Bug#381491: marked as done (apt-get doesn't like gpg signatures with proxy)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 06 Dec 2008 19:39:10 +0200
with message-id <493AB8BE.3000609@gmail.com>
and subject line state of #381491
has caused the Debian Bug report #381491,
regarding apt-get doesn't like gpg signatures with proxy
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
381491: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381491
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: apt-get doesn't like gpg signatures with proxy
• From: Charles Samuels <charles@kde.org>
• Date: Fri, 4 Aug 2006 12:32:25 -0700
• Message-id: <200608041232.26130.charles@kde.org>

Package: apt
Version: 0.6.45

When I use a proxy with apt-get, it says this for all packages:

>>>>
WARNING: The following packages cannot be authenticated!
...
Install these packages without verification
<<<<

It doesn't say anything else relevant to GPG (like that the keys didn't match 
or something)

So here's what I did to cause this:

1) Activated my proxy:
Acquire::http::Proxy "http://altair.derkarl.org/";;
(which does caching for me via apache2's proxy and cache modules)

2) apt-get update:
Ign http://linux.csua.berkeley.edu unstable Release.gpg
Ign http://www.debian-multimedia.org sid Release.gpg
Ign http://linux.csua.berkeley.edu unstable Release
Ign http://www.debian-multimedia.org sid Release
Ign http://linux.csua.berkeley.edu unstable/main Packages/DiffIndex
Ign http://linux.csua.berkeley.edu unstable/contrib Packages/DiffIndex
Ign http://linux.csua.berkeley.edu unstable/non-free Packages/DiffIndex
Ign http://www.debian-multimedia.org sid/main Packages/DiffIndex
Hit http://www.debian-multimedia.org sid/main Packages
Hit http://linux.csua.berkeley.edu unstable/main Packages
Hit http://linux.csua.berkeley.edu unstable/contrib Packages
Hit http://linux.csua.berkeley.edu unstable/non-free Packages

(note how it's "Ign"oring the Release.gpg files)

3) do an apt-get upgrade:
Reading package lists... Done
Building dependency tree... Done
The following packages have been kept back:
  cupsys kaddressbook ntp nvidia-glx nvidia-kernel-source twinkle
The following packages will be upgraded:
  ....
110 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
Need to get 114MB of archives.
After unpacking 1453kB disk space will be freed.
Do you want to continue [Y/n]?
WARNING: The following packages cannot be authenticated!
  ....
Install these packages without verification [y/N]?


If I disable the proxy, do an apt-get update,then enable the proxy and do an 
upgrade (without an additional upgrade), then it works just fine.

I can reproduce this on two machines, one being a brand new install.

If I do an strace on apt while upgrading (as it has no other methods of 
diagnosing bugs), it suggests that it cannot open the Release.gpg file 
(Because it's not there, and it isn't)

charles

--- End Message ---

--- Begin Message ---

• To: 381491-done@bugs.debian.org
• Subject: state of #381491
• From: "Eugene V. Lyubimkin" <jackyf.devel@gmail.com>
• Date: Sat, 06 Dec 2008 19:39:10 +0200
• Message-id: <493AB8BE.3000609@gmail.com>

I am closing this bug. Feel free to reopen if you encountered it.

-- 
Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com
Ukrainian C++ developer, Debian APT contributor

Attachment: signature.asc
Description: OpenPGP digital signature

--- End Message ---