challenge setting up apt secure for local repository
Hello Colin Walters, Isaac Jones, and apt development team,
I write you asking for help out of desparation, as I am stuck trying to get
apt-secure working and I could find no better support forum.
We have been running our own local repository of custom Debian packages for
our radio facility for years (this flexibility is one of the main reasons we
have chosen Debian as our OS of choice). It has worked very well on its own,
but I am stuck trying to add apt-secure support for our Etch packages.
# Etch portion of our repository
http://techweb.rfa.org/debrfa/dists/etch/
# root directory of our repository
http://techweb.rfa.org/debrfa/
# /etc/apt/sources.list entry for repository
deb http://techweb.rfa.org/debrfa etch main
deb-src http://techweb.rfa.org/debrfa etch main
We have a directory structure where deb packages and sources are placed in the
correct sub-directories:
grauf@riffraff:/home/debrfa$ find dists/ -type d
dists/sid
dists/sid/main
dists/sid/main/binary-i386
dists/sid/main/source
dists/etch
dists/etch/main
dists/etch/main/source
dists/etch/main/binary-i386
dists/etch/main/binary-amd64
Then we have a script where the Packages and Sources files are generated using
dpkg-scanpackages and dpkg-scansources:
dpkg-scanpackages dists/etch/main/binary-i386/ file | \
gzip > dists/etch/main/binary-i386/Packages.gz
dpkg-scansources dists/etch/main/source/ | \
gzip > dists/etch/main/source/Sources.gz
In that script the Release file is also generated using "apt-ftparchive". I
believe my problems are with an incorrect Release file, however the
documenation I have found on that file has been minimal (and I am very unsure
of the required configuration options or their meaning):
apt-ftparchive \
-o"APT::FTPArchive::Release::Origin=http://techweb.rfa.org/debrfa/ archive" \
-o"APT::FTPArchive::Release::Label=testlabel" \
-o"APT::FTPArchive::Release::Codename=etch" \
-o"APT::FTPArchive::Release::Suite=stable" \
release dists/etch > dists/etch/Release
As far as the cryptographic portion goes, I believe I have that portion setup
correctly. I have a gpg key:
[grauf@grauf apt_hack]$ gpg --list-keys B5EF9702
pub 1024D/B5EF9702 2006-08-02 [expires: 2007-10-26]
uid Federico Grau (work key, fiscal 2005) <grauf@rfa.org>
sub 4096g/6B5ED0F6 2006-08-02 [expires: 2007-10-26]
Which I have added to "apt-key":
grauf:~# apt-key list
/etc/apt/trusted.gpg
--------------------
pub 1024D/2D230C5F 2006-01-03 [expired: 2007-02-07]
uid Debian Archive Automatic Signing Key (2006)
<ftpmaster@debian.org>
pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
uid Debian Archive Automatic Signing Key (4.0/etch)
<ftpmaster@debian.org>
pub 1024D/ADB11277 2006-09-17
uid Etch Stable Release Key <debian-release@lists.debian.org>
pub 1024D/B5EF9702 2006-08-02 [expires: 2007-10-26]
uid Federico Grau (work key, fiscal 2005) <grauf@rfa.org>
sub 4096g/6B5ED0F6 2006-08-02 [expires: 2007-10-26]
And which I use to sign the Release file:
gpg --sign -ba -o dists/etch/Release.gpg dists/etch/Release
Unfortunately my symptoms are an "aptitude update" (or apt-get update)
fail...
grauf:~# aptitude update
Get:1 http://techweb.rfa.org etch Release.gpg [378B]
Get:2 http://techweb.rfa.org etch Release.gpg [189B]
Hit http://techweb.rfa.org etch Release
Hit http://techweb.rfa.org etch Release
Ign http://techweb.rfa.org etch/main Packages/DiffIndex
Ign http://techweb.rfa.org etch/non-free Packages/DiffIndex
Ign http://techweb.rfa.org etch/contrib Packages/DiffIndex
Ign http://techweb.rfa.org etch/main Sources/DiffIndex
Ign http://techweb.rfa.org etch/non-free Sources/DiffIndex
Ign http://techweb.rfa.org etch/contrib Sources/DiffIndex
Hit http://techweb.rfa.org etch/main Packages
Hit http://techweb.rfa.org etch/non-free Packages
Hit http://techweb.rfa.org etch/contrib Packages
Hit http://techweb.rfa.org etch/main Sources
Hit http://techweb.rfa.org etch/non-free Sources
Hit http://techweb.rfa.org etch/contrib Sources
Get:3 http://security.debian.org etch/updates Release.gpg [189B]
Hit http://security.debian.org etch/updates Release
Ign http://security.debian.org etch/updates/main Packages/DiffIndex
Ign http://security.debian.org etch/updates/contrib Packages/DiffIndex
Ign http://security.debian.org etch/updates/non-free Packages/DiffIndex
Hit http://security.debian.org etch/updates/main Packages
Hit http://security.debian.org etch/updates/contrib Packages
Hit http://security.debian.org etch/updates/non-free Packages
Fetched 3B in 0s (4B/s)
Reading package lists... Done
W: Couldn't stat source package list http://techweb.rfa.org etch/main
Packages
(/var/lib/apt/lists/techweb.rfa.org_debrfa_dists_etch_main_binary-i386_Packages)
- stat (2 No such file or directory)
W: You may want to run apt-get update to correct these problems
grauf:~# apt-get update
Get:1 http://techweb.rfa.org etch Release.gpg [378B]
Get:2 http://techweb.rfa.org etch Release.gpg [189B]
Hit http://techweb.rfa.org etch Release
Hit http://techweb.rfa.org etch Release
Ign http://techweb.rfa.org etch/main Packages/DiffIndex
Ign http://techweb.rfa.org etch/non-free Packages/DiffIndex
Ign http://techweb.rfa.org etch/contrib Packages/DiffIndex
Ign http://techweb.rfa.org etch/main Sources/DiffIndex
Ign http://techweb.rfa.org etch/non-free Sources/DiffIndex
Ign http://techweb.rfa.org etch/contrib Sources/DiffIndex
Hit http://techweb.rfa.org etch/main Packages
Hit http://techweb.rfa.org etch/non-free Packages
Hit http://techweb.rfa.org etch/contrib Packages
Hit http://techweb.rfa.org etch/main Sources
Hit http://techweb.rfa.org etch/non-free Sources
Hit http://techweb.rfa.org etch/contrib Sources
Get:3 http://security.debian.org etch/updates Release.gpg [189B]
Hit http://security.debian.org etch/updates Release
Ign http://security.debian.org etch/updates/main Packages/DiffIndex
Ign http://security.debian.org etch/updates/contrib Packages/DiffIndex
Ign http://security.debian.org etch/updates/non-free Packages/DiffIndex
Hit http://security.debian.org etch/updates/main Packages
Hit http://security.debian.org etch/updates/contrib Packages
Hit http://security.debian.org etch/updates/non-free Packages
Fetched 3B in 0s (4B/s)
Failed to fetch http://techweb.rfa.org/debrfa/dists/etch/Release Unable
to find expected entry main/binary-i386/Packages in Meta-index file
(malformed Release file?)
Reading package lists... Done
W: Couldn't stat source package list http://techweb.rfa.org etch/main
Packages
(/var/lib/apt/lists/techweb.rfa.org_debrfa_dists_etch_main_binary-i386_Packages)
- stat (2 No such file or directory)
W: You may want to run apt-get update to correct these problems
E: Some index files failed to download, they have been ignored, or old
ones used instead.
