Ubuntu
apt-setup package

Bug #1553121
Comment #12

Comment 12 for bug 1553121

Revision history for this message

Lawren Quigley-Jones (lquigley) wrote on 2016-08-11:

#12

The SHA1 vs SHA256 is an issue but I don't believe it's coming into play with this bug. I did have to change my signing process but now I'm signing my Release.gpg with SHA256 and I'm still unable to add a local repo via `d-i apt-setup/local0/repository`.

I install local packages during installation using `d-i pkgsel/include` so the netboot installation fails with the following error:
WARNING: The following packages cannot be authenticated!

It appears to me that the key import occurs after the verification but I might be missing something:

Aug 10 17:09:36 base-installer: Get:17 http://apt.local.server.com/apt ./ Packages [54.6 kB]
Aug 10 17:09:36 base-installer: Fetched 1494 kB in 2s (500 kB/s)
Aug 10 17:09:36 base-installer: Reading package lists...
Aug 10 17:09:37 base-installer:
Aug 10 17:09:37 base-installer: W
Aug 10 17:09:37 base-installer: :
Aug 10 17:09:37 base-installer: GPG error: http://apt.local.server.com/apt ./ Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1234567890ABCDEFG
Aug 10 17:09:37 base-installer:
Aug 10 17:09:37 base-installer: W
Aug 10 17:09:37 base-installer: :
Aug 10 17:09:37 base-installer: The repository 'http://apt.local.server.com/apt ./ Release' is not signed.
Aug 10 17:09:37 base-installer:
Aug 10 17:09:37 base-installer: W
Aug 10 17:09:37 base-installer: :
Aug 10 17:09:37 base-installer: There is no public key available for the following key IDs:
Aug 10 17:09:37 base-installer: 1234567890ABCDEFG
Aug 10 17:09:37 base-installer:
[...]
Aug 10 17:17:28 main-menu[239]: (process:23053): 2016-08-10 17:17:15 URL:http://apt.local.server.com/server.com.key [1185/1185] -> "/target/tmp/key0.pub" [1]
Aug 10 17:17:28 main-menu[239]: (process:23053): OK

I can install my local packages if I `chroot /target`. All I have to do is edit my /etc/apt/sources.list and comment out my local0 repo and `apt-get update` and then uncomment it and `apt-get update` again.

At this point the md5's have been imported however this gets done and my packages in my local repo install without a hitch. Based on this behavior it seems like the installer is skipping a step when it imports the Release file for local0.

I can verify that I am able to see my key when I `apt-key list` both before and after my `apt-get update`.

I can confirm that setting local0 to xenial main and using local1 for my local repo does bypass this bug. I can also confirm that this all works in trusty.

I hope this is useful.

Thanks

The SHA1 vs SHA256 is an issue but I don't believe it's coming into play with this bug.  I did have to change my signing process but now I'm signing my Release.gpg with SHA256 and I'm still unable to add a local repo via `d-i apt-setup/local0/repository`.

I install local packages during installation using `d-i pkgsel/include` so the netboot installation fails with the following error:
WARNING: The following packages cannot be authenticated!

It appears to me that the key import occurs after the verification but I might be missing something:

Aug 10 17:09:36 base-installer: Get:17 http://apt.local.server.com/apt ./ Packages [54.6 kB]
Aug 10 17:09:36 base-installer: Fetched 1494 kB in 2s (500 kB/s)
Aug 10 17:09:36 base-installer: Reading package lists...
Aug 10 17:09:37 base-installer: 
Aug 10 17:09:37 base-installer: W
Aug 10 17:09:37 base-installer: : 
Aug 10 17:09:37 base-installer: GPG error: http://apt.local.server.com/apt ./ Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1234567890ABCDEFG
Aug 10 17:09:37 base-installer: 
Aug 10 17:09:37 base-installer: W
Aug 10 17:09:37 base-installer: : 
Aug 10 17:09:37 base-installer: The repository 'http://apt.local.server.com/apt ./ Release' is not signed. 
Aug 10 17:09:37 base-installer: 
Aug 10 17:09:37 base-installer: W
Aug 10 17:09:37 base-installer: : 
Aug 10 17:09:37 base-installer: There is no public key available for the following key IDs:
Aug 10 17:09:37 base-installer: 1234567890ABCDEFG  
Aug 10 17:09:37 base-installer: 
[...]
Aug 10 17:17:28 main-menu[239]: (process:23053): 2016-08-10 17:17:15 URL:http://apt.local.server.com/server.com.key [1185/1185] -> "/target/tmp/key0.pub" [1]
Aug 10 17:17:28 main-menu[239]: (process:23053): OK

I can install my local packages if I `chroot /target`.  All I have to do is edit my /etc/apt/sources.list and comment out my local0 repo and `apt-get update` and then uncomment it and `apt-get update` again.

At this point the md5's have been imported however this gets done and my packages in my local repo install without a hitch.  Based on this behavior it seems like the installer is skipping a step when it imports the Release file for local0.

I can verify that I am able to see my key when I `apt-key list` both before and after my `apt-get update`.

I can confirm that setting local0 to xenial main and using local1 for my local repo does bypass this bug.  I can also confirm that this all works in trusty.

I hope this is useful.

Thanks

Ubuntuapt-setup package

Comment 12 for bug 1553121

Ubuntu
apt-setup package