apt upgrade - primary key - no binding signature

tak21 · Post by **tak21** » Sat May 17, 2025 11:41 am

Dear all,

I am using SoftMaker NX with debian trixie and I have a warning every time I am updating my system:

https://shop.softmaker.com/repo/apt stable InRelease
/usr/lib/python3/dist-packages/apt/cache.py:565: Warning: W:https://download.sublimetext.com/apt/stable/InRelease: Policy will 
reject signature within a year, see --audit for details, W:https://download.sublimetext.com/apt/stable/InRelease: Sub-process 
/usr/bin/sqv returned an error code (1), error message is:
Signing key on 1EDDE2CDFC025D17F6DA9EC0ADAE6AD28A8F901A is not bound:
           primary key
  because: No binding signature at time 2025-05-13T05:32:15Z
  because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
  because: SHA1 is not considered secure since 2026-02-01T00:00:00Z, W:https://shop.softmaker.com/repo/apt/dists/stable/InRelease:
Policy will reject signature within a year, see --audit for details
  res = self._cache.update(fetch_progress, slist, pulse_interval)

Can you please have a look and are there plans to upgrade the signing key?

Best, Thomas

lgsl · Post by **lgsl** » Tue May 20, 2025 4:41 pm

There are two things there:

First you have an issue with the Sublime Text repository. (Lines 2 to 8 )

Second, the Softmaker repo, if you read, states that the SHA1 is not considered secure since... 2026 ... This means is a Trixie issue. Things that happen when you use Debian Testing or Sid. When one opts to use a testing/unstable/rolling branch of a distribution one must know this will require more attention from the user (like reading carefully warnings, errors and the distro's web page for breaking changes/known issues before updating) and, occasionally, adjust/fix things manually.

Post by **martin-k** » Tue May 20, 2025 6:31 pm

While this is not urgent (the deadline is February 2026), we have updated the repository signing to use SHA-256 instead of SHA-1 this morning.

You might have to re-download our public repository key:

Code: Select all

wget -qO- https://shop.softmaker.com/repo/linux-repo-public.key | gpg --dearmor > /etc/apt/keyrings/softmaker.gpg

tak21 · Post by **tak21** » Wed May 21, 2025 4:38 am

Dear SoftMaker Team: Thank you!!!

SoftMaker.com

apt upgrade - primary key - no binding signature

apt upgrade - primary key - no binding signature

Re: apt upgrade - primary key - no binding signature

Re: apt upgrade - primary key - no binding signature

Re: apt upgrade - primary key - no binding signature