`apt update` failed on Debian Linux
First of all, despite the last line start with E: (which indicates an error), apt didn't fail entirely; it's downloaded most of the updated package lists, it only skipped those for Opera and the Google Talk plugin. So apt upgrade should still offer to upgrade all the other packages.
The warnings give you some indication of what went wrong:
W: gpgv:/var/lib/apt/lists/dl.google.com_linux_talkplugin_deb_dists_stable_Release.gpg: The repository is insufficiently signed by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest)
W: gpgv:/var/lib/apt/lists/deb.opera.com_opera_dists_stable_InRelease: The repository is insufficiently signed by key 419D0ACF314E8E993F7F92E563F7D4AFF6D61D45 (weak digest)
W: Failed to fetch http://dl.google.com/linux/talkplugin/deb/dists/stable/Release No Hash entry in Release file /var/lib/apt/lists/dl.google.com_linux_talkplugin_deb_dists_stable_Release, which is considered strong enough for security purposes
The first two mean that the repository descriptors were signed with an old digest algorithm, which apt now complains about. The third is caused by apt's recent switch to SHA-256 or SHA-512 hashes only; the Talk plugin repository only provides MD5 and SHA-1 hashes, which are now ignored by apt.
To fix this, you can either remove the repositories for the time being, or wait for Opera and Google to fix them...
Related videos on Youtube
04 : 34
05 : 41
03 : 53
05 : 01
01 : 40
porton
Updated on September 18, 2022Comments
-
porton over 1 year
Attempting to upgrade testing/stretch Debian Linux:
$ sudo apt update Ign:1 http://dl.google.com/linux/talkplugin/deb stable InRelease Hit:2 http://dl.google.com/linux/talkplugin/deb stable Release ... Get:25 http://mirror.vorboss.net/debian unstable/main i386 Packages 2016-03-25-1456.28.pdiff [15.0 kB] Fetched 686 kB in 7s (89.5 kB/s) Reading package lists... Done W: gpgv:/var/lib/apt/lists/dl.google.com_linux_talkplugin_deb_dists_stable_Release.gpg: The repository is insufficiently signed by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (weak digest) W: gpgv:/var/lib/apt/lists/deb.opera.com_opera_dists_stable_InRelease: The repository is insufficiently signed by key 419D0ACF314E8E993F7F92E563F7D4AFF6D61D45 (weak digest) W: Failed to fetch http://dl.google.com/linux/talkplugin/deb/dists/stable/Release No Hash entry in Release file /var/lib/apt/lists/dl.google.com_linux_talkplugin_deb_dists_stable_Release, which is considered strong enough for security purposes E: Some index files failed to download. They have been ignored, or old ones used instead.
What's wrong? How to fix it?
-
Guillaume Boudreau about 8 yearsIt did fail to update the repositories, and it did fail to update new security updates from Google and Opera. This move (to break SHA-1 only repositories) is Debian exercising their power to enforce security on the backs of the users by preventing them from getting security updates. Also see juliank.wordpress.com/2016/03/15/… where it was said: "This means that it feels like SHA1 support is dropped, because sources without SHA2 won’t work; but the SHA1 signatures will still be used in addition to the SHA2 ones" ?!!? how is that not dropping sha1?
