Aug 31, 2016 - 02:20am
Just to clarify some things here: the SHA1 message is a warning, not an error - SHA1 is currently (I am not a cryptographer, so correct me if I'm wrong) predicted to be practically attackable in the next decade or so - we'll be switching over to a stronger hash (probably in the next release). As for the rest of the errors - threy relate to non-Intel PPAs and we can't really do anything about them.
I'm facing the same problem after installing intel graphics for linux,
The repository 'https://download.01.org/gfx/ubuntu/16.04/main xenial InRelease' is not signed
is there any workaround?
I am facing the same issue. Where is INTEL service and support. Are they taking us SERIOUS or Not
Why the silence?? Need a solution how to solve this problem. It is now 20 September 2016 and still no action from Intel!!!!
I am disappointed.
This is what happened after installing intel-graphics-update-tool_2.0.2_i386.deb on ubuntu 16.04:
W: GPG error: https://download.01.org/gfx/ubuntu/16.04/main xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 56A3DEF863961D39
W: The repository 'https://download.01.org/gfx/ubuntu/16.04/main xenial InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Please need solution from INTEL, what to do!!!
There is no silence. The solution was provided on August 31st in this thread. Copy and paste the command below in terminal:
wget --no-check-certificate https://download.01.org/gfx/RPM-GPG-KEY-ilg-4 -O - | sudo apt-key add -
Still Intel provide a gpg signature (SHA1) that Ubuntu 16.04 doesn't accept (it's almost a year that we don't use SHA1). Still waiting for a gpg signature SHA256 or SHA512.
I tried yesterday to upgrade the Intel driver with the tool for Ubuntu 16.04 and there is no way that function, it keep rolling for an hour and the the final message is always the same "Failed".
Do something to solve the problem, it's a month that the situation doesn't change.
W:https://download.01.org/gfx/ubuntu/16.04/main/dists/xenial/InRelease: Signature by key --- uses weak digest algorithm (SHA1), E:Failed to fetch http://ch.archive.ubuntu.com/ubuntu/dists/xenial/main/dep11/by-hash
You have two items here: A warning (not an error) about the signature on the 01.org repository, and an error (which is what's actually stopping you, I think) relating to an ubuntu ppa which is not controlled by Intel and has no connection to 01.org.
Today 4 October 2016 I try again to update the Intel Graphic Driver for Ubuntu 16.04 with the tool and using the same gpg and repository that stil doesn't work for weak digest algorithm (SHA1) !!! After almost three months still the tool is not working.
Finally in the Kernel 4.8.0 are missing two files *.bin that are the new version of KBL and XBT og module i915.
So, next week I will install the new distribution of Ubuntu, the 16.10 Yakkety Yak and I will wait for the next update tool from Intel.
I experience the same issue and am unable to use apt-get upgrade due to that.
I would prefer that the problem gets fixed in the deb itself instead of offering a workaround that everyone has to type into a terminal. Also is the workaround secure?
It isn't a workaround - in order to verify a package you must install the public key that the package was signed with (that's how signed packages work) and tell apt to trust it. It's secure if you trust the source of that key (and if you don't, then you shouldn't be installing those packages).