Ubuntu
apt package

Bug #1750625
Comment #9

Comment 9 for bug 1750625

Revision history for this message

Hontvári József Levente (hontvari) wrote on 2020-04-20:

I actually tried to add a Release file without signing it, because it would be simple, only a single command:

apt-ftparchive release . > Release

But that did not work either. The apt update command exits with error:

root@pipa11:~# apt update
Hit:1 http://mirror.hk.leaseweb.net/ubuntu bionic InRelease
Hit:2 http://mirror.hk.leaseweb.net/ubuntu bionic-updates InRelease
Hit:3 http://mirror.hk.leaseweb.net/ubuntu bionic-backports InRelease
Ign:4 http://XXX/deb InRelease
Hit:5 http://security.ubuntu.com/ubuntu bionic-security InRelease
Hit:6 http://XXX/deb Release
Ign:7 http://XXX/deb Release.gpg
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: Skipping acquire of configured file 'Packages' as repository 'http://XXX/deb InRelease' does not seem to provide it (sources.list entry misspelt?)

This is only a warning, the exit code is 0, but 'apt install' does not find any packages in the private repo.

The setup seems to be valid, here is the HTTP log:

[20/Apr/2020:09:43:32 +0200] "GET /deb/InRelease HTTP/1.1" 404 442 "-" "Debian APT-HTTP/1.3 (1.6.12)"
[20/Apr/2020:09:43:32 +0200] "GET /deb/Release HTTP/1.1" 200 1111 "-" "Debian APT-HTTP/1.3 (1.6.12)"
[20/Apr/2020:09:43:32 +0200] "GET /deb/Release.gpg HTTP/1.1" 404 442 "-" "Debian APT-HTTP/1.3 (1.6.12)"

apt update actually stores the release file, which seems to be valid:

root@pipa11:~# cat /var/lib/apt/lists/fa_deb_Release
Date: Mon, 20 Apr 2020 07:42:24 UTC
MD5Sum:
b531ad26ae3d375d18cb8d8bb2460102 2400 Packages.xz
b317cbfe3c8f98153ff8b531764dab80 36 Release
SHA1:
d45be5187c0ee43bb002cee304428f23b889fcc4 2400 Packages.xz
af287f2a445167dd64b3af88ccfa78f4363dcb29 36 Release
SHA256:
7466d08346b7986267dd39c3e25359402d40693d2b75f9a9ebd797a9f206c6e2 2400 Packages.xz
43a8eb775cee00e6ca2b8ffa58d26e08fff7bd52b560a68e82d4c6765879a8b7 36 Release
SHA512:
0395b40f19e7589682e9d29b5e39b92c3f9a9a88f75770d5ba8417f77b1d4ffb3ff9b9a5a78bd78ecea970e72e19b6744c566fd55fadc11125c547a4a14b5a8a 2400 Packages.xz
1a8a46da3d3d2c3344d87c37acdbd32888b35b4bde58b6f249db57fb5b016a41b821c701a7a748e34511bc098adb66510603578442145cd3d176d60e8732be5f 36 Release

The Packages.xz file is there and valid (apt update reads and uses it, if there is no Release file).

My sources file contains trusted=yes:

deb [trusted=yes lang=none pdiffs=no] http://XXX:/deb/ /

I think it I only guess that it would work if there were a signature file. I think
had problems with it. I do not remember was not sure why Even if my

I actually tried to add a Release file without signing it, because it would be simple, only a single command:

apt-ftparchive release . > Release

But that did not work either. The apt update command exits with error:

root@pipa11:~# apt update
Hit:1 http://mirror.hk.leaseweb.net/ubuntu bionic InRelease
Hit:2 http://mirror.hk.leaseweb.net/ubuntu bionic-updates InRelease                 
Hit:3 http://mirror.hk.leaseweb.net/ubuntu bionic-backports InRelease               
Ign:4 http://XXX/deb  InRelease                                                                                 
Hit:5 http://security.ubuntu.com/ubuntu bionic-security InRelease
Hit:6 http://XXX/deb  Release                       
Ign:7 http://XXX/deb  Release.gpg
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.
W: Skipping acquire of configured file 'Packages' as repository 'http://XXX/deb  InRelease' does not seem to provide it (sources.list entry misspelt?)

This is only a warning, the exit code is 0, but 'apt install' does not find any packages in the private repo.

The setup seems to be valid, here is the HTTP log:

apt update actually stores the release file, which seems to be valid:

root@pipa11:~# cat /var/lib/apt/lists/fa_deb_Release 
Date: Mon, 20 Apr 2020 07:42:24 UTC
MD5Sum:
 b531ad26ae3d375d18cb8d8bb2460102             2400 Packages.xz
 b317cbfe3c8f98153ff8b531764dab80               36 Release
SHA1:
 d45be5187c0ee43bb002cee304428f23b889fcc4             2400 Packages.xz
 af287f2a445167dd64b3af88ccfa78f4363dcb29               36 Release
SHA256:
 7466d08346b7986267dd39c3e25359402d40693d2b75f9a9ebd797a9f206c6e2             2400 Packages.xz
 43a8eb775cee00e6ca2b8ffa58d26e08fff7bd52b560a68e82d4c6765879a8b7               36 Release
SHA512:
 0395b40f19e7589682e9d29b5e39b92c3f9a9a88f75770d5ba8417f77b1d4ffb3ff9b9a5a78bd78ecea970e72e19b6744c566fd55fadc11125c547a4a14b5a8a             2400 Packages.xz
 1a8a46da3d3d2c3344d87c37acdbd32888b35b4bde58b6f249db57fb5b016a41b821c701a7a748e34511bc098adb66510603578442145cd3d176d60e8732be5f               36 Release

The Packages.xz file is there and valid (apt update reads and uses it, if there is no Release file).

My sources file contains trusted=yes:
  
  deb [trusted=yes lang=none pdiffs=no] http://XXX:/deb/ /

I think it I only guess that it would work if there were a signature file. I think
had problems with it. I do not remember was not sure why Even if my

Ubuntuapt package

Comment 9 for bug 1750625

Ubuntu
apt package