{"id":3560,"date":"2018-10-21T09:41:27","date_gmt":"2018-10-21T14:41:27","guid":{"rendered":"https:\/\/dev.iachieved.it\/iachievedit\/?p=3560"},"modified":"2018-10-21T09:41:27","modified_gmt":"2018-10-21T14:41:27","slug":"updating-from-such-a-repository-cant-be-done-securely","status":"publish","type":"post","link":"https:\/\/dev.iachieved.it\/iachievedit\/updating-from-such-a-repository-cant-be-done-securely\/","title":{"rendered":"Updating From Such a Repository Can&#8217;t Be Done Securely"},"content":{"rendered":"<p>I recently came across the (incredibly frustrating) error message <code>Updating from such a repository can't be done securely<\/code> while trying to run <code>apt-get update<\/code> on an Ubuntu 18.04 LTS installation.  Everything was working fine on Ubuntu 16.04.5.  It turns out that newer version of <code>apt<\/code> (1.6.3) on Ubuntu 18.04.1 is stricter with regards to signed repositories than Ubuntu 16.04.5 (<code>apt<\/code> 1.2.27).<\/p>\n<p>Here&#8217;s an example of the error while trying to communicate with the <a href=\"https:\/\/wazuh.com\/\">Wazuh<\/a> repository:<\/p>\n<p>[code lang=text]<br \/>\nReading package lists&#8230; Done<br \/>\nE: Failed to fetch https:\/\/packages.wazuh.com\/apt\/dists\/xenial\/InRelease  403  Forbidden [IP: 13.35.78.27 443]<br \/>\nE: The repository &#039;https:\/\/packages.wazuh.com\/apt xenial InRelease&#039; is no longer signed.<br \/>\nN: Updating from such a repository can&#039;t be done securely, and is therefore disabled by default.<br \/>\nN: See apt-secure(8) manpage for repository creation and user configuration details.<br \/>\n[\/code]<\/p>\n<p>After searching around, we found that this issue has already been <a href=\"https:\/\/github.com\/wazuh\/wazuh\/issues\/1637\">reported<\/a> to the Wazuh project, but the solution of adding <code>[trusted=yes]<\/code> did not work for a repository that had already been added in <code>\/etc\/apt<\/code>.  After continued searching, the following solution was finally hit upon:<\/p>\n<p>[code lang=text]<br \/>\ndeb [allow-insecure=yes allow-downgrade-to-insecure=yes] https:\/\/packages.wazuh.com\/apt xenial main<br \/>\n[\/code]<\/p>\n<p>That is, rather than using <code>[trusted=yes]<\/code> one can use <code>[allow-insecure=yes allow-downgrade-to-insecure=yes]<\/code>.  Running <code>apt-get update<\/code> afterwards shows that the <code>InRelease<\/code> section is ignored, and <code>Release<\/code> is picked up:<\/p>\n<p>[code lang=text]<br \/>\nIgn:7 https:\/\/packages.wazuh.com\/apt xenial InRelease<br \/>\nHit:8 https:\/\/packages.wazuh.com\/apt xenial Release<br \/>\n[\/code]<\/p>\n<p>Note that this is obviously a temporary solution, and should only be applied to a misbehaving repository!  If you&#8217;re so inclined, upvote the Wazuh <a href=\"https:\/\/github.com\/wazuh\/wazuh\/issues\/1637\">GitHub issue<\/a>, as a fix at the repository level would be nice.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I recently came across the (incredibly frustrating) error message Updating from such a repository can&#8217;t be done securely while trying to run apt-get update on an Ubuntu 18.04 LTS installation. Everything was working fine on Ubuntu 16.04.5. It turns out that newer version of apt (1.6.3) on Ubuntu 18.04.1 is stricter with regards to signed [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3505,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,19,71],"tags":[],"class_list":["post-3560","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops","category-linux","category-ubuntu"],"_links":{"self":[{"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/posts\/3560"}],"collection":[{"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/comments?post=3560"}],"version-history":[{"count":2,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/posts\/3560\/revisions"}],"predecessor-version":[{"id":3562,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/posts\/3560\/revisions\/3562"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/media\/3505"}],"wp:attachment":[{"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/media?parent=3560"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/categories?post=3560"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/tags?post=3560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}