Posts: 47
boombaby
Joined: 20 Apr 2016
#1
Hello, Antix Team...

I began a thread at LinuxQuestions here...


========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://www.linuxquestions.org/questions/linux-software-2/"
linktext was:"http://www.linuxquestions.org/questions ... oftware-2/"
====================================
[damn-not-solved]-not-authenticated-in-synaptics-package-manager-4175585391/


...as a simple "Here's a solution I found for a problem". [I did that because I had found several"fixes" for my problem - all different.] As it turned out - which you can read therein - I hadn't fixed it. However I still thought that the problem was a generic Linux thing - and it STILL might be. (I don't know.)

However the"fix" has turned into a bit of a saga, and I am still not sure where it's headed. So, I am now thinking that it is probably something specific for ANTIX to look at, so the matter might be resolved quickly.

Can someone in the A-Team (ummm G-team?) check it out and"introduce" a fix attempt herein? Can we do that? Or would you rather it plays out there?

Regards,
aka boombaby
Last edited by boombaby on 18 Aug 2016, 09:04, edited 3 times in total.
Posts: 2,238
dolphin_oracle
Joined: 16 Dec 2007
#2
I think you should post an inxi -r output after you do a reload of sources and get that message.

NOT AUTHENTICATED generally means a signing key either doesn't match or isn't installed. It also generally applies to both packages that are being installed (including updates) as well as to the package lists from the repo in question. In reading your thread, I didn't see where you reloaded sources after disabling the repo (maybe you did, I just didn't see it). In synaptic, no changes to repos take place until you run the reload (which is idenctical to running apt-get update from the command line). also, from your synaptic screenshot, it looks like you are trying to install a NON AUTHENTICATED package but we can't tell what that package is without expanding the menu in the screenshot. Knowing what package it is will help determine which repo is affected.

Also, running apt-get update on the command line may also point clues to the repo in question.
Posts: 47
boombaby
Joined: 20 Apr 2016
#3
Hello, dolphin_oracle...

As a quick response (in a complex issue also being discussed elsewhere):

>> 1.
A"signing key" means something to you - and I also have a rough idea it might be some kind of authorization - but what exactly is it in this case of Synaptics/Antix, and how best do I check/install/use it?

>> 2.
Does your phrase"reload sources" mean"reload pkg information" - as in the Edit menu of Synaptics?

>> 3.
If the above is affirmative, then yes, I did. I clicked"reload" after removing the"Epson" repo. Also since then I have: exited/started Synaptics; re-booted/shutdown PC; re-clicked (ie downloaded) repo/pkg-info several times more; and maybe some other combos too.

>> 4.
No; I am only installing pkgs from the safe Antix/Debian repos (as shown early in the thread) - and no other (except the one for the Epson printer driver, which has already been removed days ago).

>> 5.
Yes, there already is an"inxi -r" in the thread, now reproduced herein...

$ inxi -r
Repos: Active apt sources in file: / etc/apt/sources.list.d/antix.list
deb
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://mx.debian.nz/antix/jessie/"
linktext was:"http://mx.debian.nz/antix/jessie/"
====================================
jessie main nosystemd
Active apt sources in file: / etc/apt/sources.list.d/debian.list
deb
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://ftp.au.debian.org/debian/"
linktext was:"http://ftp.au.debian.org/debian/"
====================================
jessie main contrib non-free
deb
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://security.debian.org/"
linktext was:"http://security.debian.org/"
====================================
jessie/updates main contrib non-free

>> 6.
No; not installing a non-authenticated package - at least not that I know of (given the repo list)
(No other repos - beside the Epson days ago - has ever been used.)

>> 7.
N.B.
Also in one of my most-recent posts in that thread (ie most-recent at this moment) I indicated that I could (at one time) - after immediately opening Synaptics - setup and download a package (eg any pkg) without incident - but if I cancelled it, and clicked"reload" then attempted a second setup/download of the same package Synaptics barked and created that error notice.

N.N.B.
Note that at one stage this behaviour (ie error generation) would happen in any second download, that is, even AFTER a successful first download (after re-opening Synaptics).

N.N.N.B.
TODAY, however, I tried to generate this error (ie triggered after a"reload") to demo it for you, but it did NOT happen.

N.N.N.N.B.
However, after the 2nd & 3rd attempts to generate the error failed, I clicked on the "show screenshot" button (ie for Lincity pkg) and then on the next (4th) attempt at the download ,viola, there's the error notification! [When I say"viola" I'm not necessary"happy", I just mean"viola - I'm not going mad, it really did happen before!".]

