Bug#338889: Overzealously prefers signed packages to identical unsigned ones
Package: apt
Version: 0.6.42.3
Severity: normal
Hi,
I have a local package repository that is pieced together from many
different sources. I don't have a signed Release file (is there an easy way
to generate one automatically?); I only generate my own Packages file.
The patch to this local repository is listed first in my sources.list.
Nevertheless, when apt-get needs to fetch packages, it ignores my local
repository and downloads the exact same packages from the net instead,
presumably because those repositories are signed. (But do correct me if I'm
wrong.)
This is inefficient. I think that in situations where an identical (same
md5sum) package is available from multiple sources, the existence of a
Release signature shouldn't be a consideration - after all, if the local
copy has the same md5sum, it can be assumed that the same signature that the
copy from the official mirror has also applies to this one.
Currently, I work around the problem by copying all packages apt would
download to /var/cache/apt/archives from my local repository before invoking
apt.
Andras
-- Package-specific info:
-- apt-config dump --
APT "";
APT::Architecture "i386";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Get "";
APT::Get::Download-Only "false";
APT::Get::Simulate "false";
APT::Get::Assume-Yes "false";
APT::Get::Force-Yes "false";
APT::Get::Fix-Broken "false";
APT::Get::Show-Upgraded "false";
APT::Get::No-Upgrade "false";
APT::Get::Print-URIs "false";
APT::Get::Compile "false";
APT::Get::No-Download "false";
APT::Get::Purge "false";
APT::Get::List-Cleanup "true";
APT::Cache "";
APT::Cache::Important "false";
APT::CDROM "";
APT::CDROM::Rename "false";
APT::CDROM::NoMount "false";
APT::CDROM::Fast "false";
APT::CDROM::NoAct "false";
APT::Cache-Limit "40000000";
APT::Ignore-Hold "false";
APT::Immediate-Configure "true";
APT::Force-LoopBreak "false";
APT::FTPArchive "";
APT::FTPArchive::Release "";
APT::FTPArchive::Release::Origin "Korn";
APT::FTPArchive::Release::Label "Debian";
APT::FTPArchive::Release::Suite "experimental";
APT::FTPArchive::Release::Codename "chardonnay";
APT::FTPArchive::Release::Components "main";
APT::FTPArchive::Release::Description "Experimental archive for private use";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::userstatus "status.user";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::dpkg "/usr/bin/dpkg";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "if dpkg -s apt-listbugs | grep -q '^Status: .* ok installed'; then /usr/sbin/apt-listbugs apt || ( test $? -ne 10 || exit 10; echo 'Warning: apt-listbugs exited abnormally, hit enter key to continue.' 1>&2 ; read a < /dev/tty ); fi";
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -ne 10";
DPkg::Tools "";
DPkg::Tools::Options "";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
DPkg::Post-Invoke "";
DPkg::Post-Invoke:: "if [ -x /usr/bin/debsums ]; then /usr/bin/debsums --generate=nocheck -sp /var/cache/apt/archives; fi";
DPkg::Post-Invoke:: "if [ -x /usr/sbin/localepurge ] && [ $(ps w -p $PPID | grep -c remove) != 1 ]; then /usr/sbin/localepurge; else exit 0; fi";
DPkg::Options "";
DPkg::Options:: "--force-overwrite";
DPkg::Options:: "--force-bad-verify";
DPkg::Run-Directory "/";
DPkg::Build-Options "-b -uc";
Acquire "";
Acquire::Queue-Mode "host";
Acquire::Retries "0";
Acquire::Source-Symlinks "true";
Acquire::http "";
Acquire::http::Proxy "";
Acquire::http::Timeout "5";
Acquire::http::No-Cache "false";
Acquire::http::Max-Age "86400";
Acquire::http::No-Store "false";
Acquire::Timeout "5";
Acquire::Passive "true";
Acquire::Passive::galeon.sourceforge.net "false";
Acquire::Proxy "";
Acquire::Proxy::Passive "true";
cdrom "";
cdrom::Mount "/cdrom";
cdrom::/cdrom/ "";
cdrom::/cdrom/::Mount "sleep 1000";
cdrom::/cdrom/::UMount "sleep 500";
DSelect "";
DSelect::Clean "auto";
DSelect::Options "-f";
DSelect::UpdateOptions "";
DSelect::PromptAfterUpdate "no";
Debug "";
Debug::pkgProblemResolver "false";
Debug::pkgAcquire "false";
Debug::pkgAcquire::Worker "false";
Debug::pkgDPkgPM "false";
Debug::pkgInitialize "false";
Debug::NoLocking "false";
Debug::Acquire "";
Debug::Acquire::Ftp "false";
Debug::aptcdrom "false";
-- /etc/apt/preferences --
-- /etc/apt/sources.list --
deb file:/mnt/debian unstable main
deb ftp://ftp.bme.hu/OS/Linux/dist/debian sid main contrib non-free
[...]
-- System Information:
Debian Release: unstable
APT prefers breezy-security
APT policy: (500, 'breezy-security'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11.7-chardonnay-skas3-v8-rc2
Locale: LANG=C, LC_CTYPE=hu_HU (charmap=ISO-8859-2)
Versions of packages apt depends on:
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libgcc1 1:4.0.2-3 GCC support library
ii libstdc++6 4.0.2-3 The GNU Standard C++ Library v3
apt recommends no packages.
-- no debconf information
--
Andras Korn <korn at chardonnay.math.bme.hu>
<http://chardonnay.math.bme.hu/~korn/> QOTD:
Modem sex begins with a handshake.
Reply to: