Hi,
please be aware that the maintainer of the ownCloud repositories at:
/repositories/isv:/ownCloud: - openSUSE Download *download.owncloud.com *
are currently updating the PGP keys. You might need to re-import the key by following the instructions shown at the download pages.
opened 08:31AM - 13 Jul 16 UTC
closed 06:21PM - 12 Oct 16 UTC
packaging
open-suse-repo on ubuntu 16.04 packet manager (apt-get) shows this error:
```
W… : http://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Ubuntu_16.04/Release.gpg: Signature by key F9EA4996747310AE79474F44977C43A8BA684223 uses weak digest algorithm (SHA1)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Ubuntu_16.04 Release: The following signatures were invalid: KEYEXPIRED 1466936818
```
opened 01:47PM - 17 Aug 14 UTC
closed 03:58PM - 24 Mar 15 UTC
A link for Release.key at OpenSuSE Build Service [installation instructions](htt… ps://software.opensuse.org/download/package?project=isv:ownCloud:desktop&package=owncloud-client) for owncloud-client is http-only, and the server does not support https.
It would be a little step to safety to publish the repository key at https://owncloud.org, before advising users do `sudo apt-key add` after a wget using an unsafe protocol.
2 Likes
If someone is still struggling with messages like:
Signature by key DDA2C105C4B73A6649AD2BBD47AE7F72479BC94B uses weak digest algorithm (SHA1
please follow these instructions:
I was able to fix it by removing the package source, followed by running apt-get update. After adding the source again, everything installed fine. Weirdly just running apt-get clean instead, which I thought does the same, did not fix my issue.
Source: Repo: Weak digest & Invalid signatures · Issue #5055 · owncloud/client · GitHub
1 Like