So, despite the"not downloaded" lists being the same for both the successful and error attempts, I have included the screenshots for BOTH - the straighforward download/install, and the one afterwards - to show the"NOT AUTHENTICATED" error that is being generated on THE SAME SINGLE PKG.

Is this now enough to solve?

Regards,
Posts: 88
kmathern
Joined: 25 Aug 2012
#4
I don't have an answer for the"NOT AUTHENTICATED" part of your problem.

I do think I might have an answer regarding the"23 packages will be held back and not upgraded" thing that seems to be bothering 'hydrurga' in your other thread at linuxquestions.org.
I think you probably have Synaptic's upgrade preference set at"Default Upgrade" instead of"Smart Upgrade".

Synaptic's"Default Upgrade" is the equivalent of `apt-get upgrade`, it will hold back upgrades if they require new packages to be installed.
It will also hold back upgrades that would require the removal of any currently installed packages.

Synaptic's"Smart Upgrade" is the equivalent of `apt-get dist-upgrade`, it will install or remove packages as needed to make the upgrade go thru.

You can change the upgrade preference by going to Settings -> Preferences -> General Tab. Then on the 'System upgrade' dropdown select"Smart Upgrade" and apply.
Shay
Joined: 20 Apr 2015
#5
kmathern wrote: I think you probably have Synaptic's upgrade preference set at"Default Upgrade" instead of"Smart Upgrade".

Synaptic's"Default Upgrade" is the equivalent of `apt-get upgrade`, it will hold back upgrades if they require new packages to be installed.
It will also hold back upgrades that would require the removal of any currently installed packages.

Synaptic's"Smart Upgrade" is the equivalent of `apt-get dist-upgrade`, it will install or remove packages as needed to make the upgrade go thru.

You can change the upgrade preference by going to Settings -> Preferences -> General Tab. Then on the 'System upgrade' dropdown select"Smart Upgrade" and apply.
Thank you for that explanation!
Posts: 47
boombaby
Joined: 20 Apr 2016
#6
Thanks, kmathern...

I agree with Shay; great explanation.

1.
My system is not set to auto upgrade/update.

My setting in Synaptics > Prefs > Gen > System Upgrade ...is set to"Always Ask".

I also comment that"Reload outdated package info" ...is also set to"Always Ask".

So you were right about the"default" setting you analyzed.

N.B.
Tonight, in conjunction with"hydrurga's" comments, and searching out what he had recommended (despite the Ubuntu"flavour" differences), I reviewed Repos and Preference settings, and changed...

Prefs > Distro >"Pkg upgrade behaviour" setting from"Always prefer - highest" ...to"Always prefer Stable"

* At the moment I am not worried about the 23 pkgs - UNLESS it impacts (ie and is shown/confirmed to impact) on the distro ops.

So...

2.
I still seek out the"NOT AUTHENTICATED" resolution.

.
Thanks.

Regards,
Posts: 850
fatmac
Joined: 26 Jul 2012
#7
'Can't be authenticated' basically just means that whoever built it doesn't have any recognised authorisation key. It is up to you to decide whether to trust the source or not.

Edit: I think the 'Unchanged' are dependencies of the package you are installing, but are already on the system.
Posts: 1,062
Dave
Joined: 20 Jan 2010
#8
Search debian-archive-keyring. Select install or upgrade, it will say not authenticated but that is given that you do not have the keyring included in that package. So install it anyway, then reload and you should be good. You can also do this with antix-archive-keyring
Posts: 47
boombaby
Joined: 20 Apr 2016
#9
Given the info provided by Dave about two pkgs (debian-archive-keyring -&- antix-archive-keyring) I:-

> Checked Synaptics Pkg Mgr and the two packages were already installed.

> I attempted to re-install"antix-archive-keyring".

> In doing that the NOT AUTHENT error occurred (just as Dave had surmised). I continued (as per instruction).

> An ERROR box popped up. (I did not record it. Sorry. I am unable to remember the exact wording but it mentioned"Could not find..." a file (module?) in a directory. It also had a W (warning?) as an enquiry whether pkg "apt-transport-https" was installed. I checked; it wasn't. (I did NOT load it.)

> I immediately attempted a re-install of pkg"antix-archive-keyring", which - this time - concluded without problems (ie the NOT AUTHENT problem did NOT re-occur), and the re-install completed. [Note well, however, that I had been able to download/install somewhat randomly so I was not convinced yet that anything was different.]

> Several times I set up to download another random pkg which, each time, did NOT produce the NOT AUTHENT error notice. [Again, not particularly odd in the circumstances.]

> So I did a RELOAD (of Repos) and an error occurred (which has never happened before). See the attached error about the NZ repo.

> After this NOT AUTHENT problem had begun and had kicked around a bit I noticed that the"Get Screenshot" button (in the pkg info) would not return a screenshot. That sometimes used to happen so it didn't bother me too much at the time. However I also recently commented that if I clicked that button, no screenshot would (ever) show, then afterwards the NOT AUTHENT notice would (definitely) happen. However now - after the re-install of pkg"antix-archive-keyring" - I DO get screenshots, and (or but) the NOT AUTHENT notice is NOT happening (at least in the few attempts that I have tried).

.
So...at the moment I am left with the possibility that:-

1. the NOT AUTHENTICATED notice is gone - because I cannot reproduce it (as before);
2. a continuing (failed) Repo connect means I might need a key (is that right?), or remove the Repo (?);
3. I may - or may not - need to install the"apt-transport-https" pkg;
4. something else.


My assessment (after Dave's help) is that, to take it one step at a time, I think the problem is with the Repo, so what do I do there - delete it, disable it, find a key, something else?

PROVISO: What I need to be careful of is whether the NOT AUTHENT problem is finally resolved, and/or whether the Repo actually needs fixing up. To put it another way, are the two problems related, and will fixing the Repo problem mean that BOTH problems are fixed?

What's your take, Dave (et al)?

Regards,
Posts: 1,062
Dave
Joined: 20 Jan 2010
#10
I do not know exactly if the antix-archive-keyring also includes the gpg keys for the mx repos.
However now you are getting a missing signature error rather than not being able to authenticate with the signatures.

The original package you were installing in the screenshot (lincity) seems to come from the debian repo.
Normally when I get a could not be authenticated message it is due to the gpg signature file being different, missing, or stale.
So being that lincity seemed to come from the debian repo I thought best update the debian-archive-keyring package.
If the package came from the antix repo then you would update the antix-archive-keyring package.

Now that you have a missing signature gpg error after playing with those two packages I would double check they are both installed.
I would give you the name of the archive-keyring package for the mx repos but I am not certain what it is or if it is part of the antix-archive-keyring package.
So...at the moment I am left with the possibility that:-

1. the NOT AUTHENTICATED notice is gone - because I cannot reproduce it (as before);
2. a continuing (failed) Repo connect means I might need a key (is that right?), or remove the Repo (?);
3. I may - or may not - need to install the"apt-transport-https" pkg;
4. something else.
1. ok good
2. failing to connect to a repo and not having a valid signature file / key are different... but maybe synaptic shows them as the same???
The signature file/key will verify packages for you so that you do not get the gpg error: or unable to authenticate notification.
If you are truly failing to connect I would try another mirror at the moment and see if the problem goes away
I think that mx.debian.nz is a mirror of the mx repo... so then the main repo that it would mirror is
deb
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://mxrepo.com/mx/repo/"
linktext was:"http://mxrepo.com/mx/repo/"
====================================
mx15 non-free main
3. Not sure why or what that package is good for
4. ........

As I am not familiar with how synaptic does things error wise could we utilize apt-get directly?
In root terminal
type: apt-get update (post results)
type: apt-get -f install antix-archive-keyring debian-archive-keyring (and say yes the questions, post results)
type: apt-get update (post results)

and we will go from there....
Posts: 88
kmathern
Joined: 25 Aug 2012
#11
These commands will install the gpg keys for the mepiscr/mx14/mx15 repos:

Code: Select all

su -c 'gpg --keyserver keyserver.ubuntu.com --recv-keys 3B07EE13; gpg --armor --export 3B07EE13 | apt-key add - '

Code: Select all

su -c 'gpg --keyserver keyserver.ubuntu.com --recv-keys 14E225A0; gpg --armor --export 14E225A0 | apt-key add - '
Posts: 47
boombaby
Joined: 20 Apr 2016
#12
Thanks, Dave and kmathern.

That specific package should not be the issue; it's just a random package.

The MX Repo key as put should not be an issue; the 3 Repo's, listed previously, have been standard for me all along.

.
OK, considering my last screenshot of the Repo error, maybe someone can enlighten me on Synaptics usage (as it relates to Antix-16).

If I hit reload (of Repo's) with that Repo ENABLED the error is produced. As a pnewbie reading that message it tells me the Repo (via a key connect) is unavailable (for some reason). To"me"? To"me only", or to everyone? Because the site doesn't have a public key there, or because I don't have a"key" here? [Yes; I understand the key"concept" but have never had to deal with it"practically".]

Currently, if I DISABLE that Repo, and hit reload I do not get any issues at all. Do I avoid that Repo? It's"Antix", isn't it?

Is my solution to permanently disable that Repo? Reload it in some way? Find/load a key?

Lastly, if the Repo IS the problem (or is NOW the problem) then why?

Have I read the"problem" characteristics, and the new error message correctly?

It may take a senior Member at Antix to convince me of the right way to go here.


P.S.
Oh yeah. Even whether the Repo is enable or disabled, after the reinstall of"antix-archive-keyring" there is no"NOT AUTHENTICATED" issue showing so far. Is that resolved or not, do you think?

.
Regards,
Posts: 1,062
Dave
Joined: 20 Jan 2010
#13
One updated item to the list after kmathern.

Do the following in root terminal
type: apt-get update
type: apt-get -f install antix-archive-keyring debian-archive-keyring (and say yes the questions)
Type: su -c 'gpg --keyserver keyserver.ubuntu.com --recv-keys 3B07EE13; gpg --armor --export 3B07EE13 | apt-key add - '
Type: su -c 'gpg --keyserver keyserver.ubuntu.com --recv-keys 14E225A0; gpg --armor --export 14E225A0 | apt-key add - '
type: apt-get update (post results)


Ps how long does one need to be a member to be senior?
Posts: 47
boombaby
Joined: 20 Apr 2016
#14
Dave, how long is a piece of string?

Even then, is it - really - going to be long enough?. .[One can never have too much string ...Rudolf Smuntz]

.
Note, that I have re-installed both antix and debian keyrings (pkgs mentioned by a senior? member somewhere earlier) - although I use(d) Synaptics Pkg Mgr. [I mentioned the antix keyring re-install before, but later I also did the debian one too. So they're done.] Remember I said that (appears to have) stopped the"NOT AUTHENTICATED" notice. (So I don't really want to muck with them again without cause.)

Also, remember I said in my last post that disabling the said Repo stopped the emergent Error notice about the public key - although I am unclear why, if, should I, should I not, really?, etc.

Further, no explanation of the keyring thing has been offered, as requested.


Now, just so I don't get confused further on this... ...why, exactly, am I touching 'ubuntu.com' for anything in Antix?

Regards,
Posts: 1,062
Dave
Joined: 20 Jan 2010
#15
1) type: apt-get update
2) type: apt-get -f install antix-archive-keyring debian-archive-keyring (and say yes the questions)
3) Type: su -c 'gpg --keyserver keyserver.ubuntu.com --recv-keys 3B07EE13; gpg --armor --export 3B07EE13 | apt-key add - '
4) Type: su -c 'gpg --keyserver keyserver.ubuntu.com --recv-keys 14E225A0; gpg --armor --export 14E225A0 | apt-key add - '
5) type: apt-get update (post results)

1) does not hurt anything and will get the latest available packages even with the error. (same as synaptic reload) DONE VIA SYNAPTIC ... OK
2) tries to install the two packages, if they are already installed it would do no more than tell you they are already installed with the latest version. If newer version available it would install the newer version. DONE VIA SYNAPTIC ... OK
3) retrieves and adds missing gpg key for the mx repo (according to kmathern) as the mx repo does not have a archive-keyring package. AFAIK you can use any key server, do not have to use ubuntu.
4) same as number 3 but for another mx key
5) See if it produces the error or if all is fixed.

Yes disabling the MX repo will get rid of the error because you are missing the MX repo keys. I do not know being that you are running straight antiX that you need the MX repo, but I imaging you have some packages from there at some point (xfce maybe?). Being that they are both really the same base then there should be no problems AFAIK with leaving them enabled. Disabling them might pose a problem depending on why it was enabled in the first place.

Not sure what you are asking about the keyring
debian puts all trusted keys in a keyring deb (debian-archive-keyring)
antix does the same (antix-archive-keyring)
MX apparently does this manually... Probably because they have a utility to find and fix missing / outdated gpg keys

ubuntu.com was simply the keyring server that was specified. I would imagine you can use another keyserver such as keys.gnupg.net.