Malformed MPI adding a repository

Troubleshooting
,
1

Creating a bug report/issue

I have searched the existing open and closed issues

Required Information

  • DietPi version | G_DIETPI_VERSION_CORE=9
    G_DIETPI_VERSION_SUB=19
    G_DIETPI_VERSION_RC=2
    G_GITBRANCH=‘master’
    G_GITOWNER=‘MichaIng’
  • Distro version | trixie 0
  • Kernel version | Linux DietPiTest 6.12.47+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.12.47-1+rpt1 (2025-09-16) aarch64 GNU/Linux
  • Architecture | arm64
  • SBC model | RPi 4 Model B (aarch64)
  • Power supply used | Original Raspeberry
  • SD card used | Kingston 16 GB

Additional Information (if applicable)

  • Software title | Jotta-cli (JottaCloud cloud backup cli)
  • Was the software title installed freshly or updated/migrated? fresh
  • Can this issue be replicated on a fresh installation of DietPi? yes
    ← If you sent a “dietpi-bugreport”, please paste the ID here →
  • Bug report ID |

Steps to reproduce

  1. Obtaining gpg key for the JottaCloud repsository. Needed to dearmor the key because sqv
eval curl -fsSL https://repo.jotta.cloud/public.gpg | gpg --dearmor -o /usr/share/keyrings/jotta.gpg --yes
  1. Add the key to the list
echo "deb [signed-by=/usr/share/keyrings/jotta.gpg] https://repo.jotta.cloud/debian debian main" | sudo tee /etc/apt/sources.list.d/jotta-cli.list\
  1. Do apt update

Expected behaviour

  • The repository should be readed

Actual behaviour

apt update throws an error:

Des:8  https://repo.jotta.cloud/debian debian InRelease [13,9 kB] 
Err:8  https://repo.jotta.cloud/debian` debian InRelease Sub-process /usr/bin/sqv returned an error code (1), error message is: Verifying signature:            
Malformed MPI: leading bit is not set: expected bit 8 to be set in  1000111 (47) 
Warning: OpenPGP signature verification failed:  ` https://repo.jotta.cloud/debian` debian InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Verifying signature:            
Malformed MPI: leading bit is not set: expected bit 8 to be set in  1000111 (47) 
Error: El repositorio « ` https://repo.jotta.cloud/debian``  debian InRelease» no está firmado. 
Notice: No se puede actualizar de un repositorio como este de forma segura y por tanto está deshabilitado por omisión. 
Notice: Vea la página de manual apt-secure(8) para los detalles sobre la creación de repositorios y la configuración de usuarios.` ``

Extra details

  • Initially, I had tried to install normally and get the error. The developer says to dearmor the key because Trixie sqv, and try again, with same error.

  • I’ve tried also in Debian Trixie and in RaspiOS Trixie, initially without dearmouring the key (with the MPI error), and later, dearmouring the key, and then, in both distros, this worked. But not in Dietpi.

  • This is the complet sequence:

root@DietPiTest:~# eval curl -fsSL ``https://repo.jotta.cloud/public.gpg`` | gpg --dearmor -o /usr/share/keyrings/jotta.gpg --yes
root@DietPiTest:~# echo “deb [signed-by=/usr/share/keyrings/jotta.gpg]   ````` https://repo.jotta.cloud/debian` ``` debian main” | sudo tee /etc/apt/sources.list.d/jotta-cli.list deb [signed-by=/usr/share/keyrings/jotta.gpg]  ` https://repo.jotta.cloud/debian` debian main 
root@DietPiTest:~# apt update 
Obj:1  ` https://deb.debian.org/debian` trixie InRelease 
Obj:2  ` https://deb.debian.org/debian` trixie-updates InRelease 
Obj:3  ` https://deb.debian.org/debian-security` trixie-security InRelease 
Obj:4  ` https://deb.debian.org/debian` trixie-backports InRelease 
Obj:5  ` https://archive.raspberrypi.com/debian` trixie InRelease 
Obj:6  ` https://dietpi.com/apt` trixie InRelease 
Obj:7  ` https://dietpi.com/apt` all InRelease 
Des:8  ` https://repo.jotta.cloud/debian` debian InRelease [13,9 kB] 
Err:8  ` https://repo.jotta.cloud/debian` debian InRelease Sub-process /usr/bin/sqv returned an error code (1), error message is: Verifying signature:            
Malformed MPI: leading bit is not set: expected bit 8 to be set in  1000111 (47) Warning: OpenPGP signature verification failed:  ` https://repo.jotta.cloud/debian` debian InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Verifying signature:            
Malformed MPI: leading bit is not set: expected bit 8 to be set in  1000111 (47) Error: El repositorio « ` https://repo.jotta.cloud/debian``  debian InRelease» no está firmado. 
Notice: No se puede actualizar de un repositorio como este de forma segura y por tanto está deshabilitado por omisión. 
Notice: Vea la página de manual apt-secure(8) para los detalles sobre la creación de repositorios y la configuración de usuarios.
2

This is a know problem and jotta needs to fix it from there side:
https://www.reddit.com/r/jottacloud/comments/1oh6vix/debian_trixie_malformed_mpi/

There is also a kind of technical explanation here:
https://github.com/jotta/jotta-cli-issues/issues/208#issuecomment-3481983466

The current workaround is to download the package directly from here:
https://repo.jotta.cloud/debian/

So for your RPi4 you can do the following:

wget https://repo.jotta.cloud/debian/pool/main/j/jotta-cli/jotta-cli_0.17.148769_arm64.deb
sudo apt install ./jotta-cli_0.17.148769_arm64.deb
rm jotta-cli_0.17.148769_arm64.deb

You should also remove the repo from your list, until they fixed the issue:

sudo rm /etc/apt/sources.list.d/jotta-cli.list
sudo apt update

IDK why it’s working in vanilla Debian and PiOS, maybe they have a kind of a fallback, switching to gpgv when sqv fails?!

3

Thanks @Jappe

Although it is a workaround and did not resolve the updating of the app, it works.

Now I am facing another problem with dbus, but this is other post.

4

Did you install dbus? It’s not preinstalled on dietpi

5

Yes, I’ve installed dbus, and the app still warns about it. I will open another post with that.