I just downloaded debian-hurd-20210812.img, and started it in kvm.
apt-get update then failed:

oot@debian:/home/demo# apt-get update
Get:1 http://snapshot.debian.org/archive/debian-ports/20210812T100000Z
sid InRelease [55.3 kB]
Get:2 http://snapshot.debian.org/archive/debian-ports/20210812T100000Z unreleased InRelease [56.6 kB]
Get:3 http://snapshot.debian.org/archive/debian/20210812T100000Z sid
InRelease [165 kB]
Err:1 http://snapshot.debian.org/archive/debian-ports/20210812T100000Z
sid InRelease
The following signatures were invalid: EXPKEYSIG 5A88D659DCB811BB
Debian Ports Archive Automatic Signing Key (2021) <[email protected]>
Err:2 http://snapshot.debian.org/archive/debian-ports/20210812T100000Z unreleased InRelease
The following signatures were invalid: EXPKEYSIG 5A88D659DCB811BB
Debian Ports Archive Automatic Signing Key (2021) <[email protected]>
Get:4 http://snapshot.debian.org/archive/debian/20210812T100000Z
sid/main Sources [9094 kB]
Reading package lists... Done

W: GPG error:
http://snapshot.debian.org/archive/debian-ports/20210812T100000Z sid
InRelease: The following signatures were invalid: EXPKEYSIG
5A88D659DCB811BB Debian Ports Archive Automatic Signing Key (2021) <[email protected]>
E: The repository 'http://snapshot.debian.org/archive/debian-ports/20210812T100000Z sid InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
configuration details.
W: GPG error:
http://snapshot.debian.org/archive/debian-ports/20210812T100000Z
unreleased InRelease: The following signatures were invalid: EXPKEYSIG 5A88D659DCB811BB Debian Ports Archive Automatic Signing Key (2021) <[email protected]>
E: The repository 'http://snapshot.debian.org/archive/debian-ports/20210812T100000Z
unreleased InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
configuration details.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

Philipp Klaus Krause, le jeu. 10 févr. 2022 17:09:26 +0100, a ecrit:

I just downloaded debian-hurd-20210812.img, and started it in kvm. apt-get update then failed:

Yes, the problem is that the debian-ports archive key is updated every
year, and thus its liveness doesn't span the whole timespan of a
release. A way to fix this is to avoid checking the gpg signature, and
rely only on https:

deb [trusted=yes] https://snapshot.debian.org/archive/debian-ports/20210812T100000Z/ sid main
deb [trusted=yes] https://snapshot.debian.org/archive/debian-ports/20210812T100000Z/ unreleased main
deb-src [trusted=yes check-valid-until=no] http://snapshot.debian.org/archive/debian/20210812T100000Z/ sid main

I have now updated the images accordingly.

I don't know a way to tell apt to tell gpg to ignore the expired key
issue.

Samuel

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, Feb 10, 2022 at 11:09 AM Philipp Klaus Krause <[email protected]> wrote:

I just downloaded debian-hurd-20210812.img, and started it in kvm.
apt-get update then failed:
...
Get:3 http://snapshot.debian.org/archive/debian/20210812T100000Z sid InRelease [165 kB]
Err:1 http://snapshot.debian.org/archive/debian-ports/20210812T100000Z
sid InRelease
The following signatures were invalid: EXPKEYSIG 5A88D659DCB811BB
Debian Ports Archive Automatic Signing Key (2021) <[email protected]>

You might consider filing a bug against Debian or Apt. There's no such
thing as an expired signature.

For those who desire a key to have attributes, either (1) the key was
valid at the time and applied the signature or (2) the key was not
valid.
A valid signature does not transition to invalid after the signature
has been applied.

The only way to invalidate signatures is to revoke the key. There's no
reason to revoke the key here.

This is just more Debian key mismanagement. They have a chronic problem.

Jeff

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)