apt-key works fine, yet apt fails with "Could not execute 'apt-key'"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Apt can fail to verify a Release file which verifies just fine when calling apt-key directly.
Please advise how i can supply further debug information to help fix the underlying bug.
Expected:
apt-get should only report that a repository is not signed when no such signature was found.
If a signature was in fact successfully acquired but not verified, apt-get should report failure to verify instead.
apt-get should have a meaningful error message when calling apt-key fails.
Bonus:
Calling apt-key should not fail when the same thing works fine on command line.
A reference to "Debug:
Observed:
# uname -a
Linux hostname 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:34:49 UTC 2016 i686 i686 i686 GNU/Linux
# chroot reproducable
$ uname -a
Linux hostname 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:34:49 UTC 2016 armv7l armv7l armv7l GNU/Linux
$ lsb_release -a 2>/dev/null
Distributor ID: Ubuntu
Description: Ubuntu 16.04 LTS
Release: 16.04
Codename: xenial
$ apt-get -o "Debug:
Get:1 http://
0% [1 InRelease gpgv 92.2 kB]igners
Preparing to exec: /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.jYGUCG /tmp/apt.
gpgv exited with status 111
Summary:
Good:
Bad:
Worthless:
SoonWorthless:
NoPubKey:
Ign:1 http://
Fetched 92.2 kB in 1s (79.5 kB/s)
Reading package lists... Done
W: GPG error: http://
W: The repository 'http://
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
$ /usr/bin/apt-key --quiet --readonly verify --status-fd /dev/stderr /tmp/apt.sig.jYGUCG /tmp/apt.
gpgv: Signature made Tue May 3 19:02:17 2016 UTC using DSA key ID 437D05B5
[GNUPG:] SIG_ID e53PXRjA/
[GNUPG:] GOODSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key <email address hidden>"
[GNUPG:] VALIDSIG 630239CC130E1A7
gpgv: Signature made Tue May 3 19:02:17 2016 UTC using RSA key ID C0B21F32
[GNUPG:] SIG_ID kCsrLo9VUm7YcYh
[GNUPG:] GOODSIG 3B4FE6ACC0B21F32 Ubuntu Archive Automatic Signing Key (2012) <email address hidden>
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key (2012) <email address hidden>"
[GNUPG:] VALIDSIG 790BC7277767219
Changed in apt (Ubuntu): | |
status: | Confirmed → Fix Released |
underlying bug was not apt-related, but could be worked around by deleting the _apt user - apt will then do exactly the same thing as I successfully tested on console.
to spare future users some pain in debugging such, I recommend Acquire: :gpgv in apt-key(8) or apt-secure(8)
- adding getpwuid(geteuid()) to the relevant error and debug messages
- referencing the existence of Debug::
sorry, I am not qualified to build these into a proper patch.