Python-apt shows empty origins object

I can reproduce this and will take a closer look at it soon

That's a bug in APT.

How did you tested that? Is there a test case i can use to debug apt to see where is the problem?

Ok, seem to get the problem:

nxvl [~]
Sylvester$ apt-get -o Dir=/tmp/apt-test/ update
[...]
W: GPG error: http://archive.canonical.com maverick Release: No keyring installed in /tmp/apt-test/etc/apt/trusted.gpg.d/.
W: GPG error: http://security.ubuntu.com maverick-security Release: No keyring installed in /tmp/apt-test/etc/apt/trusted.gpg.d/.
W: GPG error: http://extras.ubuntu.com maverick Release: No keyring installed in /tmp/apt-test/etc/apt/trusted.gpg.d/.
W: GPG error: http://archive.ubuntu.com maverick Release: No keyring installed in /tmp/apt-test/etc/apt/trusted.gpg.d/.
W: GPG error: http://archive.ubuntu.com maverick-updates Release: No keyring installed in /tmp/apt-test/etc/apt/trusted.gpg.d/.
W: GPG error: http://archive.ubuntu.com maverick-backports Release: No keyring installed in /tmp/apt-test/etc/apt/trusted.gpg.d/.
W: GPG error: http://archive.ubuntu.com maverick-proposed Release: No keyring installed in /tmp/apt-test/etc/apt/trusted.gpg.d/.

Shouldn't apt try to use the system keyring here? Or at least create "/tmp/apt-test/etc/apt/trusted.gpg.d/."?

Issue is not present in Lucid

So, we basically fetch the Release files, but as verification fails, we never move them out of partial/. Fixing this involves changing the acquire system to always move release files. This gets difficult though, because inRelease files are always trusted and thus cannot be just moved.

A patch. I'm not sure whether this is the right way to go, though.

This bug has been fixed in revision 2105 of the debian-sid branch, the
fix can be found at:
  http://bzr.debian.org/scm/loggerhead/apt/apt/debian-sid/revision/2105

------------------------------------------------------------
revno: 2105
fixes bug(s): https://launchpad.net/bugs/704595
committer: Julian Andres Klode <email address hidden>
branch nick: debian-sid
timestamp: Fri 2011-04-08 13:57:04 +0200
message:
  * apt-pkg/acquire-item.cc:
    - Use Release files even if they cannot be verified (LP: #704595)

Fixed typo in title:
s/emply/empty

This bug was fixed in the package apt - 0.8.14.1ubuntu1

---------------
apt (0.8.14.1ubuntu1) oneiric; urgency=low

  [ Michael Vogt ]
  * merged from the debian-sid bzr branch

  [ Julian Andres Klode ]
  * apt-pkg/depcache.cc:
    - Really release action groups only once (Closes: #622744)
    - Make purge work again for config-files (LP: #244598) (Closes: #150831)
  * debian/apt.cron.daily:
    - Check power after wait, patch by manuel-soto (LP: #705269)
  * debian/control:
    - Move ${shlibs:Depends} to Pre-Depends, as we do not want APT
      unpacked if a library is too old and thus break upgrades
  * doc/apt-key.8.xml:
    - Document apt-key net-update (LP: #192810)

apt (0.8.14.1) unstable; urgency=low

  * apt-pkg/acquire-item.cc:
    - Only try to rename existing Release files (Closes: #622912)

apt (0.8.14) unstable; urgency=low

  [ Julian Andres Klode ]
  * apt-pkg/indexcopy.cc:
    - Use RealFileExists() instead of FileExists(), allows amongst other
      things a directory named Sources to exist on a CD-ROM (LP: #750694).
  * apt-pkg/acquire-item.cc:
    - Use Release files even if they cannot be verified (LP: #704595)
  * cmdline/apt-get.cc:
    - Do not install recommends for build-dep (Closes: #454479) (LP: #245273)
  * apt-pkg/deb/deblistparser.cc:
    - Handle no space before "[" in build-dependencies (LP: #72344)
  * apt-pkg/policy.cc:
    - Allow pinning by glob() expressions, and regular expressions
      surrounded by slashes (the "/" character) (LP: #399474)
      (Closes: #121132)
  * debian/control:
    - Set Standards-Version to 3.9.2

  [ Michael Vogt ]
  * mirror method:
    - do not crash if the mirror file fails to download
  * apt-pkg/aptconfiguration.cc:
    - fix comparing for a empty string
  * debian/apt.cron.daily:
    - run unattended-upgrades even if there was a error during
      the apt-get update (LP: #676295)

  [ David Kalnischkies ]
  * apt-pkg/pkgcache.cc:
    - use the native Architecture stored in the cache header instead of
      loading it from configuration as suggested by Julian Andres Klode
 -- Michael Vogt <email address hidden> Fri, 29 Apr 2011 17:55:20 +0200