Bug#428752: Upgrade fails with "apt-key update" in the postinst script

To: submit@bugs.debian.org
Subject: Bug#428752: Upgrade fails with "apt-key update" in the postinst script
From: adrien <adrien@antipoul.fr>
Date: Wed, 13 Jun 2007 23:54:56 +0200
Message-id: <[🔎] 467067B0.70001@antipoul.fr>
Reply-to: adrien <adrien@antipoul.fr>, 428752@bugs.debian.org

Package: apt
Version: 0.7.2
Severity: grave

--- Please enter the report below this line. ---
Hi !
Since two days, the apt postinst script fails with the following output :
Paramétrage de apt (0.7.2) ...

gpg: key 2D230C5F: "Debian Archive Automatic Signing Key (2006)<ftpmaster@debian.org>" not changedgpg: key 6070D3A1: "Debian Archive Automatic Signing Key (4.0/etch)<ftpmaster@debian.org>" not changedgpg: key ADB11277: "Etch Stable Release Key<debian-release@lists.debian.org>" not changed

gpg: Total number processed: 3
gpg:              unchanged: 3
gpg: key "1" not found: eof
gpg: 1: delete key failed: eof
dpkg : erreur de traitement de apt (--configure) :

le sous-processus post-installation script a retourné une erreur desortie d'état 2

Des erreurs ont été rencontrées pendant l'exécution :
apt
E: Sub-process /usr/bin/dpkg returned an error code (1)

(Sorry for French messages, but it's not useful to translate them)

I managed to go deeper in the analysis : it's the "apt-key update" inthe postinst script that generates this error. So I had a look at it,and I found that the "add new keys" section is alright, it fails atremoving no-longer used keys. Here is the bash code :keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys |grep ^pub | cut -d: -f5`

   for key in $keys; do

if $GPG --list-keys --with-colons | grep ^pub | cut -d: -f5 |grep -q $key; then

           $GPG --quiet --batch --delete-key --yes ${key}
       fi
   done

The unused keys are stored in the 'keys' variable. Here is what I have :

root@complexe:/tmp# $GPG_CMD --keyring $REMOVED_KEYS --with-colons--list-keys | grep ^pub | cut -d: -f5

1
17
17

The for loop try to find each key in the existing keyring, but guesswhat ? The key '1' is not in my keyring, so it fails removing it, butthe if condition returns true. Let's have a look at the conditionwithout the final grep :

root@complexe:/tmp# $GPG --list-keys --with-colons | grep ^pub | cut -d: -f5
17
17
17
17

Yes, you finally understand that grep 1 on that list is true... but it'snot what apt-key should be looking for ! So it may be a good idea to usea regexp to match the whole line and not only an expression that couldbe contained in a larger one.

This is a grave severity since I can't do any upgrade on my PC : the aptconfigure script is run before anything else :'(


--- System information. ---
Architecture: i386
Kernel: Linux 2.6.21-1-k7

Debian Release: lenny/sid
500 unstable ftp.fr.debian.org

--- Package information. ---
Depends (Version) | Installed
==============================================-+-====================
libc6 (>= 2.5-5) | 2.5-10
libgcc1 (>= 1:4.2-20070516) | 1:4.2-20070609-1
libstdc++6 (>= 4.2-20070516) | 4.2-20070609-1
debian-archive-keyring | 2007.02.19-0.1

Reply to:

Prev by Date: Terribly slow startup in 0.7.2
Next by Date: Re: Terribly slow startup in 0.7.2
Previous by thread: Re: Terribly slow startup in 0.7.2
Next by thread: Bug#428752: Problem spotted
Index(es):
- Date
- Thread