If I remove the configuration options from "apt-ftparchive", I instead get the
following error when trying aptitude update:
grauf:~# aptitude update
Get:1 http://techweb.rfa.org etch Release.gpg [378B]
Get:2 http://techweb.rfa.org etch Release.gpg [189B]
Hit http://techweb.rfa.org etch Release
Get:3 http://techweb.rfa.org etch Release [1100B]
Ign http://techweb.rfa.org etch/main Packages/DiffIndex
Ign http://techweb.rfa.org etch/non-free Packages/DiffIndex
Ign http://techweb.rfa.org etch/contrib Packages/DiffIndex
Ign http://techweb.rfa.org etch/main Sources/DiffIndex
Ign http://techweb.rfa.org etch/non-free Sources/DiffIndex
Ign http://techweb.rfa.org etch/contrib Sources/DiffIndex
Hit http://techweb.rfa.org etch/main Packages
Hit http://techweb.rfa.org etch/non-free Packages
Hit http://techweb.rfa.org etch/contrib Packages
Hit http://techweb.rfa.org etch/main Sources
Hit http://techweb.rfa.org etch/non-free Sources
Hit http://techweb.rfa.org etch/contrib Sources
Get:4 http://security.debian.org etch/updates Release.gpg [189B]
Hit http://security.debian.org etch/updates Release
Ign http://security.debian.org etch/updates/main Packages/DiffIndex
Ign http://security.debian.org etch/updates/contrib Packages/DiffIndex
Ign http://security.debian.org etch/updates/non-free Packages/DiffIndex
Hit http://security.debian.org etch/updates/main Packages
Hit http://security.debian.org etch/updates/contrib Packages
Hit http://security.debian.org etch/updates/non-free Packages
Fetched 1291B in 0s (1788B/s)
Reading package lists... Done
W: Conflicting distribution: http://techweb.rfa.org etch Release (expected
etch but got )
W: Couldn't stat source package list http://techweb.rfa.org etch/main
Packages
(/var/lib/apt/lists/techweb.rfa.org_debrfa_dists_etch_main_binary-i386_Packages)
- stat (2 No such file or directory)
W: You may want to run apt-get update to correct these problems
grauf:~# apt-get update
Get:1 http://techweb.rfa.org etch Release.gpg [378B]
Get:2 http://techweb.rfa.org etch Release.gpg [189B]
Hit http://techweb.rfa.org etch Release
Hit http://techweb.rfa.org etch Release
Ign http://techweb.rfa.org etch/main Packages/DiffIndex
Ign http://techweb.rfa.org etch/non-free Packages/DiffIndex
Ign http://techweb.rfa.org etch/contrib Packages/DiffIndex
Ign http://techweb.rfa.org etch/main Sources/DiffIndex
Ign http://techweb.rfa.org etch/non-free Sources/DiffIndex
Ign http://techweb.rfa.org etch/contrib Sources/DiffIndex
Hit http://techweb.rfa.org etch/main Packages
Hit http://techweb.rfa.org etch/non-free Packages
Hit http://techweb.rfa.org etch/contrib Packages
Hit http://techweb.rfa.org etch/main Sources
Hit http://techweb.rfa.org etch/non-free Sources
Hit http://techweb.rfa.org etch/contrib Sources
Get:3 http://security.debian.org etch/updates Release.gpg [189B]
Hit http://security.debian.org etch/updates Release
Ign http://security.debian.org etch/updates/main Packages/DiffIndex
Ign http://security.debian.org etch/updates/contrib Packages/DiffIndex
Ign http://security.debian.org etch/updates/non-free Packages/DiffIndex
Hit http://security.debian.org etch/updates/main Packages
Hit http://security.debian.org etch/updates/contrib Packages
Hit http://security.debian.org etch/updates/non-free Packages
Fetched 3B in 0s (4B/s)
Failed to fetch http://techweb.rfa.org/debrfa/dists/etch/Release Unable
to find expected entry main/binary-i386/Packages in Meta-index file
(malformed Release file?)
Reading package lists... Done
W: Conflicting distribution: http://techweb.rfa.org etch Release (expected
etch but got )
W: Couldn't stat source package list http://techweb.rfa.org etch/main
Packages
(/var/lib/apt/lists/techweb.rfa.org_debrfa_dists_etch_main_binary-i386_Packages)
- stat (2 No such file or directory)
W: You may want to run apt-get update to correct these problems
E: Some index files failed to download, they have been ignored, or old
ones used instead.
My question is, "where am I going wrong"? Is there something missing with my
Release file, and if so how can I correct it?
respectfully thanks,
donfede
--
Federico Grau
Free Software Developer and Sysadmin
Radio Free Asia
2025 M Street, NW
Suite 300
Washington, DC 20036
202-587-2046 Telephone
202-721-7468 Facsimile
CONFIDENTIAL COMMUNICATION
This e-mail message is intended only for the use of the addressee and may
contain information that is privileged and confidential. Any unauthorized
dissemination, distribution, or copying is strictly prohibited. If you
receive this transmission in error, please contact network@rfa.org.
Reply to: