Temporary Debian 13 signature workaround (!9) · Merge requests · BC / public / docker

Peio Rigaux requested to merge feature/debian13_repo_signature_workaround into main Oct 17, 2025

For now we trust the repository on the client side because we can't just apply an apt update on this repo.

The reason for this is that the repo is uses sha1, which is apparently forbidden (because insecure) now in Debian 13

apt update

`Warning: OpenPGP signature verification failed: https://download.linphone.org/snapshots/debian trixie InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on BD50F919A18BF76E078F24A6C89D15DD115B34BD is not bound: No binding signature at time 2025-10-17T03:21:42Z because: Policy rejected non-revocation signature (PositiveCertification) requiring collision resistance because: SHA1 is not considered secure since 2013-02-01T00:00:00Z

Error: The repository 'https://download.linphone.org/snapshots/debian trixie InRelease' is not signed.

Notice: Updating from such a repository can't be done securely, and is therefore disabled by default.

Notice: See apt-secure(8) manpage for repository creation and user configuration details.`

Already deployed fixed docker image as gitlab.linphone.org:4567/bc/public/docker/debian13-php:20251017_125807_debian13_signature_workaround to test lime-server and file-transfer-server debian13 support.

lime-server!4

flexisip-http-file-transfer-server!26

Raised concern to Flexisip team internally.

Edited Oct 17, 2025 by Peio Rigaux

Admin message

Temporary Debian 13 signature workaround

Merge request reports