[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#834973: marked as done (apt update in sid chroot exits with "repository is not signed")

Your message dated Tue, 30 Aug 2016 22:22:29 +0000
with message-id <E1berQL-00039e-Le@franck.debian.org>
and subject line Bug#834973: fixed in apt 1.3~rc3
has caused the Debian Bug report #834973,
regarding apt update in sid chroot exits with "repository is not signed"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
834973: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834973
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apt
Version: 1.3~rc2
Severity: important

Dear Maintainer,

   * What led up to the situation?

I've set up a sid chroot, a long time ago.

Running

    gpgv                        2.1.14-5
    debian-archive-keyring      2014.3
    libapt-pkg5.0:amd64         1.3~rc2
    libc6:amd64                 2.23-4


   * What exactly did you do (or not do) that was effective (or
     ineffective)?

 (sid)root@janacopoulos:~# apt update && apt -V dist-upgrade

   * What was the outcome of this action?

This is displayed

 Get:1 http://ftp.nl.debian.org/debian sid InRelease [209 kB]
 Err:1 http://ftp.nl.debian.org/debian sid InRelease
   At least one invalid signature was encountered.
 Reading package lists... Done
 W: GPG error: http://ftp.nl.debian.org/debian sid InRelease: At least one invalid signature was encountered.
 E: The repository 'http://httpredir.debian.org/debian sid InRelease' is not signed.
 N: Updating from such a repository can't be done securely, and is therefore disabled by default.
 N: See apt-secure(8) manpage for repository creation and user configuration details.

   * What outcome did you expect instead?

An updated system.


I've also tried to do some debugging:

 wget 'http://ftp.nl.debian.org/debian/dists/sid/InRelease'
 gpg --verify InRelease

gives

 gpg: Signature made недеља, 21. август 2016. 05:22:47  using RSA key ID 46925553
 gpg: Good signature from "Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>"
 Primary key fingerprint: A1BD 8E9D 78F7 FE5C 3E65  D8AF 8B48 AD62 4692 5553
 gpg: Signature made недеља, 21. август 2016. 05:22:47  using RSA key ID 2B90D010
 gpg: Good signature from "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>"
 Primary key fingerprint: 126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010


and

 (sid)root@janacopoulos:~# apt -o Debug::Acquire::gpgv=yes update

gives

Get:1 http://ftp.nl.debian.org/debian sid InRelease [209 kB]
0% [Working]inside VerifyGetSigners
0% [1 InRelease gpgv 209 kB]Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.7pzp9M
 /tmp/apt.data.WiZ9eV
gpgv exited with status 1
Summary:
  Good:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey:
  NODATA: no
Err:1 http://ftp.nl.debian.org/debian sid InRelease
  At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://ftp.nl.debian.org/debian sid InRelease: At least one invalid signature was encountered.
E: The repository 'http://httpredir.debian.org/debian sid InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

and also

 (sid)root@janacopoulos:~# apt-key verify /var/lib/apt/lists/partial/httpredir.debian.org_debian_dists_sid_InRelease

gives

 gpgv: Signature made недеља, 21. август 2016. 03:22:47  using RSA key ID
 gpgv: Good signature from "Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>"
 gpgv: Signature made недеља, 21. август 2016. 03:22:47  using RSA key ID
 gpgv: Good signature from "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>"


Thanks for your time!

Bye,

Joost

--- End Message ---
--- Begin Message --- 
Source: apt
Source-Version: 1.3~rc3

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 834973@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 Aug 2016 22:20:28 +0200
Source: apt
Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 1.3~rc3
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst2.0 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg5.0 - package management runtime library
Closes: 834767 834973 835094 835195 835818
Changes:
 apt (1.3~rc3) unstable; urgency=medium
 .
   [ Julian Andres Klode ]
   * Ignore SIGINT and SIGQUIT for Pre-Install hooks
     This basically fixes Bug #832593, as long as your /bin/sh
     is not dash, as dash is evil.
   * prepare-release: Use equivs and gdebi-core for travis deps
   * install-progress: Call the real ::fork() in our fork() method
   * Packaging cleanup:
     - debian: Install etc/apt if present (e.g., on Ubuntu)
     - tests/control: Handle the gpg1/gpg2 mess a bit better
     - debian: Make better use of the tree installed by CMake
     - debian: Switch to debhelper 10
     - debian: Add more lintian overrides
     - debian: Drop outdated stuff
     - debian: Run wrap-and-sort
     - Add new symbols to symbols file
   * Build system fixes, including:
    - CMake: Translations: Don't rebuild .mo for line number changes
    - CMake: Translations: Pass --previous to msgmerge.
      Thanks to Guillem Jover for the suggestion.
    - CMake: Do not add po/ if USE_NLS is OFF
    - CMake: Install config and logging directories
    - CMake: Translations: Build byproduct before output
    - CMake: Add Large File Support (Closes: #834767)
   * Several portability fixes (full test suite passes on FreeBSD), including:
    - CMake: Discover docbook stylesheet in other locations
    - Add missing includes and external definitions
    - Use C locale instead of C.UTF-8 for protocol strings
    - Make directory paths configurable
    - Lower-case uname -r output in kernel autoremove helper
    - Make root group configurable via ROOT_GROUP
   * Accept --autoremove as alias for --auto-remove
   * apt-inst: debfile: Pass comp. Name to ExtractTar, not Binary
   * changelog: Respect Dir setting for local changelog getting
   * init: Add Dir::Bin::planners default entry
   * Switch documentation from httpredir.d.o to deb.d.o
 .
   [ Zhou Mo ]
   * zh_CN.po: update simplified Chinese translation
 .
   [ David Kalnischkies ]
   * do dpkg --configure before --remove/--purge --pending (Closes: 835094)
   * prevent C++ locale number formatting in text APIs (try 3) (LP: 1611010)
   * do fail on weakhash/loop earlier in acquire (Closes: 835195)
   * do not restore selections for already purged packages
   * apt-key: warn instead of fail on unreadable keyrings
   * show apt-key warnings in apt update (Closes: 834973)
   * treat .ddeb files like .deb, especially for dpkg (LP: #1616909)
   * randomize acquire order for same type index files
   * don't loop on pinning pkgs from absolute debs by regex (Closes: 835818)
Checksums-Sha1:
 acecff740b990be937f2e7424e56d7c5b3c67199 2504 apt_1.3~rc3.dsc
 f1cefd8a56d25e03aafaf011e4d21a854866d8f6 2039444 apt_1.3~rc3.tar.xz
Checksums-Sha256:
 6f012892b5f68f5f3e6b4448e46a327f1e0fdda8084d25912fbb71a386998edc 2504 apt_1.3~rc3.dsc
 7dcb942027d29aa6dfdab195b6c1754c564b839d4e5b43756258692a51a9fa8a 2039444 apt_1.3~rc3.tar.xz
Files:
 c9cf02f73a35e3950b8cbe059ca203e6 2504 admin important apt_1.3~rc3.dsc
 a3f91993c6d5198e99910893b7f8b337 2039444 admin important apt_1.3~rc3.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIsBAEBCgAWBQJXxerhDxxqYWtAZGViaWFuLm9yZwAKCRDXPDnlZYCzhqboEACV
qrJDv8SqCDU8HxlJGhPsBIrfOC5+qIErSRNcsTwihxd7ravPyIv7t7EvhbYnRowf
DWThAqj9YoUlmrMZ01PKX5HlLUbriKchbEo63KfLrfuUITy3rTFlNn5ELjM+dBIB
zD0b2cXzkfhOAYER5vOyEIWxIelIsAFIzRcKxH4NqkKmKXxMsYSK9WBzlqCpaeL1
clw+jYw9ZtcKzPE9ar299eDY7c/wTnKNC7ueC5potsXTeHKfhlcemSEOiEClATmE
K++tYwbuamiRnBDVQamOGJBvFunsdkZ4fvb8+kJwjf3ms7BzZTXhxo1wDBNyGGtV
5MERHGPdmIzJVUioUoJQFBrp3GhtutpxIy6QSONAtzrSvYgrL1xmCquM8K7Q6ls1
WHYsqDtRe+reQZmnxLUO+CcyKQgNd3WcWt8joK7XYu92/tW+19npbk/oEW4GLsyN
lktUx+tM1bIHt1VgcliSMjZvA4YdrEHOxr7ESxYSqlFFw1EHtiSkq7qh2pjUibol
MrpLEl+w0OrDOdn1LEdXjc6R8Tx6M/x8dGIB27blqMN5F/Ri7EZDWU6Xv/FcMo85
Bub3B/eU7FMqAAgkQ9ZySoYNFRwSxchKyLyDNMC4v1HtT3nxXuam6Zw8GBe61eUr
Nu+YtzfpNp5sBvJzU9aUnmSL5QVYsGn970dvrQAN9g==
=FwXw
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: