Sorry, you need to enable JavaScript to visit this website.

New Ubuntu 16.04 packages use unknown key (again)

59 posts / 0 new
Martin van Es's picture
Starter
Martin van Es

Aug 31, 2016 - 02:20am

  • Just to clarify some things here: the SHA1 message is a warning, not an error - SHA1 is currently (I am not a cryptographer, so correct me if I'm wrong) predicted to be practically attackable in the next decade or so - we'll be switching over to a stronger hash (probably in the next release). As for the rest of the errors - threy relate to non-Intel PPAs and we can't really do anything about them.

    Sep 26, 2016 - 05:30pm
  • I'm facing the same problem after installing intel graphics for linux, 

     

    The repository 'https://download.01.org/gfx/ubuntu/16.04/main xenial InRelease' is not signed

    is there any workaround?

    Sep 12, 2016 - 04:17am
  • I am facing the same issue. Where is INTEL service and support. Are they taking us SERIOUS or Not

    Why the silence?? Need a solution how to solve this problem. It is now 20 September 2016 and still no action from Intel!!!!

    I am disappointed.

     

    This is what happened after installing intel-graphics-update-tool_2.0.2_i386.deb on ubuntu 16.04:

     

    W: GPG error: https://download.01.org/gfx/ubuntu/16.04/main xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 56A3DEF863961D39
    W: The repository 'https://download.01.org/gfx/ubuntu/16.04/main xenial InRelease' is not signed.
    N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
    N: See apt-secure(8) manpage for repository creation and user configuration details.
     

    Please need solution from INTEL, what to do!!!

    Sep 20, 2016 - 01:57am
  • There is no silence. The solution was provided on August 31st in this thread. Copy and paste the command below in terminal:

     

    wget --no-check-certificate https://download.01.org/gfx/RPM-GPG-KEY-ilg-4 -O - | sudo apt-key add -
     
    Sep 20, 2016 - 06:56pm
  • Still Intel provide a gpg signature (SHA1) that Ubuntu 16.04 doesn't accept (it's almost a year that we don't use SHA1). Still waiting for a gpg signature SHA256 or SHA512.

     

    I tried yesterday to upgrade the Intel driver with the tool for Ubuntu 16.04 and there is no way that function, it keep rolling for an hour and the the final message is always the same "Failed".

     

    Do something to solve the problem, it's a month that the situation doesn't change.

     

    Thanks

     

    bye bye

     

    Luca

    Sep 22, 2016 - 07:24am
  • +1

     

    W:https://download.01.org/gfx/ubuntu/16.04/main/dists/xenial/InRelease: Signature by key --- uses weak digest algorithm (SHA1), E:Failed to fetch http://ch.archive.ubuntu.com/ubuntu/dists/xenial/main/dep11/by-hash

     

    Ubuntu 16.04

    intel-graphics-update-tool_2.0.2_amd64

     

     

    Sep 24, 2016 - 03:46pm
  • You have two items here: A warning (not an error) about the signature on the 01.org repository, and an error (which is what's actually stopping you, I think) relating to an ubuntu ppa which is not controlled by Intel and has no connection to 01.org.

    Oct 11, 2016 - 07:19am
  • Today 4 October 2016 I try again to update the Intel Graphic Driver for Ubuntu 16.04 with the tool and using the same gpg and repository that stil doesn't work for weak digest algorithm (SHA1) !!! After almost three months still the tool is not working.

    Finally in the Kernel 4.8.0 are missing two files *.bin that are the new version of KBL and XBT og module i915.

     

    So, next week I will install the new distribution of Ubuntu, the 16.10 Yakkety Yak and I will wait for the next update tool from Intel.

     

    With compliments

     

    Bye

     

    Luca

    Oct 04, 2016 - 07:57am
  • I experience the same issue and am unable to use apt-get upgrade due to that.

    I would prefer that the problem gets fixed in the deb itself instead of offering a workaround that everyone has to type into a terminal. Also is the workaround secure?

    Oct 10, 2016 - 04:16am
  • It isn't a workaround - in order to verify a package you must install the public key that the package was signed with (that's how signed packages work) and tell apt to trust it. It's secure if you trust the source of that key (and if you don't, then you shouldn't be installing those packages).

    Oct 11, 2016 - 07:21am