"Failed Upgrade tool signature" when using do-release-upgrade

try this, first: http://ubuntuforums.org/showthread.php?t=584425
If it doesn't work, here's what I did:

downloaded gutsy.tar.gz.gpg, copied it to tmp, run do-release-upgrade (from a different terminal), copied gutsy.tar.gz.gpg to the tmp directory that update-manager created, commands are:

sudo bash
cd /tmp
wget http://archive.ubuntu.com/ubuntu/dists/gutsy/main/dist-upgrader-all/current/gutsy.tar.gz.gpg
while ! ls | egrep "tmp[^.]" >/dev/null; do echo "waiting..."; done; cp -v gutsy.tar.gz.gpg `ls | egrep "tmp[^.]"`

run do-release-upgrade (from a different terminal)

I think this bug appears because the gutsy.tar.gz.gpg is not copied to tmp directory used by update-manager. I'm not sure why that doesn't happen though.

So is this a 3+ month old server misconfiguration that's preventing anyone from upgrading from feisty? What's going on???

Ok, it was a while ago, but I think the reason I was getting this error is because I had accidentally truncated my meta-release file, which I had to create manually because it wasn't included in any package at the time. I think it is included in newer releases.

I'm using apt-cacher to save bandwidth , and have same problem. when i configure apt to get files directly from internet(not through apt-cacher) it works fine.I'm trying to upgrade gutsy to hardy.

Still an issue - going Feisty > Gutsy (I guess, unless it skips stright to Hardy)

Behind a Bluecoat proxy, get the original error:

extracting '/tmp/tmpA-amtI/gutsy.tar.gz'
authenticate '/tmp/tmpA-amtI/gutsy.tar.gz' against '/tmp/tmpA-amtI/'
exception from gpg: GnuPG exited non-zero, with code 131072
Debug information:

etcetc

Using shemgp's method (cheers btw, nice piece of work that) I get further, but I had to wget via ftp - http gave a 502 - Unknown gateway error (no idea...)

Currently hacking around the Python as it didn't like me changing the meta files http to ftp -worth a try I thought.

I think the reason is that apt-cacher blocks {ubuntuname}.tar.gz.gpg files.

Hi,

Here is your patch turned in to a debdiff, it looks sensible to me. Have
you tested that it fixes the problem?

Thanks,

James

Yes, I've tested that it works. Here's a transcript (I changed some of
the names though)..

myusername@myserver:~$ cat /usr/share/apt-cacher/apt-cacher | grep "gpg"
     'Release.gpg',
     '[:alpha:]*\.tar\.gz\.gpg$'
myusername@myserver:~$ export http_proxy=http://localhost:3142/
myusername@myserver:~$ wget -c
http://ftp.kaist.ac.kr/ubuntu/dists/intrepid/main/dist-upgrader-all/current/intrepid.tar.gz.gpg
--10:32:50-- http://ftp.kaist.ac.kr/ubuntu/dists/intrepid/main/dist-upgrader-all/current/intrepid.tar.gz.gpg
           => `intrepid.tar.gz.gpg'
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:3142... connected.
Proxy request sent, awaiting response... 200 OK
Length: 189 [text/plain]

100%[====================================>] 189 --.--K/s

10:32:50 (12.92 MB/s) - `intrepid.tar.gz.gpg' saved [189/189]

Hope this helps.

Uploaded, thanks for your contribution to Ubuntu.

James

This bug was fixed in the package apt-cacher - 1.6.4ubuntu1

---------------
apt-cacher (1.6.4ubuntu1) intrepid; urgency=low

  * Allow e.g. intrepid.tar.gz.gpg files to be cached, as they are used by
    do-release-upgrade. Thanks to "shemgp" for the fix. (LP: #156070)

 -- James Westby <email address hidden> Fri, 26 Sep 2008 20:30:58 +0100

same issue with apt-cacher-ng-0.1.9

the following patch on source/acfg.cc worked for me:

< string pfilepat(".*(\\.deb|\\.rpm|\\.dsc|\\.tar\\.gz|\\.diff\\.gz|\\.diff\\.bz2|"
---
> string pfilepat(".*(\\.deb|\\.rpm|\\.dsc|\\.tar\\.gz|\\.tar\\.gz\\.gpg|\\.diff\\.gz|\\.diff\\.bz2|"

This is fixed in apt-cacher-ng 0.2.1-1 in Intrepid, although I confirm that it's broken in Hardy and it might be worth fixing this there.

I have reported shemgp's fix upstream:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502985

I tried to update 8.04 to 8.10 . I dont have apt-cacher installed but am behind a proxy. I get the same error

Running up to date feisty on a server w/o X, trying to update to gutsy via the do-release-upgrade command. Seems like this command never works right..........

root@Bunter:/# do-release-upgrade
Checking for a new ubuntu release
Failed Upgrade tool signature
Done Upgrade tool
Done downloading
extracting '/tmp/tmpA-amtI/gutsy.tar.gz'
authenticate '/tmp/tmpA-amtI/gutsy.tar.gz' against '/tmp/tmpA-amtI/'
exception from gpg: GnuPG exited non-zero, with code 131072
Debug information:

gpg: WARNING: unsafe permissions on homedir `/tmp/tmpA-amtI'

gpg: /tmp/tmpA-amtI/: read error: Is a directory
gpg: verify signatures failed: eof

Authentication failed
Authenticating the upgrade failed. There may be a problem with the network or with the server.

Avinash - since you are not using apt-cacher this is not the bug that you are experiencing. However, it is likely that the bug that you are experiencing is bug 215694. Please comment on that bug report or open a new bug. Thanks in advance.

I am having this issue when using apt-cacher-ng and trying to do-release upgrade from Hardy 8.04.2 to Intrepid. This is the relevant output:

magicfab@andrea:~$ sudo do-release-upgrade
Checking for a new ubuntu release
Failed Upgrade tool signature
Done Upgrade tool
Done downloading
extracting 'intrepid.tar.gz'
authenticate 'intrepid.tar.gz' against 'intrepid.tar.gz.gpg'
exception from gpg: GnuPG exited non-zero, with code 131072
Debug information:

gpg: WARNING: unsafe permissions on homedir `/tmp/tmp-AFwaU'

gpg: can't open `/tmp/tmp-AFwaU/intrepid.tar.gz.gpg'
gpg: verify signatures failed: file open error

Authentication failed
Authenticating the upgrade failed. There may be a problem with the network or with the server.
magicfab@andrea:~$

I can do the upgrade by disabling the cacher, but that defeats the cacher purpose!

The fix for this should be backported.

I use apt-cacher(1.6.4ubuntu1) on intrepid but I still experience the problem. Boxes that pull packages through apt-cacher cannot "find" new releases using do-release-upgrade -d, unless the Acquire::http::Proxy line is commented out in apt.conf

There is an updated version of apt-cache in Intrepid proposed that should allow distribution upgrades. Please test it and comment in bug 291606.

Thanks Brian, I upgraded apt-cacher to 1.6.4ubuntu2 from intreprid-proposed, which solved the problem.

I was confused by the launchpad janitor comment above: "This bug was fixed in the package apt-cacher - 1.6.4ubuntu1"

I have also commented on #291606

I have a bit of an issue with this. Can someone please give me some guidance. Thanks in advance.

Trying to upgrade from Feisty to Gutsy

sudo do-release-upgradeChecking for a new ubuntu releaseFailed Upgrade tool signatureFailed Upgrade tool
Done downloading
extracting '/tmp/tmp70Ob6B/gutsy.tar.gz'
Traceback (most recent call last):
  File "/usr/bin/do-release-upgrade", line 45, in <module>
    fetcher.run()
  File "/usr/lib/python2.5/site-packages/UpdateManager/Core/DistUpgradeFetcherCore.py", line 160, in run
    if not self.extractDistUpgrader():
  File "/usr/lib/python2.5/site-packages/UpdateManager/Core/DistUpgradeFetcherCore.py", line 98, in extractDistUpgrader
    tar = tarfile.open(self.tmpdir+"/"+os.path.basename(self.uri),"r")
  File "/usr/lib/python2.5/tarfile.py", line 1139, in open
    return func(name, "r", fileobj)
  File "/usr/lib/python2.5/tarfile.py", line 1200, in gzopen
    fileobj = file(name, mode + "b")
IOError: [Errno 2] No such file or directory: '/tmp/tmp70Ob6B/gutsy.tar.gz'

Any clues why

I fixed this in Hardy by changing line 605 in the file '/usr/shared/apt-cacher/apt-cacher' to

 if ($filename =~ /(\.gpg|\.deb|\.rpm|\.dsc|\.tar\.gz|\.diff\.gz|\.udeb|index\.db-.+\.gz)$/) {

I also changed line 12 in apt-cacher-format-transition.pl to

       for $fname (<*gpg>,<*.deb>, <*pgp>, <*gz>, <*bz2>, <*Release>) {

But i am not sure if that is wise or necessary.

I think releasing this patch is very usefull, after all, Hardy is quite likely to run on a lot of servers, until the next LTS release.

Hardy has seen the end of its life and is no longer receiving any updates. Marking the Hardy task for this ticket as "Won't Fix".