I'm still running Debian 8 "Jessy" on my outdated Banana Pi BPI-R1 hardware. But now, when I try to install a package, I get
WARNING: The following packages cannot be authenticated!
After running
$ apt update
Ign http://archive.debian.org jessie InRelease
Get:1 http://archive.debian.org jessie-backports InRelease [166 kB]
...
Hit http://archive.debian.org jessie/contrib armhf Packages
Fetched 168 kB in 26s (6457 B/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
34 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: GPG error: http://archive.debian.org jessie-backports InRelease: The following signatures were invalid: KEYEXPIRED 1587841717 KEYEXPIRED 1668891673
W: GPG error: http://archive.debian.org jessie Release: The following signatures were invalid: KEYEXPIRED 1587841717
it turns out that the Debian keys expired in 2022. Ok, after searching for the issue I found out that there is a workaround by disabling the validity check.
Basically I followed the guideline from https://blog.milliondollarserver.com/2020/06/fix-apt-get-update-error-on-old-debian.html
Unfortunately the workaround does not fix my problem. I still get warnings when I try to "work" with packages:
$ apt install dpkg-sig
Reading package lists... Done
Building dependency tree
Reading state information... Done
...
Install these packages without verification? [y/N]
E: Some packages could not be authenticated
I verified that the fix has been applied:
$ apt-config dump|grep Valid
Acquire::Check-Valid-Until "false";
Any hints what I'm doing wrong?
There are no plans yet to replace the hardware and use a recent Debian... ;-)
