I followed the instructions from here, and I got the following output:
$ sudo apt-get install syncthing
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 2.935 kB of archives.
After this operation, 0 B of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
Install these packages without verification [y/N]?
I googled a little, and then I did this:
$ sudo apt-key adv --recv-key --keyserver pool.sks-keyservers.net D26E6ED000654A3E
$ sudo apt-key adv --recv-key --keyserver pool.sks-keyservers.net 49F5AEC0BCE524C7
$ sudo apt-get update
I still get the same authentication warning. I thought it best to report this, rather than just installing.
Did I do something wrong ?
Are the install instructions complete ?
What package does it actually try to install (version, architecture)? It looks to me like things are set up correctly, the packages are signed, and
jb@syno:~ $ curl -s https://syncthing.net/release-key.txt | gpg -v
gpg: armor header: Version: GnuPG v1
pub 2048R/D26E6ED000654A3E 2014-12-29 Syncthing Release Management <email@example.com>
sig D26E6ED000654A3E 2014-12-29 [selfsig]
sig 49F5AEC0BCE524C7 2014-12-29 Jakob Borg (calmh) <firstname.lastname@example.org>
sub 2048R/681C3CFCF614F575 2014-12-29
sig D26E6ED000654A3E 2014-12-29 [keybind]
sub 4096R/2B9FAE4C37C86D31 2015-05-11 [expires: 2025-05-08]
sig D26E6ED000654A3E 2015-05-11 [keybind]
(that last key is the one that signs the packages) It looks like the same key is on the key servers, although your import command stalls for me for whatever reason.
Thanks for the reply ! Does the following output answer your question about the version and architecture ?
$ apt-cache show syncthing
Maintainer: Syncthing Release Management <email@example.com>
Description: Open Source Continuous File Synchronization
Syncthing does bidirectional synchronization of files between two or
Yeah, it’s the right package (and checksum). Googling around seems to indicate there are various bugs in
dpkg-sig causing it to fail verification.