Aptitude thinks all packages are untrusted

Michael Torrie torriem at gmail.com
Fri Apr 2 12:08:39 MDT 2010

On 04/02/2010 11:21 AM, Tod Hansmann wrote:
> I'm pretty much just guessing here, but is gpg working on your system?  
> Do you have additional sources in your sources.list that aren't part of 
> the Debian archives?  Is the keyring all setup correctly in 
> /etc/apt/trusted.gpg?  Does that file have the proper permissions?

Yes said I have gnupg installed and it works.  The sources.list file
contains only the standard debian sources.  updates, volatile, stable, etc.

I have no idea if the trusted.gpg is set up correctly.  I ran apt-key
list and it showed me all the keys that it had (I listed them in my
previous e-mail).  I tried downloading the keys with gpg and using
apt-key to add them.  This worked fine, but I had the keys already
before I did that, just to be consistent.

So everything appears to be right.  Unfortunately neither apt or
aptitude will tell my why they don't trust the packages.  They aren't
complaining about a missing gpg key; they appear to think the packages
aren't signed at all.  Now from what I've read, this might actually be
true.  I don't think debian actually signs the packages at all yet (from
what I read on the debian lists).  Rather they sign the Release file
that apt uses as an index.

> It can't be too many things.  Apt isn't exactly complex in this regard, 
> so I'd start from there and if that provides you the answers, great.  If 
> not, I'll try to come up with more scenarios it could possibly be.  What 
> packages do you already have installed?

We're talking about a minimal 400 MB install of only official debian
lenny packages.  No X11, no extra tools.  Just your basic libraries and
command line tools at this point. Nothing is installed that's not from
debian stable.  What packages in particular are you wondering about?

More information about the PLUG mailing list