Ubuntu
apt-cacher package

apt-cacher causes apt-get update to fail signature verification

Bug #386048 reported by Jonathan Avraham
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt-cacher (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: apt-cacher

apt-get update from another computer on the network produces the following output:

Hit http://il.archive.ubuntu.com jaunty Release.gpg
Hit http://security.ubuntu.com jaunty-security Release.gpg
Ign http://security.ubuntu.com jaunty-security/main Translation-en_US
Ign http://il.archive.ubuntu.com jaunty/main Translation-en_US
Hit http://packages.medibuntu.org jaunty Release.gpg
Ign http://security.ubuntu.com jaunty-security/restricted Translation-en_US
Ign http://il.archive.ubuntu.com jaunty/restricted Translation-en_US
Ign http://packages.medibuntu.org jaunty/free Translation-en_US
Ign http://packages.medibuntu.org jaunty/non-free Translation-en_US
Hit http://packages.medibuntu.org jaunty Release
Ign http://security.ubuntu.com jaunty-security/universe Translation-en_US
Ign http://il.archive.ubuntu.com jaunty/universe Translation-en_US
Ign http://security.ubuntu.com jaunty-security/multiverse Translation-en_US
Hit http://security.ubuntu.com jaunty-security Release
Ign http://il.archive.ubuntu.com jaunty/multiverse Translation-en_US
Hit http://packages.medibuntu.org jaunty/free Packages
Get:1 http://il.archive.ubuntu.com jaunty-updates Release.gpg [189B]
Ign http://il.archive.ubuntu.com jaunty-updates/main Translation-en_US
Hit http://security.ubuntu.com jaunty-security/main Packages
Hit http://packages.medibuntu.org jaunty/non-free Packages
Ign http://il.archive.ubuntu.com jaunty-updates/restricted Translation-en_US
Ign http://il.archive.ubuntu.com jaunty-updates/universe Translation-en_US
Ign http://il.archive.ubuntu.com jaunty-updates/multiverse Translation-en_US
Hit http://il.archive.ubuntu.com jaunty Release
Hit http://il.archive.ubuntu.com jaunty-updates Release
Err http://il.archive.ubuntu.com jaunty-updates Release

Hit http://security.ubuntu.com jaunty-security/restricted Packages
Hit http://il.archive.ubuntu.com jaunty/main Packages
Hit http://security.ubuntu.com jaunty-security/main Sources
Hit http://il.archive.ubuntu.com jaunty/restricted Packages
Hit http://security.ubuntu.com jaunty-security/restricted Sources
Hit http://il.archive.ubuntu.com jaunty/main Sources
Hit http://security.ubuntu.com jaunty-security/universe Packages
Hit http://il.archive.ubuntu.com jaunty/restricted Sources
Hit http://security.ubuntu.com jaunty-security/universe Sources
Hit http://il.archive.ubuntu.com jaunty/universe Packages
Hit http://security.ubuntu.com jaunty-security/multiverse Packages
Hit http://il.archive.ubuntu.com jaunty/universe Sources
Hit http://security.ubuntu.com jaunty-security/multiverse Sources
Hit http://il.archive.ubuntu.com jaunty/multiverse Packages
Hit http://il.archive.ubuntu.com jaunty/multiverse Sources
Fetched 189B in 1min 3s (3B/s)
Reading package lists... Done
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: http://il.archive.ubuntu.com jaunty-updates Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>

W: Failed to fetch http://il.archive.ubuntu.com/ubuntu/dists/jaunty-updates/Release

W: Some index files failed to download, they have been ignored, or old ones used instead.
W: You may want to run apt-get update to correct these problems

<---- end here

All the computers are configured to go through the proxy with the /etc/apt/apt.conf.d/01proxy file, which holds one line:
Acquire::http::Proxy "http://myserver:3142";
Similar output is produced from all computers on the network. Going directly to the repos (by removing 01proxy) and running apt-get update again works fine.

Apt-cacher is running with Jaunty on a Pentium 4.

Thanks

ProblemType: Bug
Architecture: i386
DistroRelease: Ubuntu 9.04
Package: apt-cacher 1.6.7ubuntu4
PackageArchitecture: all
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: apt-cacher
Uname: Linux 2.6.28-13-generic i686

Revision history for this message
Jonathan Avraham (shambler-com) wrote :
Revision history for this message
Daniel Richard G. (skunk) wrote :

Was this a transient issue, or are you still seeing signature-verification failures?

Revision history for this message
Jonathan Avraham (shambler-com) wrote :

It was persistent. I changed all sources.list files to use http://myserver:3142/[oldaddress] and canceled the proxy setting to make it work.

Revision history for this message
Daniel Richard G. (skunk) wrote :

Good timing, I've been hacking on apt-cacher today. I'm afraid I can't reproduce this bug. It's possible that this was fixed in 1.6.8.

Would you feel up to building a new apt-cacher package from source, and giving it a go? The .dsc and .diff.gz files are available from http://packages.debian.org/sid/apt-cacher .

Revision history for this message
Jonathan Avraham (shambler-com) wrote :

First of all, sorry for the delayed reply.
I upgraded to 1.6.8 using the sid package and it indeed solved the problem. I've been working with it for more than a week and it seems everything is in order.
I assume it will be adopted in Karmic and the problem will go away for everyone.

