Installing from Debian packages in Buster fails because of a signature error

odkr · March 22, 2021, 2:30pm

I am trying to install Kaltura on a Debian system, following the guide on GitHub.

I have just added the GPG public key of the Kaltura team and the sources for Kaltura:

> apt-key list community@kaltura.com
pub   rsa2048 2015-04-18 [SC]
      AD42 0061 5722 734C BBE6  C52F E7EE DECA A117 4D5E
uid           [ unknown] Kaltura deb repo <community@kaltura.com>
sub   rsa2048 2015-04-18 [E]

pub   rsa2048 2019-09-08 [SC]
      8118 B7B5 78D4 BA50 032E  3B74 0E22 1B84 C956 50AB
uid           [ unknown] Kaltura Inc deb repo <community@kaltura.com>
sub   rsa2048 2019-09-08 [E]

pub   rsa2048 2019-09-08 [SC]
      BB35 D1A4 C2EF 91E2 EF6C  9DF7 DE7A A376 23C6 5ECB
uid           [ unknown] Kaltura Inc deb repo <community@kaltura.com>
sub   rsa2048 2019-09-08 [E]
> cat /etc/apt/sources.list.d/kaltura.list
deb [arch=amd64] http://installrepo.kaltura.org/repo/apt/debian propus main

However, apt reports an invalid signature:

> apt update
[...]
Get:8 http://installrepo.kaltura.org/repo/apt/debian propus InRelease [1427 B]
[...]
Err:8 http://installrepo.kaltura.org/repo/apt/debian propus InRelease
  The following signatures were invalid: 8118B7B578D4BA50032E3B740E221B84C95650AB

But the signature is valid:

> curl -s http://installrepo.kaltura.org/repo/apt/debian/kaltura-deb-curr.gpg.key | gpg --import
gpg: key 0E221B84C95650AB: public key "Kaltura Inc deb repo <community@kaltura.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
> curl -s http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease | gpg --verify
gpg: Signature made Mon 06 Jul 2020 15:44:25 CEST
gpg:                using RSA key 0E221B84C95650AB
gpg: Good signature from "Kaltura Inc deb repo <community@kaltura.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8118 B7B5 78D4 BA50 032E  3B74 0E22 1B84 C956 50AB

Also:

> apt update
[...]
> gpgv --keyring /etc/apt/trusted.gpg /var/lib/apt/lists/partial/installrepo.kaltura.org_repo_apt_debian_dists_propus_InRelease
gpgv: Signature made Mon Jul  6 15:44:25 2020 CEST
gpgv:                using RSA key 0E221B84C95650AB
gpgv: Good signature from "Kaltura Inc deb repo <community@kaltura.com>"

This is what happens in more detail:

> apt-get -o Debug::pkgAcquire::Worker=1 update
[...]
 -> http:600%20URI%20Acquire%0aURI:%20http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease%0aFilename:%20/var/lib/apt/lists/partial/installrepo.kaltura.org_repo_apt_debian_dists_propus_InRelease%0aTarget-Type:%20index%0aTarget-Release:%20propus%0aTarget-Repo-URI:%20http://installrepo.kaltura.org/repo/apt/debian/%0aTarget-Base-URI:%20http://installrepo.kaltura.org/repo/apt/debian/dists/propus/%0aTarget-Site:%20http://installrepo.kaltura.org/repo/apt/debian%0aIndex-File:%20true%0aMaximum-Size:%2010000000%0aFail-Ignore:%20true%0a%0a
[...]
 <- http:102%20Status%0aURI:%20http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease%0aMessage:%20Connecting%20to%20installrepo.kaltura.org
[...]
0% [Connecting to installrepo.kaltura.org] <- http:102%20Status%0aURI:%20http://deb.debian.org/debian/dists/buster/InRelease%0aMessage:%20Connecting%20to%20debian.map.fastlydns.net
 <- http:102%20Status%0aURI:%20http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease%0aMessage:%20Connecting%20to%20installrepo.kaltura.org%20(99.86.242.18)
 <- http:102%20Status%0aURI:%20http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease%0aMessage:%20Connected%20to%20installrepo.kaltura.org%20(99.86.242.18)
 <- http:102%20Status%0aURI:%20http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease%0aMessage:%20Waiting%20for%20headers
 <- http:200%20URI%20Start%0aLast-Modified:%20Mon,%2006%20Jul%202020%2013:44:25%20+0000%0aURI:%20http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease%0aSize:%201427
Get:5 http://installrepo.kaltura.org/repo/apt/debian propus InRelease [1427 B]
[...]
0% [5 InRelease 1427 B/1427 B 100%] <- http:201%20URI%20Done%0aChecksum-FileSize-Hash:%201427%0aSHA512-Hash:%20b8974eb6e10accc4c708d056c78bbe3f51815aede6c76f2e76b36e83036d5541bda9c263b0b4f7830ffb10d7e58a8ea59438976a202a3bb73b036427140cff00%0aSHA256-Hash:%2065e143c8157f6c445e2d40e44ac9efa1647f744f13538b3acf70a854cd066977%0aSHA1-Hash:%202cb8d16d94837963cea2cb8bb0c59256216bcae0%0aFilename:%20/var/lib/apt/lists/partial/installrepo.kaltura.org_repo_apt_debian_dists_propus_InRelease%0aURI:%20http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease%0aSize:%201427%0aLast-Modified:%20Mon,%2006%20Jul%202020%2013:44:25%20+0000%0aMD5-Hash:%2054f42599847a88892856473ec246a2d5%0aMD5Sum-Hash:%2054f42599847a88892856473ec246a2d5
[...]
 -> gpgv:600%20URI%20Acquire%0aURI:%20gpgv:/var/lib/apt/lists/deb.debian.org_debian_dists_buster_InRelease%0aFilename:%20/var/lib/apt/lists/deb.debian.org_debian_dists_buster_InRelease%0aTarget-Type:%20index%0aTarget-Release:%20buster%0aTarget-Repo-URI:%20http://deb.debian.org/debian/%0aTarget-Base-URI:%20http://deb.debian.org/debian/dists/buster/%0aTarget-Site:%20http://deb.debian.org/debian%0aIndex-File:%20true%0aMaximum-Size:%2010000000%0aLast-Modified:%20Sat,%2006%20Feb%202021%2010:20:27%20GMT%0aFail-Ignore:%20true%0a%0a
[...]
 -> gpgv:600%20URI%20Acquire%0aURI:%20gpgv:/var/lib/apt/lists/partial/installrepo.kaltura.org_repo_apt_debian_dists_propus_InRelease%0aFilename:%20/var/lib/apt/lists/partial/installrepo.kaltura.org_repo_apt_debian_dists_propus_InRelease%0aTarget-Type:%20index%0aTarget-Release:%20propus%0aTarget-Repo-URI:%20http://installrepo.kaltura.org/repo/apt/debian/%0aTarget-Base-URI:%20http://installrepo.kaltura.org/repo/apt/debian/dists/propus/%0aTarget-Site:%20http://installrepo.kaltura.org/repo/apt/debian%0aIndex-File:%20true%0aMaximum-Size:%2010000000%0aFail-Ignore:%20true%0a%0a
0% [Working] <- gpgv:400%20URI%20Failure%0aMessage:%20The%20following%20signatures%20were%20invalid:%208118B7B578D4BA50032E3B740E221B84C95650AB%20%0aURI:%20gpgv:/var/lib/apt/lists/partial/installrepo.kaltura.org_repo_apt_debian_dists_propus_InRelease
[...]
Err:5 http://installrepo.kaltura.org/repo/apt/debian propus InRelease
  The following signatures were invalid: 8118B7B578D4BA50032E3B740E221B84C95650AB
[...]
W: GPG error: http://installrepo.kaltura.org/repo/apt/debian propus InRelease: The following signatures were invalid: 8118B7B578D4BA50032E3B740E221B84C95650AB
E: The repository 'http://installrepo.kaltura.org/repo/apt/debian propus InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

The same output without URI encoding and minor edits for readability:

