Page 1 of 2
debian repo.nagios.com signature issue
Posted: Mon May 05, 2025 3:05 am
by francescm
hi everybody,
I am using the nagios debian repo to download and keep in-sync the ncpa package (by the way: great software). Since a couple of days the
$ sudo apt-get update
fails with error:
Code: Select all
The repository 'https://repo.nagios.com/deb/bookworm InRelease' provides only weak security information.
can you please confirm if it's a issue of me or a setup mishup?
thank you so much!
francescm
Re: debian repo.nagios.com signature issue
Posted: Mon May 05, 2025 7:17 pm
by JimKeating
We're having the same problem with Ubuntu 20.04 upgrades and any apt update on new Ubuntu 24.04. Please help! Thx
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: W:Updating from such a repository can't be done securely, and is therefore disabled by default., W:See apt-secure(8) manpage for repository creation and user configuration details., E:Unable to parse package file (1), E:The repository '
https://repo.nagios.com/deb/jammy InRelease' provides only weak security information."}
Re: debian repo.nagios.com signature issue
Posted: Tue May 06, 2025 12:54 pm
by cdenega
Hi,
We are experiencing the same issue with the
https://repo.nagios.com/deb/ repository on multiple Ubuntu versions: 20.04, 22.04, and 24.04.
In all cases, apt-get update fails with a message stating that the repository provides only weak security information.
Re: debian repo.nagios.com signature issue
Posted: Tue May 06, 2025 1:46 pm
by antonc42
I'm also having this same issue. Looking at the "InRelease" file, it looks like it was updated on May 1st.
Comparing to the "InRelease" file from one of the older unsupported repos, I notice that the hash lines are indented by one space in the old file:
Code: Select all
MD5Sum:
4b9709d7ffb40aabb9d086b09b4b8372 11672 Packages
6f78f5b7ae36e53d0e55330d1247a4d7 2040 Packages.gz
d41d8cd98f00b204e9800998ecf8427e 1083 Release
SHA1:
2952376b986e36dce7613ecb1ab8e1469eb9d734 11672 Packages
7956946a114ba7ed7ebf9ffb1e585cdc4b285089 2040 Packages.gz
da39a3ee5e6b4b0d3255bfef95601890afd80709 1083 Release
SHA256:
60eebe0dc0db33cbf7f13987eb92767a2a75a0e2fc8c1b6fc780e859e16a9d31 11672 Packages
63f83e1bb0fe22a2d8e05dfe355abf9e56562c6b88a8c79544469b7a0ac2f0fb 2040 Packages.gz
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 1083 Release
SHA512:
4f965c81347c6c8bdb894135254070deab2b3e732e89e5af380e9b57d1243d87fc5dfb82a82682f6949989106f3019eedb98f65b8cfc9f57200bdc1a55524419 11672 Packages
4d3c20b18c3b0b1f44ea869388c1ff046b19b0232a6a5775635d0b5ca13d8bb4b761a67b474102334aa6ce0a2911cd0001c20120534c8ecf0a4f5254c4cbc2d0 2040 Packages.gz
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e 1083 Release
While in the new file, they are not indented:
Code: Select all
MD5Sum:
a6cc4be4c6b0e5caf5df4c9bef37be2a 12010 Packages
82049c85d43f5d0d9983f3d952dfa49a 2703 Packages.gz
bdf6c9303aae2a5ed0f9b715438826a7 1071 Release
SHA1:
afe46de6a8e20aedb4bb42e2b614b43f543889bf 12010 Packages
7b6ea2aac1e36ea3d987fb409133f6aef9613414 2703 Packages.gz
dce3353336076dbfa1e5a968ecd20ed3f91ee2b0 1071 Release
SHA256:
17907ccfb8258800ab06d798f3a909026be13fec00cee947f64daaa7ac34bcb3 12010 Packages
578f4a00a7ec4b7deceac4a27ce0f2d0da74f6cc5ff03a54f7d93dc4ea1c871f 2703 Packages.gz
0e25df4eba50929a83679d20270499d1016f794861986419c3a4b5974b86ea0c 1071 Release
SHA512:
2d776dd337ee7c3f88edcb20699e949963d57d907fae96849bd7a682754ad4762a419b9fb59859e3d17561d782338209aa64ec9b5268991120a6c325921caefc 12010 Packages
d75b5c83e7d5122c082461ebbb9bae34c332c860ea79bb33bb8c1c889a86462254303c54262fbe3258fd1aa5af0986f4b0a6715c0d5ba9baf9080d34baa856d2 2703 Packages.gz
74b96e5fb2ed8e504607e3bf391b8f2cdf2a01aecc02275b612be44a1d6587f45e5a79ee1ed2f849d7a4c5bdab7f869c822af32bdda6b2164c325566dc3f56af 1071 Release
I'm not an expert, so this is just a guess, but this may be the cause of the problem. See:
https://wiki.debian.org/DebianRepositor ... .2C_SHA256
Each datum must be separated by one or more whitespace characters.
Re: debian repo.nagios.com signature issue
Posted: Wed May 07, 2025 10:10 am
by antonc42
It looks like someone is working on this. I see indenting in some of the
InRelease files now.
I tried the
https://repo.nagios.com/deb/noble repo today and got a different error:
Code: Select all
W: GPG error: https://repo.nagios.com/deb/noble InRelease: The following signatures were invalid: BADSIG 471D5F4645ECF0AD Nagios Enterprises LLC <[email protected]>
E: The repository 'https://repo.nagios.com/deb/noble InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Re: debian repo.nagios.com signature issue
Posted: Wed May 07, 2025 4:21 pm
by afried
Hello. Sorry for taking so long to address this issue.
We found a problem how our most current NCPA repos were signed. We have resolved this issue, Please try again and let us know if you were successful.
Re: debian repo.nagios.com signature issue
Posted: Wed May 07, 2025 4:47 pm
by cdenega
Hi,
We’ve just tested it again on Ubuntu 20.04, 22.04, and 24.04, and it’s now working correctly. Thanks for addressing the issue!
Best regards.
Re: debian repo.nagios.com signature issue
Posted: Wed May 07, 2025 4:51 pm
by bbahn
Glad to hear it's working for you now. Thanks for your patience!
Re: debian repo.nagios.com signature issue
Posted: Wed May 07, 2025 5:48 pm
by JimKeating
This issue seems to be fixed now. It's working again for our organization. Cheers! JK
Re: debian repo.nagios.com signature issue
Posted: Wed Jul 30, 2025 1:22 pm
by JimKeating
This was broken in May of this year and was fixed in a day or so. It is broken again. Please help get this resolved. Thanks, JK
E: Unable to parse package file (1)
E: The repository '
https://repo.nagios.com/deb/jammy InRelease' provides only weak security information.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.