxAYNX4 fAJadnvymUPAlq

VLsU5F6niCJy+CjvWVn4xOORRwQkWSio2tvPYrMOjQpaaFmdyq KfrdyPkBVaGQI=

=Lywi

-----END PGP SIGNATURE-----



--

ubuntu-users mailing list

ubuntu-users@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-30-2011, 11:01 AM
Colin Law
 
Default The following packages cannot be authenticated

On 30 November 2011 11:42, Amichai Rotman <amichai@iglu.org.il> wrote:
> First of all,* don't panic!
> Please provide more information: what version of obuntu are running?
> What did you use to try and install(apt-get,* Software Center)?

Also the output from
apt-cache policy samba
may be useful.

Colin

>
> --------------
> Amichai.
>
> On Nov 30, 2011 12:59 PM, "Shawn Pringle" <shawn.pringle@gmail.com> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Before installing samba, I received this warning:
>>
>> "The following packages cannot be authenticated!" *I didn't know there
>> was any kind of certificate system in place. *Can someone tell me what
>> this means exactly, how serious is the risk and why common are
>> packages that can be authenticated?
>>
>> Shawn Pringle
>> - --
>> PGP public key available at pool.sks-keyservers.net
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (MingW32)
>>
>> iQEcBAEBAgAGBQJO1gwPAAoJEHJVLFhKYbxVkuUH/iNnvT0zlBrFN4JG6R+oU/NF
>> Pl+GxRf2yo/OtTGhJznZjtSYHU3Bn7sDebFUcvZ+uTJ//IB40FT+2JRywAgMAGUN
>> jEZgx9uMJW6pTX15T5tUeQk/02d4pO/+dJ29SVqqg56eqtXcsEKpqQNpMOUL+XBN
>> QGw3LsdDwV+owFpYMzJLyEJUaW+f+UHkquguLqR0n/DXB5WLDGorDz/r71PLIaBG
>> ciG7e4CGTF89zaiqziLfTwSfYdEpl6nJWOzQYMqwAcmNxAYNX4 fAJadnvymUPAlq
>> VLsU5F6niCJy+CjvWVn4xOORRwQkWSio2tvPYrMOjQpaaFmdyq KfrdyPkBVaGQI=
>> =Lywi
>> -----END PGP SIGNATURE-----
>>
>> --
>> ubuntu-users mailing list
>> ubuntu-users@lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
> --
> ubuntu-users mailing list
> ubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>



--
gplus.to/clanlaw

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-30-2011, 12:26 PM
Shawn Pringle
 
Default The following packages cannot be authenticated

I use synaptic package manager and apt-get. When I use apt-get, it asks
me if I am sure and I have a chance to bail out or continue installing
anyway. I did. Synaptic on the other hand, doesn't give me an option
to continue installing.

I haven't seen any warning like this before. Granted, I only installed
Ubuntu 10.10 recently. But it is strange to me that a package that is
older than Debian like Samba is be exceptional in this way.

The command 'apt-cache policy samba' outputs

samba:
Installed: (none)
Candidate: 2:3.5.4~dfsg-1ubuntu8.5
Version table:
2:3.5.4~dfsg-1ubuntu8.5 0
500 http://ar.archive.ubuntu.com/ubuntu/ maverick-updates/main
i386 Packages
500 http://security.ubuntu.com/ubuntu/ maverick-security/main
i386 Packages
2:3.5.4~dfsg-1ubuntu8 0
500 http://ar.archive.ubuntu.com/ubuntu/ maverick/main i386 Packages


Shawn Pringle

On 30/11/2011 9:01 AM, Colin Law wrote:
> On 30 November 2011 11:42, Amichai Rotman <amichai@iglu.org.il> wrote:
>> First of all, don't panic!
>> Please provide more information: what version of obuntu are running?
>> What did you use to try and install(apt-get, Software Center)?
>
> Also the output from
> apt-cache policy samba
> may be useful.
>
> Colin
>
>>
>> --------------apt-
>> Amichai.
>>
>> On Nov 30, 2011 12:59 PM, "Shawn Pringle" <shawn.pringle@gmail.com> wrote:
>>>
> Before installing samba, I received this warning:
>
> "The following packages cannot be authenticated!" I didn't know there
> was any kind of certificate system in place. Can someone tell me what
> this means exactly, how serious is the risk and why common are
> packages that can be authenticated?
>
> Shawn Pringle
>>>
>>> --
>>> ubuntu-users mailing list
>>> ubuntu-users@lists.ubuntu.com
>>> Modify settings or unsubscribe at:
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>
>>
>> --
>> ubuntu-users mailing list
>> ubuntu-users@lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>
>
>
>

--
PGP public key available at pool.sks-keyservers.net

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-30-2011, 12:53 PM
Shawn Pringle
 
Default The following packages cannot be authenticated

I use synaptic package manager and apt-get. When I use apt-get, it asks
me if I am sure and I have a chance to bail out or continue installing
anyway. I did. Synaptic on the other hand, doesn't give me an option
to continue installing.

I haven't seen any warning like this before. Granted, I only installed
Ubuntu 10.10 recently. But it is strange to me that a package that is
older than Debian like Samba is be exceptional in this way.

Shawn Pringle

On 30/11/2011 9:01 AM, Colin Law wrote:
> On 30 November 2011 11:42, Amichai Rotman <amichai@iglu.org.il> wrote:
>> First of all, don't panic!
>> Please provide more information: what version of obuntu are running?
>> What did you use to try and install(apt-get, Software Center)?
>
> Also the output from
> apt-cache policy samba
> may be useful.
>
> Colin
>
>>
>> --------------apt-
>> Amichai.
>>
>> On Nov 30, 2011 12:59 PM, "Shawn Pringle" <shawn.pringle@gmail.com> wrote:
>>>
> Before installing samba, I received this warning:
>
> "The following packages cannot be authenticated!" I didn't know there
> was any kind of certificate system in place. Can someone tell me what
> this means exactly, how serious is the risk and why common are
> packages that can be authenticated?
>
> Shawn Pringle
>>>
>>> --
>>> ubuntu-users mailing list
>>> ubuntu-users@lists.ubuntu.com
>>> Modify settings or unsubscribe at:
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>
>>
>> --
>> ubuntu-users mailing list
>> ubuntu-users@lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>
>
>
>

--
PGP public key available at pool.sks-keyservers.net

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-30-2011, 01:53 PM
sktsee
 
Default The following packages cannot be authenticated

On 11/30/2011 04:57 AM, Shawn Pringle wrote:

[snip]


Before installing samba, I received this warning:

"The following packages cannot be authenticated!" I didn't know there
was any kind of certificate system in place. Can someone tell me what
this means exactly, how serious is the risk and why common are
packages that can be authenticated?



That usually means that you need to run "sudo apt-get update" before
installing your package so that apt can authenticate the repo.


The following link explains the process of how APT authenticates
repositories and checks package integrity.


http://wiki.debian.org/SecureApt

--
sktsee


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-02-2011, 08:09 AM
Marius Gedminas
 
Default The following packages cannot be authenticated

On Wed, Nov 30, 2011 at 08:53:41AM -0600, sktsee wrote:
> On 11/30/2011 04:57 AM, Shawn Pringle wrote:
>
> [snip]
> >
> >Before installing samba, I received this warning:
> >
> >"The following packages cannot be authenticated!" I didn't know there
> >was any kind of certificate system in place. Can someone tell me what
> >this means exactly, how serious is the risk and why common are
> >packages that can be authenticated?
> >
>
> That usually means that you need to run "sudo apt-get update" before
> installing your package so that apt can authenticate the repo.

Incidentally, why does it happen? An intermittent network connection
that didn't let the previous apt-get update download the right
Release.gpg? An archive update that coincided with your apt-get update,
and so you downloaded a Packages.gz that is newer than your Release
file?

> The following link explains the process of how APT authenticates
> repositories and checks package integrity.
>
> http://wiki.debian.org/SecureApt

I see my question is also raised (but not answered) in that FAQ:

} Another problem you may encounter if using testing or unstable is that
} if you have not run apt-get update lately and apt-get install a package,
} apt might complain that it cannot be authenticated (why does it do
} this?). apt-get update will fix this.

Marius Gedminas
--
A computer without Windows 9x is like a fish without a bicycle.
-- With apologies to Gloria Steinem
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-05-2011, 01:48 PM
sktsee
 
Default The following packages cannot be authenticated

On Fri, 02 Dec 2011 11:09:22 +0200, Marius Gedminas wrote:

> On Wed, Nov 30, 2011 at 08:53:41AM -0600, sktsee wrote:

[snip]

>> That usually means that you need to run "sudo apt-get update" before
>> installing your package so that apt can authenticate the repo.
>
> Incidentally, why does it happen? An intermittent network connection
> that didn't let the previous apt-get update download the right
> Release.gpg? An archive update that coincided with your apt-get update,
> and so you downloaded a Packages.gz that is newer than your Release
> file?
>
>> The following link explains the process of how APT authenticates
>> repositories and checks package integrity.
>>
>> http://wiki.debian.org/SecureApt
>
> I see my question is also raised (but not answered) in that FAQ:
>
> } Another problem you may encounter if using testing or unstable is that
> } if you have not run apt-get update lately and apt-get install a
> package, } apt might complain that it cannot be authenticated (why does
> it do } this?). apt-get update will fix this.
>

I'm as clueless as to why this occurs as the person who wrote that
paragraph. But since that person is longtime Debian developer Joey Hess,
I don't feel so bad about my ignorance.

--
sktsee


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 06:39 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org