Unable to install on a new Debian 12 | GPG Error

What type of hardware are you using: Virtual machine
What YunoHost version are you running: 12
How are you able to access your server: SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: /home is a second drive

Describe your issue

so i installed Debian 12
then reboot
and now when I
sudo -i
curl https://install.yunohost.org | bash

I have this error:

Should YunoHost override the SSH configuration (y/n) ? y
:rocket: Letā€™s go !
:scroll: Detailed logs will be available in /var/log/yunohost-installation_20241208_041242.log
1/5 ā€¢ Running system upgrades
apt-get update --allow-releaseinfo-changeā€™ failed. Please check /var/log/yunohost-installation_20241208_041242.log for debugging
[FAIL] Failed to upgrade the system
[INFO] Installation logs are available in /var/log/yunohost-installation_20241208_041242.log
root@yunohost:~# sudo apt-get update --allow-releaseinfo-change
Hit:1 Index of /debian bookworm InRelease
Hit:2 Index of /debian-security bookworm-security InRelease
Hit:3 Index of /debian bookworm-updates InRelease
Get:4 Index of /debian/ bookworm InRelease [15.4 kB]
Err:4 Index of /debian/ bookworm InRelease
The following signatures couldnā€™t be verified because the public key is not available: NO_PUBKEY 5D09F2273DAC3BD5
Reading package listsā€¦ Done
W: GPG error: Index of /debian/ bookworm InRelease: The following signatures couldnā€™t be verified because the public key is not available: NO_PUBKEY 5D09F2273DAC3BD5
E: The repository ā€˜Index of /debian/ bookworm InReleaseā€™ is not signed.
N: Updating from such a repository canā€™t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Yes I ran: apt-get update --allow-releaseinfo-change

Share relevant logs or error messages

Should YunoHost override the SSH configuration (y/n) ? y
:rocket: Letā€™s go !
:scroll: Detailed logs will be available in /var/log/yunohost-installation_20241208_041242.log
1/5 ā€¢ Running system upgrades
apt-get update --allow-releaseinfo-changeā€™ failed. Please check /var/log/yunohost-installation_20241208_041242.log for debugging
[FAIL] Failed to upgrade the system
[INFO] Installation logs are available in /var/log/yunohost-installation_20241208_041242.log
root@yunohost:~# sudo apt-get update --allow-releaseinfo-change
Hit:1 Index of /debian bookworm InRelease
Hit:2 Index of /debian-security bookworm-security InRelease
Hit:3 Index of /debian bookworm-updates InRelease
Get:4 Index of /debian/ bookworm InRelease [15.4 kB]
Err:4 Index of /debian/ bookworm InRelease
The following signatures couldnā€™t be verified because the public key is not available: NO_PUBKEY 5D09F2273DAC3BD5
Reading package listsā€¦ Done
W: GPG error: Index of /debian/ bookworm InRelease: The following signatures couldnā€™t be verified because the public key is not available: NO_PUBKEY 5D09F2273DAC3BD5
E: The repository ā€˜Index of /debian/ bookworm InReleaseā€™ is not signed.
N: Updating from such a repository canā€™t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Eeeeh okay, it looks like you donā€™t have the GPG key for debian in there so eh that sounds unrelated to YunoHost x_x

/usr/share/keyrings/yunohost-bookworm.gpg is empty

in /etc/apt/sources.list.d/yunohost.list

deb [signed-by=/usr/share/keyrings/yunohost-bookworm.gpg] Index of /debian/ bookworm stable

so highly added by: yunohost script

I tried:

deb [signed-by=/usr/share/keyrings/yunohost-bookworm.gpg] Index of /debian/ bookworm stable
deb [signed-by=/usr/share/keyrings/yunohost-bookworm.gpg] Index of /debian/ bookworm stable
deb Index of /debian/ bookworm stable

none of them works

Ah I see, I was confused by the autoformat in the post, it looked like the GPG error was about debianā€™s repos ā€¦

Well in that case Iā€™m confused as to why it crashes directly at the beginning of the install with that error during step ā€œ1/5ā€ ā€¦ At that stage, you ainā€™t even supposed to have the yunohost repo in the sources.list ā€¦

Could it be that this was not the first install attempt and you re-launched the install script which then failed earlier ā€¦?

yes; it fail because it dont have the Yunohost GPG
so yes; I try to fix it
so yes I tried few times with different approach

what if I add this key ?

is it the right one ?
how I add this ?

The install script is supposed to download the key using this line : install_script/bookworm at main Ā· YunoHost/install_script Ā· GitHub

(but it would be good to understand why itā€™s failing inside the script @_@)

root@yunohost:~# curl --fail --silent https://forge.yunohost.org/yunohost_bookworm.asc | gpg --dearmor > /usr/share/keyrings/yunohost-bookworm.gpg

gpg: no valid OpenPGP data found.

but the link (https://forge.yunohost.org/yunohost_bookworm.asc) work and it is good :frowning:

I have gpg and curl

Wokay so uh if you run : curl --fail --silent https://forge.yunohost.org/yunohost_bookworm.asc

Are you seeing a big block of text looking like :

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBGRT91MBDADFtawa4YMQn7aMoIJOEiZFC8BgTDKa+1QMax9pQyd5pDVi2fjw
[...]
HutDE+J698jegLwL+/IUh5GO4NRPrNatmtYi8Br1aRbvnoXfV8qEFTdTizL3lp1z
rX4=
=K3LS
-----END PGP PUBLIC KEY BLOCK-----

ok I wget https://forge.yunohost.org/yunohost_bookworm.asc
and added with gpg --dearmor > /usr/share/keyrings/yunohost-bookworm.gpg

I think it is cause by my DNS

@Aleks thanks for your quick help :wink:

(It would still be nice to know what happens with the curl though to understand and fix the issue for everybody @_@)

Iā€™m pretty sure itā€™s my DNS
now I have this ERROR: curl: (6) Could not resolve host: install.yunohost.org

now I have this error :wink:

apt-get dist-upgrade -y -o Dpkg::Options::=ā€“force-confold

Iā€™ll reset my Debian with my new DNS config

the real solution seams to disable IPv6

@Aleks

Now it is installed; Iā€™m able to log in the WebUI
and when I try to update the system via the WebUIā€¦

ERROR GPG but for YARN and SURY

W: GPG error: Index of /php/ bookworm InRelease: The following signatures couldnā€™t be verified because the public key is not available: NO_PUBKEY B188E2B695BD4743

E: The repository ā€˜Index of /php/ bookworm InReleaseā€™ is not signed.

W: GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldnā€™t be verified because the public key is not available: NO_PUBKEY 23E7166788B63E1E

E: The repository ā€˜https://dl.yarnpkg.com/debian stable InReleaseā€™ is not signed.

The regenconf of YunoHost is supposed to add those keys ā€¦ yunohost/hooks/conf_regen/10-apt at dev Ā· YunoHost/yunohost Ā· GitHub

Thereā€™s definitely something going on with wget/curl request on your server for some reason ā€¦

I fixed PHP by
reading this: Expired Debian key issue Ā· Issue #1575 Ā· oerdnj/deb.sury.org Ā· GitHub
and doing that:
wget -O =/etc/apt/trusted.gpg.d/extra_php_version.gpg https://packages.sury.org/php/apt.gpg

I did what you mentionned here: No_pubkey 23e7166788b63e1e

sudo yunohost tools regen-conf apt

and it work

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.