-
Type:
Bug
-
Status: Done
-
Resolution: Duplicate
-
Affects Version/s: 6.12.0
-
Fix Version/s: None
-
Component/s: Debian
-
Labels:None
-
Severity:Medium
Use-Case Details:
Artifactory-Target has a virtual repository, it comprises of a smart remote repository.
This smart repository is using local repository on Artifactory-Source.
Artifactory-Source & Artifactory-Target have GPG keys installed.
Both public keys are trusted by Ubuntu-Client, using 'sudo apt-key add <public.key>'
Artifactory-Target is set in '/etc/apt/sources.list' file.
deb <artifactory-url-to-debian-repository> trusty main restricted
We are seeing problems with virtual repository during 'sudo apt-get update' on Ubuntu-Client
When I am using the smart remote repository in 'sources.list' file, it works fine.
But, when I am using the virtual repository in 'sources.list' file, it throws the following error.
W: GPG error: http://10.168.0.123:8081/artifactory/debian trusty Release: The following signatures were invalid: BADSIG AF9C78DAE5C07BCB Sanjeev Karani <sanjeevk@jfrog.com> W: The repository 'http://10.168.0.123:8081/artifactory/debian trusty Release' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details.
- duplicates
-
RTFACT-20257 Initial GPG Verification Fails When Using Your Own GPG Keys In Debian Client When Resolving From Debian Virtual Repository
- Done