Creating a bug report/issue
I have searched the existing open and closed issues
Required Information
- DietPi version : 10.0.1
- Distro version : trixie
- Kernel version : Linux Roon 6.12.63+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.63-1 (2025-12-30) x86_64 GNU/Linux
- Architecture : amd64
- SBC model : Native PC (x86_64) [NUC11TNHi7]
- Power supply used : Bundled NUC power supply
- SD card used : NVME SSD - SAMSUNG 950 Pro 2TB
Additional Information (if applicable)
Steps to reproduce
dietpi-update
Expected behaviour
Update succeeds
Actual behaviour
Native PC (x86_64) | IP: 10.212.153.202
┌──────────────────────────────────────────────────┤ DietPi-Update ├───────────────────────────────────────────────────┐
│ APT update │
│ - Command: apt-get -y -eany update │
│ - Exit code: 100 │
│ - DietPi version: v10.0.1 (MichaIng/master) | HW_MODEL: 21 | HW_ARCH: 10 | DISTRO: 8 │
│ - Error log: │
│ Hit:1 https://deb.debian.org/debian trixie InRelease │
│ Hit:2 https://download.docker.com/linux/debian trixie InRelease │
│ Hit:3 https://deb.debian.org/debian trixie-updates InRelease │
│ Hit:4 https://deb.debian.org/debian-security trixie-security InRelease │
│ Hit:5 https://deb.debian.org/debian trixie-backports InRelease │
│ Get:6 https://downloads.plex.tv/repo/deb public InRelease \[6685 B\] │
│ Err:6 https://downloads.plex.tv/repo/deb public InRelease │
│ Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on │
│ CD665CBA0E2F88B7373F7CB997203C7B3ADCA79D is not bound: No binding signature at time 2025-09-22T18:33:03Z │
│ because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance │
│ because: SHA1 is not considered secure since 2026-02-01T00:00:00Z │
│ Hit:7 https://dietpi.com/apt trixie InRelease │
│ Hit:8 https://download.webmin.com/download/newkey/repository stable InRelease │
│ Fetched 6685 B in 1s (11.7 kB/s) │
│ Reading package lists… │
│ W: An error occurred during the signature verification. The repository is not updated and the previous index files │
│ will be used. OpenPGP signature verification failed: https://downloads.plex.tv/repo/deb public InRelease: │
│ Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on │
│ CD665CBA0E2F88B7373F7CB997203C7B3ADCA79D is not bound: No binding signature at time 2025-09-22T18:33:03Z │
│ because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance │
│ because: SHA1 is not considered secure since 2026-02-01T00:00:00Z │
│ E: Failed to fetch https://downloads.plex.tv/repo/deb/dists/public/InRelease Sub-process /usr/bin/sqv returned an │
│ error code (1), error message is: Signing key on CD665CBA0E2F88B7373F7CB997203C7B3ADCA79D is not bound: │
│ No binding signature at time 2025-09-22T18:33:03Z because: Policy rejected non-revocation signature │
│ (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since │
│ 2026-02-01T00:00:00Z │
│ │
│ Retry : Re-run the last command that failed │
│ DietPi-Config : Edit network, APT/NTP mirror settings etc │
│ Open subshell : Open a subshell to investigate or solve the issue │
│ Send report : Upload bug report including system info to DietPi │
│ Print report : Print bug report template for GitHub or forum │
│ ●─ Devs only -------------------------------------● │
│ Change command : Adjust and rerun the command │
│ │
│ │
│ │
│ │
└──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
Extra details
This appears to be an issue caused by the plex signing key that has been mentioned in other threads. However, I am concerned that it will block future updates that will address the plex issue (and this one).
The “(PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z“ entry indicates that this may be a problem only seen over the last couple of days.