Re: Problem building debian meta-package under Ubuntu-MATE 18.04 LTS

To: debian-blends@lists.debian.org
Cc: debian-blends@lists.debian.org
Subject: Re: Problem building debian meta-package under Ubuntu-MATE 18.04 LTS
From: Ross Gammon <ross_gammon@yahoo.com>
Date: Sun, 10 Mar 2019 12:17:34 +0100
Message-id: <[🔎] 440059ed-ddf0-6ecb-f472-ff328b503e4b@yahoo.com>
In-reply-to: <[🔎] 20190309202820.vj2drexuan64z6mh@an3as.eu>
References: <[🔎] 6bb16aec-bcd0-995b-c462-18b923b9ac62@minke-informatics.co.uk> <[🔎] 20190309124209.kdrk3oewgbpm7ixx@an3as.eu> <[🔎] 9a33ead1-aa61-bd22-230f-191a17e7f09d@yahoo.com> <[🔎] 20190309202820.vj2drexuan64z6mh@an3as.eu>

Hi Andreas,

On 3/9/19 9:28 PM, Andreas Tille wrote:
> Hi Ross
>
> On Sat, Mar 09, 2019 at 04:34:21PM +0100, Ross Gammon wrote:
>>>>> Traceback (most recent call last):
>>>>>   File "/usr/share/blends-dev/blend-gen-control", line 93, in <module>
>>>>>     blend += aptcache(args.release, [args.dir, '/etc/blends'])
>>>>>   File "/usr/lib/python3/dist-packages/blends.py", line 722, in aptcache
>>>>>     cache.update()
>>>>>   File "/usr/lib/python3/dist-packages/apt/cache.py", line 546, in update
>>>>>     raise FetchFailedException(e)
>>>>> apt.cache.FetchFailedException: W:GPG error: http://ftp.debian.org/debian unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC, E:The repository 'http://ftp.debian.org/debian unstable InRelease' is not signed.
>>>>> /usr/share/blends-dev/Makefile:63: recipe for target 'bio-linux-tasks.desc' failed
>>>>> make[2]: *** [bio-linux-tasks.desc] Error 1
>>> In other words:  Tony did
>>>
>>>    gbp clone https://salsa.debian.org/blends-team/bio-linux
>>>    cd bio-linux
>>>    make dist
>>>
>>> but under *Ubuntu* and this machine seems to behave different than a
>>> Debian machine requesting a key to parse the packages file.  I can not
>>> reproduce it under Debian and I'm hoping for some input of people who
>>> know Ubuntu better than me.
>> Hmm. This was working for me only a month or so ago on Ubuntu Bionic. We
>> use one of the Debian Multimedia metapackages in Ubuntu Studio. Every
>> release I normally merge the latest blends package from Debian, and then
>> backport it to my ppa.
>>
>> But I am getting the same error with both your bio-linux and the
>> multimedia blend now.
>>
>> It looks like something might have changed in the Ubuntu apt package?
>> There was an update in the last few days in Ubuntu. But I can't help
>> much further without knowing much about how blends or apt work.
> Thanks for confirming.  Its nice to know that it used to worked but
> stopped working after some change in apt.  My (totally uneducated) guess
> is that apt became more picky about some signatures and we either need
> to find out how to provide these or seek for an option to revert to the
> "classig" behaviour which should be good enough for read only access to
> the packages file.
>
> Does the changelog of your locally installed apt uncover some hint?
> Some change inside the manpage which could provide a clue?
>
> Kind regards
>
>      Andreas.
>
It is a little bit complicated. My apt cache/logs seem to show that I
went from 1.6.1 to 1.6.6ubuntu0.1 to 1.6.8.

Version 1.6.6ubuntu0.1 (dated 18 Jan 2019) seems to be a security update
that includes the same CVE that was merged into 1.6.8, and must also
include all the changes from 1.6.1 up to 1.6.6. It is likely to be
something introduced since 1.6.1, as the last time I know it worked
seems to be December 21st 2018.

Here is the top of the latest changelog (I hope it helps):

Get:1 https://changelogs.ubuntu.com apt 1.6.8 Changelog [447 kB]
apt (1.6.8) bionic; urgency=medium

  * merge security update: content injection in http method (CVE-2019-3462)

 -- Julian Andres Klode <juliank@ubuntu.com>  Fri, 25 Jan 2019 12:51:00
+0100

apt (1.6.7) bionic; urgency=medium

  [ Milo Casagrande ]
  * [l10n] Update Italian translation

  [ Julian Andres Klode ]
  * NeverAutoRemove kernel meta packages (LP: #1787460)
  * Add support for /etc/apt/auth.conf.d/*.conf (netrcparts) (LP: #1811120)
  * Merge translations from 1.8 series

 -- Julian Andres Klode <juliank@ubuntu.com>  Mon, 14 Jan 2019 15:09:47
+0100

apt (1.6.6) bionic; urgency=medium

  * Set DPKG_FRONTEND_LOCKED when running {pre,post}-invoke scripts.
    Some post-invoke scripts install packages, which fails because
    the environment variable is not set. This sets the variable for
    all three kinds of scripts {pre,post-}invoke and pre-install-pkgs,
    but we will only allow post-invoke at a later time.
    (LP: #1796808)

 -- Julian Andres Klode <juliank@ubuntu.com>  Tue, 09 Oct 2018 12:16:51
+0200

apt (1.6.5) bionic; urgency=medium

  [ David Kalnischkies ]
  * Support records larger than 32kb in 'apt show' (Closes: #905527)
    (LP: #1787120)

  [ Julian Andres Klode ]
  * Add support for dpkg frontend lock (Closes: #869546) (LP: #1781169)
  * Set DPKG_FRONTEND_LOCKED as needed when doing selection changes
  * http: Stop pipeline after close only if it was not filled before
    (LP: #1794957)
  * pkgCacheFile: Only unlock in destructor if locked before (LP: #1794053)
  * Update libapt-pkg5.0 symbols for frontend locking

 -- Julian Andres Klode <juliank@ubuntu.com>  Fri, 28 Sep 2018 15:06:34
+0200

apt (1.6.4) unstable; urgency=critical

  [ David Kalnischkies ]
  * SECURITY UPDATE: Fallback in the mirror method allowed a later server to
    supply any InRelease file without it having to be verified. (LP:
#1787752)
    - apt-pkg/acquire-item.cc:: clear alternative URIs for mirror://
between steps
    - CVE-2018-0501
    - https://mirror.fail/

 -- Julian Andres Klode <jak@debian.org>  Mon, 20 Aug 2018 17:38:50 +0200

apt (1.6.3) unstable; urgency=medium

  * Handle JSON hooks that just close the file/exit and fix some other
errors
    (LP: #1776218)

 -- Julian Andres Klode <jak@debian.org>  Mon, 09 Jul 2018 16:41:27 +0200

apt (1.6.2) unstable; urgency=medium

  * Fix build with new gtest (Closes: #897149)
  * Handle a missed case of timed out ip addresses (LP: #1766542)
  * Lower default network timeouts from 120s to 30s
  * apt-key: Pass all instead of gpg-agent to gpgconf --kill (LP: #1773992)
  * Fix lock counting in debSystem (LP: #1778547)
  * CI fixes:
   - tests: Do not expect requested-by if sudo was invoked by root
   - Run tests on GitLab CI
   - CI: Export DEBIAN_FRONTEND=noninteractive in all CI environments

 -- Julian Andres Klode <jak@debian.org>  Mon, 25 Jun 2018 17:15:10 +0200

apt (1.6.1) unstable; urgency=medium

  * CMake: Fix builds without zstd
  * apt.conf.autoremove: Catch some new Ubuntu module packages

 -- Julian Andres Klode <jak@debian.org>  Fri, 20 Apr 2018 12:08:18 +0200

apt (1.6) unstable; urgency=medium

  * Make libzstd optional in CMakeLists.txt, to aid cross-building
  * Point debian-branch to 1.6.y

 -- Julian Andres Klode <jak@debian.org>  Wed, 18 Apr 2018 16:34:33 +0200

Cheers,

Ross

Reply to:

Follow-Ups:
- Re: Problem building debian meta-package under Ubuntu-MATE 18.04 LTS
  - From: Ross Gammon <ross_gammon@yahoo.com>

References:
- Problem building debian meta-package under Ubuntu-MATE 18.04 LTS
  - From: Tony Travis <tony.travis@minke-informatics.co.uk>
- Re: Problem building debian meta-package under Ubuntu-MATE 18.04 LTS
  - From: Andreas Tille <tille@debian.org>
- Re: Problem building debian meta-package under Ubuntu-MATE 18.04 LTS
  - From: Ross Gammon <ross_gammon@yahoo.com>
- Re: Problem building debian meta-package under Ubuntu-MATE 18.04 LTS
  - From: Andreas Tille <tille@debian.org>

Prev by Date: Re: Problem building debian meta-package under Ubuntu-MATE 18.04 LTS
Next by Date: Re: Debian Med Homepage - maybe all blends as "blendname".debian.net ?
Previous by thread: Re: Problem building debian meta-package under Ubuntu-MATE 18.04 LTS
Next by thread: Re: Problem building debian meta-package under Ubuntu-MATE 18.04 LTS
Index(es):
- Date
- Thread