jba Posted October 7 Posted October 7 I just updated my odroid hc2 from bookworm to trixie. Everything went find and the system is running. However, I now get the following message from "apt-get update": W: https://github.armbian.com/configng/dists/stable/InRelease: Policy will reject signature within a year, see --audit for details W: http://apt.armbian.com/dists/trixie/InRelease: Policy will reject signature within a year, see --audit for details Using the --audit option I get: W: https://github.armbian.com/configng/dists/stable/InRelease: Policy will reject signature within a year, see --audit for details A: https://github.armbian.com/configng/dists/stable/InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on DF00FAF1C577104B50BF1D0093D6889F9F0E78D5 is not bound: No binding signature at time 2025-10-06T08:29:30Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z Missing key 8CFA83D13EB2181EEF5843E41EB30FAF236099FE, which is needed to verify signature. W: http://apt.armbian.com/dists/trixie/InRelease: Policy will reject signature within a year, see --audit for details A: http://apt.armbian.com/dists/trixie/InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on DF00FAF1C577104B50BF1D0093D6889F9F0E78D5 is not bound: No binding signature at time 2025-10-07T19:06:52Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z Missing key 8CFA83D13EB2181EEF5843E41EB30FAF236099FE, which is needed to verify signature. So a key is missing. Where can I get it? And how to install it? Jürgen 0 Quote
Solution The Tall Man Posted October 7 Solution Posted October 7 (edited) That's already a topic (with a solution): https://forum.armbian.com/topic/55129-trixie-apt-warning-policy-will-reject-signature-within-a-year/ Edited October 7 by The Tall Man 0 Quote
ttnp Posted Thursday at 09:44 AM Posted Thursday at 09:44 AM I also got Hinweis: Fehlendes Signed-By im Eintrag sources.list(5) für »http://deb.debian.org/debian« I had to complete in /etc/apt/sources.list.d/debian-backports.sources the line Signed-By: into Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg 0 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.