VisionFive 2 Debian Image Released

Hello,

I have updated de firmware and the 69-image boots fine.

When I run update && upgrade I get an error:

ubuntu@rvsvrwsv02:~$ sudo apt update
Hit:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
Err:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease: The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Failed to fetch https://snapshot.debian.org/archive/debian-ports/20220616T194833Z/dists/unstable/InRelease The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Some index files failed to download. They have been ignored, or old ones used instead.
ubuntu@rvsvrwsv02:~$

is there a possibility to fix this?

Help appreciated!

You can solve this once and for all. Import the missing(invalid) public key into your public key ring, then update/upgrade again.

sudo apt-key adv --keyserver keyring.debian.org --recv-keys E852514F5DF312F6
###or gpg --keyserver keyring.debian.org --recv-key E852514F5DF312F6
sudo apt-get update
sudo apt-get upgrade

Or you can temporarily circumvent all package gpg checking while doing the update/upgrade

sudo apt-get --allow-unauthenticated update
sudo apt-get --allow-unauthenticated upgrade

I prefer the first approach, but sometimes if you feel overwhelmed with all these missing keys, the second approach is definitely more convenient at the risk of introducing malware, but if your repo is simply debian I would place a high-level of confidence there is no malware. The other convenience is that iirc there would be an updated developer keys package that updates the public keyring with the newer developer public keys on your behalf. Similar stuff like this occurs on Fedora as well.

Thanks but curiously it doesn’t work for me:

$ sudo apt-key adv --keyserver keyring.debian.org --recv-keys E852514F5DF312F6
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.g6Ywj5Fxke/gpg.1.sh --keyserver keyring.debian.org --recv-keys E852514F5DF312F6
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

hm, for me neither. GPG says:

gpg --keyserver keyring.debian.org --recv-key E852514F5DF312F6
gpg: keybox '/home/user/.gnupg/pubring.kbx' created
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

Or install the package debian-ports-archive-keyring

Nice, that --allow-unauthenticated is a good way to temporary allow this if your system (or container) doesn’t have a recent package list.

Unfortunately, this does not work for me.

user@vfive2-8:~$ sudo apt-key list | grep -A 1 expired
[sudo] password for user: 
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
pub   rsa4096 2021-01-10 [SC] [expired: 2023-01-31]
      CBC7 0A60 B9ED 6F23 7A5F  5B0B E852 514F 5DF3 12F6
uid           [ expired] Debian Ports Archive Automatic Signing Key (2022) <ftpmaster@ports-master.debian.org>

--
pub   rsa4096 2021-12-30 [SC] [expired: 2023-01-31]
      D0C9 87D7 BEC3 EDDF 8948  6CC2 B523 E5F3 FC4E 5F2C
uid           [ expired] Debian Ports Archive Automatic Signing Key (2023) <ftpmaster@ports-master.debian.org>

user@vfive2-8:~$ sudo apt install debian-ports-archive-keyring
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
debian-ports-archive-keyring is already the newest version (2022.02.15).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

The exact same behavior here.

also:
sudo apt-get --allow-unauthenticated update
ends in :>

Hit:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
Err:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
Reading package lists… Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease: The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Failed to fetch https://snapshot.debian.org/archive/debian-ports/20220616T194833Z/dists/unstable/InRelease The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Some index files failed to download. They have been ignored, or old ones used instead.

In your /etc/apt/sources.list try temporarily adding [allow-insecure=yes]

deb [allow-insecure=yes] http...

or [trusted=yes]

deb [trusted=yes] http...

sudo apt-get --allow-unauthenticated update
sudo apt-get --allow-unauthenticated upgrade

Please remember to take that stuff out once it’s all settled. BIG SECURITY HOLE.
The package signature expired end of January. If you contact the package maintainer ftpmaster@ports-master.debian.org for the entire snapshot repo in question perhaps they could renew their key and re-submit the packages with the newer key and provide you with that new key to import.

Thank you for isolating the issue. It is definitely the entire snapshot repo with all its packages that need to have their keys renewed since they all [expired: 2023-01-31]. At least we now know who to report the issue to.

We need to email

ftpmaster@ports-master.debian.org

and request them to renew their key since it expired 2 days ago and re-package all the packages with the new key.

Thanks, neither worked for me though.

sudo apt-get --allow-unauthenticated update
sudo: unable to resolve host starfive: Name or service not known
Hit:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
Err:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
Reading package lists… Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease: The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Failed to fetch https://snapshot.debian.org/archive/debian-ports/20220616T194833Z/dists/unstable/InRelease The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Some index files failed to download. They have been ignored, or old ones used instead.
user@starfive:~/ChrysaLisp$ cat /etc/apt/sources.list
deb [trusted=yes] debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable main

The 2023 package is in the updated package list. If not able to update with the mentioned args, try wget/curl the package directly and install with dpkg -i debian-ports-archive-keyring_2023.02.01_all.deb

Where’s the best place to submit issues for this Debian Image 69?

Issue

sudo apt-get install aptitude
sudo: unable to resolve host starfiveYOW: Name or service not known

Issue

the gui desktop closes suddenly and after a long while the login prompt is displayed again.

Issue

Rust “ring” crate on the vf2 and other riscv boards doesn’t build. Build for riscv64gc-unknown-linux-gnu failed. · Issue #1419 · briansmith/ring · GitHub

Good news: aptitude and emacs-nox work. The full unstable repo snapshot is available to install which is impressive. Java was already installed. I installed Rust nightly with no issues via the standard https://rustup.rs way. Rust likes to have a cc around so I installed build-essential,clang-15-tools, lld-15, llvm 15 as well with no issues.

Hello together,

does anyone has send an e-mail to ftpmaster@ports-master.debian.org to resolve the issue with the signature ?

Best regards
Damian

PS: I have now sent a mail

There is a much simpler solution:
1- download the debian-ports-archive-keyring_2023.02.01_all.deb package from https://deb.debian.org/debian-ports/pool/main/d/debian-ports-archive-keyring/debian-ports-archive-keyring_2023.02.01_all.deb with wget or curl,
install with dpkg -i debian-ports-archive-keyring_2023.02.01_all.deb
2-Use the regular unstable ports directory in /etc/apt/sources.list:
deb http://ftp.ports.debian.org/debian-ports/ unstable main
instead of (or comment out)
#deb https://snapshot.debian.org/archive/debian-ports/20220616T194833Z unstable main

Thanks @johanhenselmans; 1. by itself didn’t fix anything for me (maybe it wasn’t supposed to), but 1. and 2. seems to work (and boy, it’s working itself through 895 updates now).

I also like a CLI only image version. Many I suspect use as 24/7/365. Therefore only need a CLI version that ssh to when need access.

A method to easily enable SSH from base image would be most helpful so do not need to connect HDMI and keyboard to download/enable SSH. For example with RaspberryOS all one needs to do to enable ssh on image is to touch /boot/ssh. When RaspberyPiOS boots it enables ssh and deletes the /boot/ssh file.

Unfortunately I can’t boot after I update it.

(“Can’t boot” is a particularly useless bug report - you need to share how fair it gets at the very least)

It worked for me, but I saw one scary potential failure: the apt upgrade proposed a change to /etc/defaults/u-boot which would probably break boot if accepted:

+#U_BOOT_FDT_OVERLAYS=""
+#U_BOOT_FDT_OVERLAYS_DIR="/boot/dtbo/"
 
-U_BOOT_PARAMETERS="root=/dev/mmcblk1p3 rw console=tty0 console=ttyS0,115200 earlycon rootwait stmmaceth=chain_mode:1 selinux=0"
-U_BOOT_FDT_DIR="/boot/dtbs/"

If you took that change, the easiest fix is probably to mount that partition on a different machine and change u-boot back.

You’re right, I should’ve been much more specific.
After a bit of analysis, my machine actually boots up, but the HDMI isn’t working. And when I try the SSH connection(I had to connect my sd card to another machine to change ssh conf), this works fine. Is there any logs I should provide to troubleshoot this?

Plus, The apt suggested two configuration changes, one is mime.conf and another one is uboot. I used previous configuration for uboot, and I changed mime conf file to new one. Like you said this debian image has unique uboot configuration, so it shouldn’t be changed.

Thanks.

Well HDMI has never worked for me (see other threads). @Michael.Zhu has proposed workaround which should give 1920x1080 on my 2560x1440 monitor. I haven’t tested it as I mostly use it remotely anyway. I’ve seen plenty of other people with HDMI issues, so I assume it’s a know issue being worked.