> apt-get-o Debug::pkgAcquire::Worker=1 update
[...]
-> http:600 URI Acquire
URI: http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease
Filename: /var/lib/apt/lists/partial/installrepo.kaltura.org_repo_apt_debian_dists_propus_InRelease
Target-Type: index
Target-Release: propus
Target-Repo-URI: http://installrepo.kaltura.org/repo/apt/debian/
Target-Base-URI: http://installrepo.kaltura.org/repo/apt/debian/dists/propus/
Target-Site: http://installrepo.kaltura.org/repo/apt/debian
Index-File: true
Maximum-Size: 10000000
Fail-Ignore: true
[...]
<- http: 102 Status
URI: http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease
Message: Connecting to installrepo.kaltura.org
[...]
0% [Connecting to installrepo.kaltura.org]
[...]
<- http: 102 Status
URI: http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease
Message: Connecting to installrepo.kaltura.org (99.86.242.18)
<- http: 102 Status
URI: http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease
Message: Connected to installrepo.kaltura.org (99.86.242.18)
<- http: 102 Status
URI: http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease
Message: Waiting for headers
<- http: 200 URI Start
Last-Modified: Mon, 06 Jul 2020 13:44:25 +0000
URI: http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease
Size: 1427 Get: 5 http://installrepo.kaltura.org/repo/apt/debianpropusInRelease [1427B]
[...]
0% [5 InRelease 1427B/1427B 100%]
<- http: 201 URI Done
Checksum-FileSize-Hash: 1427
SHA512-Hash: b8974eb6e10accc4c708d056c78bbe3f51815aede6c76f2e76b36e83036d5541bda9c263b0b4f7830ffb10d7e58a8ea59438976a202a3bb73b036427140cff00
SHA256-Hash: 65e143c8157f6c445e2d40e44ac9efa1647f744f13538b3acf70a854cd066977
SHA1-Hash: 2cb8d16d94837963cea2cb8bb0c59256216bcae0
Filename: /var/lib/apt/lists/partial/installrepo.kaltura.org_repo_apt_debian_dists_propus_InRelease
URI: http://installrepo.kaltura.org/repo/apt/debian/dists/propus/InRelease
Size: 1427
Last-Modified: Mon, 06 Jul 2020 13:44:25 +0000
MD5-Hash: 54f42599847a88892856473ec246a2d5
MD5Sum-Hash: 54f42599847a88892856473ec246a2d5
[...]
-> gpgv: 600 URI Acquire
URI: gpgv:/var/lib/apt/lists/deb.debian.org_debian_dists_buster_InRelease
Filename: /var/lib/apt/lists/deb.debian.org_debian_dists_buster_InRelease
Target-Type: index
Target-Release: buster
Target-Repo-URI: http://deb.debian.org/debian/
Target-Base-URI: http://deb.debian.org/debian/dists/buster/
Target-Site: http://deb.debian.org/debian
Index-File: true
Maximum-Size: 10000000
Last-Modified: Sat, 06 Feb 2021 10:20:27 GMT
Fail-Ignore: true
[...]
-> gpgv: 600 URI Acquire
URI: gpgv:/var/lib/apt/lists/partial/installrepo.kaltura.org_repo_apt_debian_dists_propus_InRelease
Filename: /var/lib/apt/lists/partial/installrepo.kaltura.org_repo_apt_debian_dists_propus_InRelease
Target-Type: index
Target-Release: propus
Target-Repo-URI: http://installrepo.kaltura.org/repo/apt/debian/
Target-Base-URI: http://installrepo.kaltura.org/repo/apt/debian/dists/propus/
Target-Site: http://installrepo.kaltura.org/repo/apt/debian
Index-File: true
Maximum-Size: 10000000
Fail-Ignore: true
0% [Working]
<- gpgv: 400 URI Failure
Message: The following signatures were invalid: 8118B7B578D4BA50032E3B740E221B84C95650AB 
URI: gpgv:/var/lib/apt/lists/partial/installrepo.kaltura.org_repo_apt_debian_dists_propus_InRelease
[...]
Err: 5 http://installrepo.kaltura.org/repo/apt/debianpropusInReleaseThefollowingsignatureswereinvalid:8118B7B578D4BA50032E3B740E221B84C95650AB
[...]

I don’t see what “URI failure” could be referring to in that context. All files appear to have been downloaded and to exist.

I also checked whether the SHA256 checksums are correct, and they are.

I also tried the solutions discussed over at SuperUser and AskUbuntu (no link provided because of new user limit). But they do not seem to apply (and they don’t work).

This also raised that issue on GitHub (# 688).

Thanks a lot for your help!

EDIT: Added additional research.

jess · March 25, 2021, 12:01pm

Hello @odkr ,

I’m afraid we do not officially support the latest Debian distributions. Please see here for supported distros:

I can see how you might be confused by the file name (kaltura-install-deb-based.md) but remember, Ubuntu is in fact a Debian derivative and deb is a packaging format, used in many binary distros:)

With regards to porting to additional distros, please see my comment here apt-get update returns error on Debian 10 bullseye · Issue #1222 · kaltura/nginx-vod-module · GitHub and here: Local Setup of Kaltura Server - #2 by jess

Cheers,
Cheers,

odkr · March 25, 2021, 12:25pm

Oh! That explains a lot. Thanks!