[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian packages without md5sums

Florian Kulzer <florian.kulzer+debian@icfo.es> writes:

> On Tue, Oct 02, 2007 at 21:02:41 -0700, Carl Johnson wrote:
> Did you try to remove all the DVD-related lines from your
> /etc/apt/sources.list, run "aptitude update" and then add the DVD(s)
> again using the "apt-cdrom" command? I think that should work but I have
> not tested it.

I hadn't tried that originally, but I have since with no change.

> If apt still complains about missing keys after that then you might have
> to add one or more keys to apt's keyring. Aptitude will show the ID
> of the missing key so you can download it and add it with "apt-key".

I haven't seen any place where aptitude shows any of that
information.  It just shows me a warning such as:

  WARNING: This version of acpid is from an untrusted source!
           Installing this package could allow a malicious
           individual to damage or take control of your system.

I checked apt-key, and 'apt-key list' shows this:
pub   1024D/2D230C5F 2006-01-03 [expired: 2007-02-07]
uid                  Debian Archive Automatic Signing Key (2006) <ftpmaster@debian.org>

pub   1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
uid                  Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>

pub   1024D/ADB11277 2006-09-17
uid                  Etch Stable Release Key <debian-release@lists.debian.org>

> > I also noticed
> > recently that some packages show multiple entries in aptitude, so
> > possibly clearing the entries would clear that.
> Do you mean multiple versions for the same package or the same package
> name as two separate entries? (The former would be OK, the latter would
> be cause for concern, I think.) Can you give an example with more
> details?

I should have been more clear about that.  I don't have different
versions since I just have packages from the Etch DVDs.  It isn't in
the actual aptitude list, but instead in the individual package
entries.  The list of packages that depend on the package sometimes
shows duplicate entries for packages that I already have.  This may
just be an artifact of the way that aptitude tracks reverse
dependencies.  An example is under apt, the list of 'packages which
depend on apt' includes:

i     debtags 1.6.6                                                                                           
i     debtags 1.6.6

My /etc/apt/sources.list has only the 3 original Debian 4.0 DVD's, and
all other entries have been commented out throughout this time.

Thanks for taking the time to look at this.  This isn't a problem now,
but I am nervous about adding other packages from the net without some
verification that they are valid.

Carl Johnson		carlj@peak.org

Reply to: