[obspy-users] Invalid package signature on Debian Stretch

Tobias Megies megies at geophysik.uni-muenchen.de
Mon Jan 8 14:47:27 CET 2018

Hi Wasja,

thanks for letting me know. After some digging I found that the
signatures were all OK, but Debian nowadays enforces stronger hashing
algorithms for the signatures on the repository metadata.

See https://github.com/obspy/obspy/issues/2037 for details.

In any case, the warning on newer Debian/Ubuntu should be gone now.


On 08/01/18 12:33, Wasja Bloch wrote:
> Dear list,
> I'm trying to install obyspy on a Debian stretch system. This fails with
> warnings about invalid signatures, which puzzles me, because I imported
> the key as described in the manual:
> 1. I included this repository to my /etc/apt/sources.list:
> # Obspy
> deb http://deb.obspy.org stretch main
> 2. I downloaded and imported the key:
> $ wget --quiet -O - https://raw.github.com/obspy/obspy/master/misc/debian/public.key | sudo apt-key add -
> 3. I tried to update the repository, which fails:
> $ sudo apt-get update
> W: GPG error: http://deb.obspy.org stretch InRelease: The following
> signatures were invalid: AB88DF222C40D448E99F0F07054D40E834811F05
> W: The repository 'http://deb.obspy.org stretch InRelease' is not signed.
> N: Data from such a repository can't be authenticated and is therefore
> potentially dangerous to use.
> Now I wonder, whether I missed something, or whether there is maybe a
> problem with the signature of the package for debian stretch?
> Thanks!
> Wasja
> _______________________________________________
> obspy-users mailing list
> obspy-users at lists.swapbytes.de
> http://lists.swapbytes.de/mailman/listinfo/obspy-users

More information about the obspy-users mailing list