The desktop-client download link for 16.04 at Install package isv:ownCloud:desktop / owncloud-client is broken.
If I try to download owncloud-client via apt-get, it fails to verify, even after adding the keys.
If I download the tar.bz or zip file from Download Server Packages - ownCloud and then try to verify it against the gpg key on that same page, the verification fails.
Hi,
the failed verification after importing the key is a known bug of Ubuntu itself. See the following issue on how to correctly import the key to workaround this Ubuntu bug:
opened 08:54AM - 30 Oct 16 UTC
closed 09:38PM - 30 Jun 17 UTC
packaging
Known Issue / Workaround
### Expected behaviour
The owncloud-client ubuntu 16.10 package should get inst… alled in a safe way.
### Actual behaviour
Apt is unable to authenticate the debian package.
### Steps to reproduce
1. Go to the owncloud website, and follow the [instructions to download the ubuntu 16.10 client](https://software.opensuse.org/download/package?project=isv:ownCloud:desktop&package=owncloud-client)
So I have the new `557BEFF9` signing key installed (apt-key shows here the long fingerprint but the last 8 chars show the short keyid):
```
--- ~ » apt-key list | grep -B 2 "isv:ownCloud OBS Project"
pub rsa2048 2016-09-25 [SC] [expires: 2018-12-04]
1B07 204C D71B 690D 409F 57D2 4ABE 1AC7 557B EFF9
uid [ unknown] isv:ownCloud OBS Project <isv:ownCloud@build.opensuse.org>
```
Updating the package cache and trying to install owncloud-client results in an apt warning:
```
--- ~ » sudo apt update
Hit:1 http://archive.ubuntu.com/ubuntu yakkety InRelease
Hit:2 http://archive.ubuntu.com/ubuntu yakkety-updates InRelease
Hit:3 http://deb.debian.org/debian jessie-backports InRelease
Get:5 http://archive.ubuntu.com/ubuntu yakkety-security InRelease [93.3 kB]
Ign:6 http://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Ubuntu_16.10 InRelease
Hit:7 http://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Ubuntu_16.10 Release
Get:8 http://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Ubuntu_16.10 Release.gpg [481 B]
Hit:9 http://archive.ubuntu.com/ubuntu yakkety-backports InRelease
Hit:4 https://packages.gitlab.com/runner/gitlab-ci-multi-runner/ubuntu yakkety InRelease
Fetched 93.8 kB in 1s (52.4 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
4 packages can be upgraded. Run 'apt list --upgradable' to see them.
--- ~ » sudo apt-get install owncloud-client
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libqt5keychain0 owncloud-client-data
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
libowncloudsync0 libqtkeychain1
The following packages will be REMOVED:
nautilus-owncloud
The following NEW packages will be installed:
libqtkeychain1
The following packages will be upgraded:
libowncloudsync0 owncloud-client
2 upgraded, 1 newly installed, 1 to remove and 2 not upgraded.
Need to get 1,386 kB of archives.
After this operation, 307 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
WARNING: The following packages cannot be authenticated!
libqtkeychain1 owncloud-client libowncloudsync0
Install these packages without verification? [y/N]
```
I looked at the Release.gpg file and it's indeed signed by the right key, so I'm really out of ideas here.
@FlorianFranzen reported quite the same here: https://github.com/owncloud/client/issues/5055#issuecomment-255029557
<bountysource-plugin>
---
Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/38793140-ubuntu-16-10-warning-the-following-packages-cannot-be-authenticated?utm_campaign=plugin&utm_content=tracker%2F216457&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F216457&utm_medium=issues&utm_source=github).
</bountysource-plugin>