[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#456499: marked as done (apt-transport-https: Errors with private repository and GPG keys)

Your message dated Fri, 21 Nov 2008 14:40:50 +0200
with message-id <4926AC52.7010904@gmail.com>
and subject line Re: Bug#456499: state of #456499
has caused the Debian Bug report #456499,
regarding apt-transport-https: Errors with private repository and GPG keys
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
456499: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456499
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apt-transport-https
Version: 0.7.6ubuntu14
Severity: important

I've set up a private apt repository and signed my own packages with my own
key. Furthermore, on the client computers I installed apt-transport-https.
When I 'apt-get update', however, 50% of the time I get the following
warnings:

W: Bizarre Error - File size is not what the server reported 0 728
W: GPG error: https://packages.mydomain.org unstable Release: The following
signatures were invalid: BADSIG 6A3E7382C8A7B074 Peter Clark
<peter@mydomain.org>
W: You may want to run apt-get update to correct these problems

When I run 'apt-get update' again, these problems do disappear...only to
reappear the next time. So the error appears very consistently, 50% of the
time. When I change the relevant line in /etc/apt/sources.list from:

deb https://packages.mydomain.org unstable main

to:

deb http://packages.mydomain.org unstable main

everything works fine; no weird file sizes, no GPG errors. I therefore 
interpret
this to mean that the repository and my GPG key are not the problem, which 
leaves
apt-transport-https as the only remaining possibility.

Additional note: the SSL certificate served by mydomain.org is self-signed; I
don't know if that makes a difference or not.

-- System Information:
Debian Release: lenny/sid
  APT prefers gutsy-updates
  APT policy: (500, 'gutsy-updates'), (500, 'gutsy-security'), (500, 'gutsy')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-14-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt-transport-https depends on:
ii  apt [libapt-pkg-libc6.6 0.7.6ubuntu14    Advanced front-end for dpkg
ii  libc6                   2.6.1-1ubuntu10  GNU C Library: Shared libraries
ii  libcurl3-gnutls         7.16.4-2ubuntu1  Multi-protocol file transfer 
libra
ii  libgcc1                 1:4.2.1-5ubuntu4 GCC support library
ii  libstdc++6              4.2.1-5ubuntu4   The GNU Standard C++ Library v3

apt-transport-https recommends no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
MLA (Peter Clark) wrote:
> On Thursday 13 November 2008 23:25:05 Eugene V. Lyubimkin wrote:
>> Hello Peter!
>>
>> As I know, at least apt >= 0.7.16 always re-downloads gpg file, so it may
>> be a fix to this problem. Please pick up modern apt and test.
> 
> Yes, that fixed it! Thank you for bringing it to my attention. And my thanks 
> to whoever fixed it.
> 	:Peter
> 
Great. Thanks for answer. I am closing this bug thus.

-- 
Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com
Ukrainian C++ Developer, Debian APT contributor

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---
Reply to: