Re: Won't mirror without dists/sarge/main/binary-amd64/Packages.gz signature in Release

To: "A.E.Lawrence" <A.E.Lawrence@lboro.ac.uk>
Cc: debian-amd64@lists.debian.org
Subject: Re: Won't mirror without dists/sarge/main/binary-amd64/Packages.gz signature in Release
From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
Date: Mon, 10 Apr 2006 14:21:18 +0200
Message-id: <[🔎] 87d5fpliyp.fsf@informatik.uni-tuebingen.de>
In-reply-to: <[🔎] 4437F0C5.9010005@lboro.ac.uk> (A. E. Lawrence's message of "Sat, 08 Apr 2006 18:20:05 +0100")
References: <[🔎] 4437F0C5.9010005@lboro.ac.uk>

"A.E.Lawrence" <A.E.Lawrence@lboro.ac.uk> writes:

> For the last two weeks or so, I have trouble in using debmirror on the
> sarge section of the amd.debian.net mirrors. The same thing has happened
> on etch now and again, but that seems just to be a temporary problem of
> mirrors updating. The sarge problem however seems to be ongoing, perhaps
> because it is static. But then I would not expect the signature to have
> changed in that case.
>
> deb mirror complains about a missing signature, despite the use of the
> "--ignore-release-gpg" and the fact that it successfuly handles the etch
>  section.
>
> In passing
> https://alioth.debian.org/docman/view.php/30192/21/debian-amd64-howto.html
> needs updating because it gives instructions to run "apt-key"
>
> "wget http://amd64.debian.net/archive.key
> apt-key add archive.key"
>
> but there is no "apt-key" command as far as I can tell. It does seem to
> be hard to locate the relevant documentation... I am looking through a
> large number of documents just now: I know it is there somewhere. I have
> used it before. But I don't remember where I found it. I do have
> /etc/apt/archive.key, but that is for an i386 archive, [the partial
> mirror is on an i386 box].

Apt-key is to add a key to apt's keyring and must be run as root. That
has nothing to do with debmirror.

> Here is the tail of the debmirror failure message:-
>
> gpg: Signature made Sat Dec 17 10:46:27 2005 GMT using DSA key ID 4F368D5D
> gpg: Can't check signature: public key not found
> Release signature does not verify.

This is just informational since you choosed to ignore errors on the
Release.gpg check.

> Get Packages and Sources files and other miscellany.
> Won't mirror without dists/sarge/main/binary-amd64/Packages.gz signature
> in Release at /usr/bin/debmirror line 1187.

This means the the _Release_ file is missing a md5sum for
main/binary-amd64/Packages.gz. But checking on amd64.debian.net I see:
 3c5d6ce0b3de4a537b1f6d36d87ed49a          3223310 main/binary-amd64/Packages.gz

Check the file on your upstream mirror. Maybe that is out of sync with
amd64.debian.net.

> I think that the first two gpg lines are spurious because
>
> 1) --ignore-release-gpg was used on the debmirror command line;
>
> 2) The same
>     gpg: Signature made Sat Dec 17 10:46:27 2005 GMT using DSA key ID
>   4F368D5D
>     gpg: Can't check signature: public key not found
> messages appear on a successful update of the etch section.
>
> Can someone remind me where to find the documentation on the equivalent
> of apt-key?

man gpg. debmirror uses the users normal keyring.

> Is the problem my end, or is there some inconsistency in the sarge part
> of amd.debian.net archives?

Looks fine on amd64.debian.net itself.

MfG
        Goswin

Reply to:

References:
- Won't mirror without dists/sarge/main/binary-amd64/Packages.gz signature in Release
  - From: "A.E.Lawrence" <A.E.Lawrence@lboro.ac.uk>

Prev by Date: Re: Cross compiling 32 bit
Next by Date: Re: The future of the amd64 port
Previous by thread: Won't mirror without dists/sarge/main/binary-amd64/Packages.gz signature in Release
Next by thread: amd64 CD builds
Index(es):
- Date
- Thread