Thanks!

Revision history for this message
Daniel Richard G. (skunk) wrote :

Ah, that's good to hear! And it does look like Karmic will ship with 1.6.8. I'm marking this as "Fix Released" accordingly; please change it back if the bug pops up again.

Incidentally, 1.6.9 should be coming out soon (maybe a week?) in Debian. That one has a number of fixes for other bugs, particularly when running under load. You may want to check it out!

Revision history for this message
Daniel Richard G. (skunk) wrote :

Bug no longer reproducible in 1.6.8; assuming fixed.

Changed in apt-cacher (Ubuntu):
status: New → Fix Released
Revision history for this message
TJ (tj) wrote :
Download full text (3.3 KiB)

I'm seeing this on Lucid i386 with:

$ apt-cache policy apt-cacher
apt-cacher:
  Installed: 1.6.10ubuntu1
  Candidate: 1.6.10ubuntu1
  Version table:
 *** 1.6.10ubuntu1 0
        500 http://gb.archive.ubuntu.com/ubuntu/ lucid/universe Packages
        100 /var/lib/dpkg/status

$ sudo apt-get update
Hit http://gb.archive.ubuntu.com lucid Release.gpg
Hit http://gb.archive.ubuntu.com/ubuntu/ lucid/main Translation-en_GB
...
Hit http://gb.archive.ubuntu.com lucid-updates/multiverse Packages
Hit http://gb.archive.ubuntu.com lucid-updates/multiverse Sources
Fetched 11.0MB in 1min 6s (167kB/s)
Reading package lists... Done
W: GPG error: http://gb.archive.ubuntu.com lucid Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>

In /var/log/apt-cache/error.log I see:

Mon Apr 12 22:31:14 2010|info [1112]: ALARM! /var/cache/apt-cacher/packages/gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg file size mismatch (found 0, expected 189). Renaming to /var/cache/apt-cacher/packages/gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg.corrupted.

$ ls -lstr /var/cache/apt-cacher/packages/gb*Release.gpg*
4 -rw-r--r-- 1 www-data www-data 189 2010-04-08 00:07 /var/cache/apt-cacher/packages/gb.archive.ubuntu.com_ubuntu_dists_lucid-updates_Release.gpg
4 -rw-r--r-- 1 www-data www-data 189 2010-04-10 06:00 /var/cache/apt-cacher/packages/gb.archive.ubuntu.com_ubuntu_dists_lucid-proposed_Release.gpg
4 -rw-r--r-- 1 www-data www-data 189 2010-04-12 22:31 /var/cache/apt-cacher/packages/gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg.corrupted

In /var/log/apt-cache/access.log I see:

$ grep 'gb\.archive.*Release\.gpg' /var/log/apt-cacher/access.log
Thu Apr 8 00:07:31 2010|10457|10.254.251.51|MISS|189|gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg
Thu Apr 8 00:07:37 2010|10457|10.254.251.51|MISS|189|gb.archive.ubuntu.com_ubuntu_dists_lucid-updates_Release.gpg
Thu Apr 8 01:23:55 2010|10573|10.254.251.74|EXPIRED|189|gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg
Thu Apr 8 07:57:57 2010|11032|10.254.251.51|EXPIRED|189|gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg
Thu Apr 8 20:26:28 2010|11328|10.254.251.74|EXPIRED|189|gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg
Fri Apr 9 07:45:59 2010|11866|10.254.251.51|EXPIRED|189|gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg
Fri Apr 9 21:10:46 2010|12182|10.254.251.51|EXPIRED|189|gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg
Sat Apr 10 06:00:43 2010|12815|10.254.251.95|EXPIRED|189|gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg
Sat Apr 10 06:00:49 2010|12815|10.254.251.95|MISS|189|gb.archive.ubuntu.com_ubuntu_dists_lucid-proposed_Release.gpg
Sat Apr 10 06:01:32 2010|12858|10.254.251.74|HIT|189|gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg
Sat Apr 10 06:08:45 2010|12980|10.254.251.51|HIT|189|gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg
Mon Apr 12 15:37:10 2010|15736|10.254.251.51|HIT|189|gb.archi...

Read more...

Changed in apt-cacher (Ubuntu):
status: Fix Released → Confirmed
Revision history for this message
TJ (tj) wrote :

On the second "apt-get update" I see in /var/log/apt-cacher/access.log:

Mon Apr 12 23:25:37 2010|1291|10.254.251.2|MISS|189|gb.archive.ubuntu.com_ubuntu_dists_lucid_Release.gpg

Revision history for this message
Daniel Richard G. (skunk) wrote :

TJ, do you get this error if apt-get accesses the repository directly, without going through apt-cacher?

Sometimes, you'll get intermittent BADSIG errors as an archive is in the process of updating; they go away after a little while. I'd be surprised if the problem here is due to apt-cacher, after all the work and testing it got leading up to 1.6.8/1.6.9.

Revision history for this message
Bilal Akhtar (bilalakhtar) wrote :

Please check if this bug is reproducible in latest Maverick release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.