Packages not authenticated

Bug #33696 reported by MikeMcKay
18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
synaptic (Ubuntu)
Won't Fix
Medium
Unassigned

Bug Description

Packages updated from gb.archive.ubuntu.com are flagged as not authenticated but when the same packages are updated from archive.ubuntu.com they are not so flagged.

This bug was entered as affecting the synaptic package. I would have liked to enter "Breezy Repositories" but the system requires a package name. As I have been using Synaptic for package maintenance I therefore entered that and am keeping my fingures crossed.

A month or so ago I upgraded from Hoary to Breezy and afterwards had periodic problems with packages for update being flagged as not authenticated. I use Synaptic for all package administration.

The repositories I used for Hoary were gb.archive.ubuntu.com. To do the upgrade I simply changed all references in sources.list from Hoary to Breezy so I continued to use this URL for Breezy package maintenance.

Finally, following some hints and a hunch, I changed all the repositories to archive.ubuntu.com did a reload and the problem went away. (Between the upgrade and the repository switch I had performed a number of reloads without affecting the problem)

If all packages are signed identically regardless of which repository/mirror they are downloaded from then this shouldn't happen.

The hint that I referred to above was a forum report of someone solving a similar problem by removing the leading "us" from us.archive.ubuntu.com so it seems it's not just me and not just the gb repositories.

This bug may be related to and interacting with No. 31706.

For significant further details and ongoing contributions, see http://www.ubuntuforums.org/showthread.php?t=139191

Finally, it would be nice to obtain some information on how the signing is managed, how the public keys are distributed and how they find their way into /etc/apt/trusted.gpg

Revision history for this message
MikeMcKay (mike-mckay) wrote :

This is my first Ubuntu bug report and it's got a bit screwed-up.

I think that the likely area of the bug is the Breezy Repositories. I was not permitted to indicate this in the "Package" field.

I therefore tried "Synaptic". This was rejected and gsynaptic appeared to be offered as the closest alternative so I tried that.

And then that was rejected because it's not a package distributed by Ubuntu.

If this bug report gets to the right person regardless then lets all sit back and be quietly amazed . . .

Revision history for this message
MikeMcKay (mike-mckay) wrote :

Disregard the last comment.

I have amended the affected package to "synaptic" and made a rekated change to the text of the bug description.

description: updated
summary: + Packages updated from gb.archive.ubuntu.com are flagged as not
+ authenticated but when the same packages are updated from
+ archive.ubuntu.com they are not so flagged.
MikeMcKay (mike-mckay)
description: updated
Revision history for this message
Gaute (lindkvis) wrote :

I have been seeing similar problems using synaptic, and also sometimes using apt-get.

Mike:
Do you by any chance use this on a wireless connection?

I am wondering if apt-get and synaptic in ubuntu is a little to unforgiving about internet connections.

I have noticed the problem in Breezy amd64 and Dapper i386.

This is an Athlon 64 on a K8T800Pro motherboard from Asus, with a Ralink RT2500 wireless chip onboard.

The wireless card is detected automatically.

Maybe apt-get and synaptic just needs to retry a little and keep longer timeouts before giving up on downloading the headers.

Revision history for this message
Martin Sidaway (t-phon) wrote :

I have just finished installing a fresh Ubuntu installation from the 5.10 CD, and got the same probem as described here, after clicking the update icon. Of course, being a fresh install, it wants to install a lot of updates, and it is listing them all as "NOT AUTHENTICATED" (perl, wget, sudo, openssh, etc...). This is very bemusing, seeing as I haven't touched anything yet to make anything go wrong...
I am in the UK, and so the package repositories are set to the gb versions (same as the OP). I am not using a wireless LAN, however.
Update: I have (just now) changed the package repositories to the non-gb versions, and everything just magically works.
So, in conclusion: there is something seriously wrong with the gb package sources...

Revision history for this message
MikeMcKay (mike-mckay) wrote :

Thanks for the additional info.

I don't have a wireless connection; I have a wired 100 MB network with a 2 MB broadband connection.

Since I submitted the big report I have had one further instance of packages flagged as "not authenticated" (while using the archive.ubuntu.com repository). On this occasion, a simple reload solved the problem.

While previously using the gb.archive.ubuntu.com repository, a reload did not solve the problem (on multiple attempts).

As you say, Martin, there is something wrong with the repositories and it appears to affect the gb.archive.ubuntu.com, us.archive.ubuntu.com and archive.ubuntu.com repositories to differing degrees.

