Bug#360853: spurious signature failure errors on update
Package: apt
Version: 0.6.43.3
Severity: minor
When I run apt-get update, and some sources have been updated since the
last time I apt-get updated, a signature error often occurs. For
example:
$ sudo apt-get update
Password:
Get:1 http://gnu.buildtolearn.net ./ Release.gpg [189B]
Get:2 http://gnu.buildtolearn.net ./ Release [712B]
Ign http://www.kiberpipa.org ./ Release.gpg
Ign http://gnu.buildtolearn.net ./ Packages
Get:3 http://mirrors.kernel.org experimental Release.gpg [189B]
Ign http://gnu.buildtolearn.net ./ Sources
Ign http://www.kiberpipa.org ./ Release
Get:4 http://mirrors.kernel.org unstable Release.gpg [189B]
Hit http://gnu.buildtolearn.net ./ Packages
Get:5 http://mirrors.kernel.org etch Release.gpg [189B]
Ign http://www.kiberpipa.org ./ Packages
Hit http://gnu.buildtolearn.net ./ Sources
Hit http://www.kiberpipa.org ./ Packages
Get:6 http://mirrors.kernel.org experimental Release [26.7kB]
Ign http://mirrors.kernel.org experimental Release
Get:7 http://mirrors.kernel.org unstable Release [38.3kB]
Ign http://mirrors.kernel.org unstable Release
Get:8 http://mirrors.kernel.org etch Release [35.4kB]
Ign http://mirrors.kernel.org etch Release
Ign http://mirrors.kernel.org experimental/main Packages
Ign http://mirrors.kernel.org experimental/main Sources
Get:9 http://mirrors.kernel.org unstable/main Packages [3077kB]
Ign http://twinsen.warpedgames.com ./ Release.gpg
Get:10 http://secure-testing.debian.net etch/security-updates Release.gpg [189B]
Ign http://twinsen.warpedgames.com ./ Release
Get:11 http://secure-testing.debian.net etch/security-updates Release [26.8kB]
Ign http://twinsen.warpedgames.com ./ Packages
Ign http://secure-testing.debian.net etch/security-updates Release
Hit http://twinsen.warpedgames.com ./ Packages
Hit http://secure-testing.debian.net etch/security-updates/main Packages
Hit http://secure-testing.debian.net etch/security-updates/contrib Packages
Hit http://secure-testing.debian.net etch/security-updates/non-free Packages
Hit http://secure-testing.debian.net etch/security-updates/main Sources
Hit http://secure-testing.debian.net etch/security-updates/contrib Sources
Hit http://secure-testing.debian.net etch/security-updates/non-free Sources
Get:12 ftp://ftp.nerim.net sid Release.gpg [191B]
Get:13 ftp://ftp.nerim.net sid Release [2864B]
Get:14 ftp://ftp.nerim.net sid/main Packages [27.2kB]
Get:15 http://mirrors.kernel.org unstable/contrib Packages [47.5kB]
Get:16 http://mirrors.kernel.org unstable/non-free Packages [62.8kB]
Get:17 ftp://ftp.nerim.net sid/main Sources [10.6kB]
Get:18 http://mirrors.kernel.org unstable/main Sources [1152kB]
Ign http://mentors.debian.net unstable Release.gpg
Ign http://mentors.debian.net unstable Release
Get:19 http://mentors.debian.net unstable/main Sources [209kB]
Get:20 http://mentors.debian.net unstable/contrib Sources [209kB]
Hit http://mirrors.kernel.org unstable/contrib Sources
Get:21 http://mirrors.kernel.org unstable/non-free Sources [25.9kB]
Get:22 http://mirrors.kernel.org etch/main Packages [2897kB]
Get:23 http://mentors.debian.net unstable/non-free Sources [209kB]
Get:24 http://mirrors.kernel.org etch/contrib Packages [40.1kB]
Get:25 http://mirrors.kernel.org etch/non-free Packages [55.5kB]
Get:26 http://mirrors.kernel.org experimental/main Packages [154kB]
Get:27 http://mirrors.kernel.org experimental/main Sources [47.1kB]
Fetched 8354kB in 59s (140kB/s)
Reading package lists... Done
W: GPG error: http://mirrors.kernel.org experimental Release: The following signatures were invalid: BADSIG 010908312D230C5F Debian Archive Automatic Signing Key (2006) <ftpmaster@debian.org>
W: GPG error: http://mirrors.kernel.org unstable Release: The following signatures were invalid: BADSIG 010908312D230C5F Debian Archive Automatic Signing Key (2006) <ftpmaster@debian.org>
W: GPG error: http://mirrors.kernel.org etch Release: The following signatures were invalid: BADSIG 010908312D230C5F Debian Archive Automatic Signing Key (2006) <ftpmaster@debian.org>
W: GPG error: http://secure-testing.debian.net etch/security-updates Release: The following signatures were invalid: BADSIG 946AA6E18722E71E secure-testing Archive Key 2005-7 <katie@secure-testing.debian.net>
W: You may want to run apt-get update to correct these problems
Re-running apt-get update, however, corrects this:
$ sudo apt-get update
Get:1 http://gnu.buildtolearn.net ./ Release.gpg [189B]
Get:2 http://mirrors.kernel.org experimental Release.gpg [189B]
Get:3 http://secure-testing.debian.net etch/security-updates Release.gpg [189B]
Get:4 http://mirrors.kernel.org unstable Release.gpg [189B]
Get:5 http://mirrors.kernel.org etch Release.gpg [189B]
Ign http://mentors.debian.net unstable Release.gpg
Ign http://twinsen.warpedgames.com ./ Release.gpg
Get:6 http://gnu.buildtolearn.net ./ Release [712B]
Ign http://www.kiberpipa.org ./ Release.gpg
Hit http://mirrors.kernel.org experimental Release
Hit http://secure-testing.debian.net etch/security-updates Release
Hit http://mirrors.kernel.org unstable Release
Ign http://twinsen.warpedgames.com ./ Release
Ign http://mentors.debian.net unstable Release
Hit http://secure-testing.debian.net etch/security-updates/main Packages
Hit http://mirrors.kernel.org etch Release
Hit http://secure-testing.debian.net etch/security-updates/contrib Packages
Ign http://gnu.buildtolearn.net ./ Packages
Hit http://mentors.debian.net unstable/main Sources
Ign http://twinsen.warpedgames.com ./ Packages
Hit http://secure-testing.debian.net etch/security-updates/non-free Packages
Hit http://secure-testing.debian.net etch/security-updates/main Sources
Hit http://secure-testing.debian.net etch/security-updates/contrib Sources
Hit http://mentors.debian.net unstable/contrib Sources
Ign http://www.kiberpipa.org ./ Release
Ign http://gnu.buildtolearn.net ./ Sources
Ign http://mirrors.kernel.org experimental/main Packages
Hit http://secure-testing.debian.net etch/security-updates/non-free Sources
Hit http://mentors.debian.net unstable/non-free Sources
Hit http://gnu.buildtolearn.net ./ Packages
Ign http://mirrors.kernel.org experimental/main Sources
Hit http://gnu.buildtolearn.net ./ Sources
Ign http://www.kiberpipa.org ./ Packages
Hit http://mirrors.kernel.org unstable/main Packages
Hit http://mirrors.kernel.org unstable/contrib Packages
Hit http://mirrors.kernel.org unstable/non-free Packages
Hit http://mirrors.kernel.org unstable/main Sources
Hit http://mirrors.kernel.org unstable/contrib Sources
Hit http://mirrors.kernel.org unstable/non-free Sources
Hit http://www.kiberpipa.org ./ Packages
Hit http://mirrors.kernel.org etch/main Packages
Hit http://mirrors.kernel.org etch/contrib Packages
Hit http://mirrors.kernel.org etch/non-free Packages
Hit http://mirrors.kernel.org experimental/main Packages
Hit http://twinsen.warpedgames.com ./ Packages
Hit http://mirrors.kernel.org experimental/main Sources
Hit ftp://ftp.nerim.net sid Release.gpg
Get:7 ftp://ftp.nerim.net sid Release [2864B]
Hit ftp://ftp.nerim.net sid/main Packages
Hit ftp://ftp.nerim.net sid/main Sources
Fetched 4333B in 5s (838B/s)
Reading package lists... Done
I suspect this may be because APT fetches the signature and release file
before the package lists; if it checks the signature at that point it would
find a spurious signature failure.
-- Package-specific info:
-- apt-config dump --
APT "";
APT::Architecture "i386";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::userstatus "status.user";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::dpkg "/usr/bin/dpkg";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Post-Invoke "";
DPkg::Post-Invoke:: "if [ -x /usr/bin/debsums ]; then /usr/bin/debsums --generate=nocheck -sp /var/cache/apt/archives; fi";
-- (no /etc/apt/preferences present) --
-- /etc/apt/sources.list --
deb ftp://ftp.nerim.net/debian-marillat/ sid main
deb http://mirrors.kernel.org/debian experimental main
deb http://mirrors.kernel.org/debian unstable main contrib non-free
deb http://mirrors.kernel.org/debian etch main contrib non-free
deb-src ftp://ftp.nerim.net/debian-marillat/ sid main
deb-src http://mirrors.kernel.org/debian experimental main
deb-src http://mirrors.kernel.org/debian unstable main contrib non-free
deb http://twinsen.warpedgames.com/~bdonlan/apt ./
deb-src http://mentors.debian.net/debian unstable main contrib non-free
deb http://www.kiberpipa.org/~minmax/cinelerra/builds/athlonxp/ ./
deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free
deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free
deb http://gnu.buildtolearn.net/linux/packages/psi-jingle/unstable ./
deb-src http://gnu.buildtolearn.net/linux/packages/psi-jingle/unstable ./
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-1-k7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages apt depends on:
ii libc6 2.3.6-4 GNU C Library: Shared libraries an
ii libgcc1 1:4.1.0-1 GCC support library
ii libstdc++6 4.1.0-1 The GNU Standard C++ Library v3
Versions of packages apt recommends:
ii debian-archive-keyring 2006.01.18 GnuPG archive keys of the Debian a
-- no debconf information
Reply to: