python-apt.update() no longer trusts cdrom: with Stretch - "apt" differs from "apt-get"

To: APT Development Team <deity@lists.debian.org>
Cc: Debian CD Group <debian-cd@lists.debian.org>
Subject: python-apt.update() no longer trusts cdrom: with Stretch - "apt" differs from "apt-get"
From: Philipp Hahn <hahn@univention.de>
Date: Thu, 4 Jan 2018 10:33:28 +0100
Message-id: <[🔎] d73b5b2e-797c-a3d5-daa0-cbfee879838c@univention.de>

Hello fellow DDs,

tl;dr: How can I get APT(-get) to trust CDROM: again?


I have a very simple Python script:
> #!/usr/bin/python
> from apt import Cache, apt_pkg
> print apt_pkg.config.get('APT::Authentication::TrustCDROM')
> c = Cache()
> c.update()

I have told APT to trust the CDROM:
> echo 'APT::Authentication::TrustCDROM "true";' >/etc/apt/apt.conf.d/00trustcdrom

(This is what the Debian-Installer does)

Running it aborts with a fatal traceback, as it treats the missing
Release file as fatal:

> # python -c 'from apt import Cache;c=Cache();c.update()'
> Traceback (most recent call last):
>   File "<string>", line 1, in <module>
>   File "/usr/lib/python2.7/dist-packages/apt/cache.py", line 464, in update
>     raise FetchFailedException(e)
> apt.cache.FetchFailedException: E:The repository 'cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch Release' does not have a Release file.

This was working with Jessie.

If I use "apt", I get that error as well:

> # apt update
> Ign:1 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch InRelease
> Fehl:2 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch Release
>   Bitte verwenden Sie apt-cdrom, um APT diese CD-ROM bekannt zu machen. apt-get update kann nicht dazu verwendet werden, neue CD-ROMs hinzuzufügen.
> Paketlisten werden gelesen... Fertig
> E: The repository 'cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch Release' does not have a Release file.
> N: Updating from such a repository can't be done securely, and is therefore disabled by default.
> N: See apt-secure(8) manpage for repository creation and user configuration details.


With "apt-get" it's only a warning:

> # apt-get update
> Ign:1 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch InRelease
> Ign:2 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch Release
> OK:3 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main amd64 Packages
> Ign:4 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main all Packages
> Ign:4 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main all Packages
> Ign:4 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main all Packages
> Ign:4 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main all Packages
> Ign:4 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main all Packages
> Ign:4 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main all Packages
> Ign:3 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main amd64 Packages
> OK:3 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main amd64 Packages
> Ign:3 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main amd64 Packages
> OK:3 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main amd64 Packages
> Ign:3 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main amd64 Packages
> OK:3 cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch/main amd64 Packages
> Paketlisten werden gelesen... Fertig
> W: The repository 'cdrom://[Debian GNU/Linux 9.2.1 _Stretch_ - Official amd64 NETINST 20171013-13:07] stretch Release' does not have a Release file.
> N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
> N: See apt-secure(8) manpage for repository creation and user configuration details.

We have worked around that by using "deb [trusted=yes] cdrom:" in
/etc/apt/sources.list.

If "APT::Authentication::TrustCDROM" is no longer honored by the newer
"apt", then "apt-cdrom" should add that "[trusted=yes]" or debian-cd
needs to be updated to include a valid Release file on the CD-ROM.

Or did I miss something?

Thank you for all your excellent work.

Philipp
-- 
Philipp Hahn
Open Source Software Engineer

Univention GmbH
be open.
Mary-Somerville-Str. 1
D-28359 Bremen
Tel.: +49 421 22232-0
Fax : +49 421 22232-99
hahn@univention.de

http://www.univention.de/
Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: 1. Thanks for your work 2. Process improvement verification download CD respectively netinst
Next by Date: Processed: Reopen #767253: Please provide hashes for uncompressed Translation-*
Previous by thread: 1. Thanks for your work 2. Process improvement verification download CD respectively netinst
Next by thread: Processed: Reopen #767253: Please provide hashes for uncompressed Translation-*
Index(es):
- Date
- Thread