STOP PRESS:
While I was writing this, the Synaptic automatic update thingammy flagged up a number of updates . . .
1) When asked to install them it just wouldn't and did not give any error message.
2) I then used the Synaptic application and did <Mark All UpGrades> and <Apply>. It flagged all the upgradeable packages as "Not Authenticated".
3) I then did a <Reload> and repeated step (2) and it worked just fine with none of the packages marked "Not Authenticated".

Revision history for this message
Gaute (lindkvis) wrote :

Well, I am ALSO in the UK. I have tried archive.ubuntu.com, gb.archive.ubuntu.com and uk.archive.ubuntu.com. All have this problem sometimes.

Are any of you by any chance on NTL broadband as well?

Revision history for this message
Martin Sidaway (t-phon) wrote :

Okay, it seems I was wrong...I have now experienced problems on archive.ubuntu.com as well. However, the problems usually go away after an apt-get update, or a Reload in synaptic. This was not the case with the gb sources...at least I don't think so. But that may just be because of the sheer volume of packages that were being installed.

I have found that sometimes, after updating the package lists, it will install one or two packages alright, but when trying to install a different package, the problem will occur, and then a Reload will fix it...maybe it is not doing a complete update the first time?

Gaute: yes, I am also on NTL.

Revision history for this message
MikeMcKay (mike-mckay) wrote :

I'm on Pipex.

Revision history for this message
Gaute (lindkvis) wrote :

I don't know about Pipex, but NTL puts everyone behind a transparent proxy. Could this have anything to do with it?

Matt Zimmerman (mdz)
Changed in synaptic:
assignee: nobody → mvo
Revision history for this message
Michael Vogt (mvo) wrote :

If this is suspected to be a proxy issue, could you please try (on a terminal):
$ sudo apt-get update -o Acquire::http::No-Cache=true

you can also enter this option into synaptic with the Settings/Set internal option command.

Cheers,
 Michael

Changed in synaptic:
status: Unconfirmed → Needs Info
Revision history for this message
Gaute (lindkvis) wrote :

I have not been able to reproduce the bug while using the command you posted. So the workaround seems to work.

Revision history for this message
Stuart Rossiter (stuartr) wrote :

Presume it's OK to add comments to this bug since still Incomplete.

I also get this problem when behind a proxy i.e. all packages shown as unauthenticated. I think a Synaptic Reload (apt-get update) sometimes corrects the problem but appreciate that the cmd given will avoid any proxy issues.

But doesn't this mean there should be a fix to Synaptic (and/or apt-get) to ensure this when a proxy is being used? Since a Synaptic Reload worked for me, perhaps it is already fixed in Synaptic and it was me doing an apt-get update at the cmd line which broke it (I definitely did this at least once)....

Any info. appreciated.

Revision history for this message
dinar qurbanov (qdinar) wrote :

hello. i have this errors.

Revision history for this message
dinar qurbanov (qdinar) wrote :

it works now after "reload(package information)"

Revision history for this message
Pedro Villavicencio (pedro) wrote :

Thanks for the report, is this still an issue with latest version? Latest comment said it works fine now, may someone else try with Jaunty and comment back? thanks.

Revision history for this message
AdrianBartel (bartelar) wrote :

Was experiencing similar behaviour in Synaptic on Jaunty.
Checked what would happen when using apt-get:

WARNING: The following packages cannot be authenticated!
---snip---
Authentication warning overridden.

So in my case it wasn't a Synaptic bug. Checked /etc/apt/apt.conf and found "APT::Get::AllowUnauthenticated 1;". Changed it to "0" and the warning dissappeared for both apt-get and Synaptic.

So not so much that "packages cannot be authenticated" as "packages will not be authenticated". Perhaps the wording of the messages could be improved?

Revision history for this message
Rena Kunisaki (i-am-inuyasha) wrote :

Recently I've been getting update notifications from Xubuntu's automatic update, and when I attempt to install them, it warns me that some are not authenticated. If I cancel and try again later it eventually works without any warning, so I assume it just hasn't downloaded authentication information yet or some such. This seems like a bug, but what I really wanted to find is an option to not notify of updates that can't be authenticated. I'd much rather wait for the authentication data to download (or whatever is going on there) than install an unauthenticated package if I can.

Changed in synaptic (Ubuntu):
assignee: Michael Vogt (mvo) → nobody
status: Incomplete → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.