Problems when updating on Ubuntu 20.04.6

Andi W.

Since a few days / may be weeks - I have an issue when updating my Ubuntu Server running 20.04.6.
When calling


sudo apt update

I get the following messages:


OK:1 https://repos.influxdata.com/ubuntu focal InRelease
OK:2 http://de.archive.ubuntu.com/ubuntu focal InRelease                                                                                                  
OK:3 https://packages.grafana.com/oss/deb stable InRelease                                                                                                
OK:4 http://de.archive.ubuntu.com/ubuntu focal-updates InRelease                                  
OK:5 http://de.archive.ubuntu.com/ubuntu focal-backports InRelease        
OK:7 http://de.archive.ubuntu.com/ubuntu focal-security InRelease         
Holen:8 https://dl.cloudsmith.io/public/evcc/stable/deb/ubuntu focal InRelease [5.121 B]
Holen:6 https://apt.tvheadend.org/stable focal InRelease                     
Fehl:6 https://apt.tvheadend.org/stable focal InRelease
  Durch Clearsign signierte Datei ist nicht gültig, »NOSPLIT« erhalten (erfordert das Netzwerk eine Authentifizierung?)
Paketlisten werden gelesen... Fertig
E: Fehlschlag beim Holen von https://apt.tvheadend.org/stable/dists/focal/InRelease Durch Clearsign signierte Datei ist nicht gültig, »NOSPLIT« erhalten (erfordert das Netzwerk eine Authentifizierung?)
E: Das Depot »https://apt.tvheadend.org/stable focal InRelease« ist nicht mehr signiert.
N: Eine Aktualisierung von solch einem Depot kann nicht auf eine sichere Art durchgeführt werden, daher ist es standardmäßig deaktiviert.
N: Weitere Details zur Erzeugung von Paketdepots sowie zu deren Benutzerkonfiguration finden Sie in der Handbuchseite apt-secure(8).

which means, that "https://apt.tvheadend.org/stable focal InRelease" fails.

I've checked everything with my internet connection, tried to connect the server directly to the Fritzbox, restarted the Fritzbox after a minute disconnection from the power supply.

I even tried to connect my server to the hotspot from my mobile phone to get internet access - all the same.

At least I tried to insert the block "[allow-insecure=yes]" for testing in my tvheadend.list:


deb [allow-insecure=yes] https://apt.tvheadend.org/stable focal main

with the following effect:


OK:1 https://packages.grafana.com/oss/deb stable InRelease
OK:2 http://de.archive.ubuntu.com/ubuntu focal InRelease                                          
Holen:3 https://dl.cloudsmith.io/public/evcc/stable/deb/ubuntu focal InRelease [5.121 B]          
OK:4 https://repos.influxdata.com/ubuntu focal InRelease                                          
OK:5 http://de.archive.ubuntu.com/ubuntu focal-updates InRelease                                  
OK:7 http://de.archive.ubuntu.com/ubuntu focal-backports InRelease
OK:8 http://de.archive.ubuntu.com/ubuntu focal-security InRelease
Holen:6 https://apt.tvheadend.org/stable focal InRelease
Ign:6 https://apt.tvheadend.org/stable focal InRelease
Holen:9 https://apt.tvheadend.org/stable focal Release
Holen:10 https://apt.tvheadend.org/stable focal Release.gpg
Fehl:10 https://apt.tvheadend.org/stable focal Release.gpg
  Signierte Datei ist nicht gültig, »NODATA« erhalten. (Erfordert das Netzwerk eine Authentifizierung?)
Paketlisten werden gelesen... Fertig
E: GPG-Fehler: https://apt.tvheadend.org/stable focal Release: Signierte Datei ist nicht gültig, »NODATA« erhalten. (Erfordert das Netzwerk eine Authentifizierung?)

which means, now "https://apt.tvheadend.org/stable focal Release.gpg" fails instead of "https://apt.tvheadend.org/stable focal InRelease" in the version before.

Could it be, that the signature of the files to be updated are not valid anymore?

Thanks for your help in advance!

chewitt

I think this is caused by infrastructure changes made when moving the tvheadend.org domain into its own Cloudflare account. We have no knowledge of the original DNS records and have simply set page rules that redirect http(s) requests for apt.tvheadend.org to cloudsmith.io.
I can also see nginx virtual-host config for apt.tvheadend.org on this (Redmine) forum server, but that appears to be a repo for artefacts created by the doozer CI system which has been dead for a while; although the repo was probably still running with content that wasn't being updated.
So when we've redirected https requests to cloudsmith, URLs were changed, and even if the redirect resulted in a working repo the signing (which is generated and applied at the repo after files are uploaded) will have changed and that would explain the errors.

Regardless, it's best to remove the current apt.tvheadend.org repo and recreate with:

curl -1sLf 'https://dl.cloudsmith.io/public/tvheadend/tvheadend/setup.deb.sh' | sudo -E bash

Then "sudo apt clean" and "sudo apt update" and you should be able to apt get packages again.

Andi W.

It worked!
Thank's a lot.