Bug#578540: APT::Authentication::TrustCDROM "false"; is not working
Package: apt
Version: 0.7.20.2+lenny1
Severity: normal
Hello,
when I set APT::Authentication::TrustCDROM "false"; I can import the original cdrom with apt-cdrom add.
If I try to import a signed CD-ROM I get the following error:
# apt-cdrom add
Using CD-ROM mount point /cdrom/
Unmounting CD-ROM
Waiting for disc...
Please insert a Disc in the drive and press enter
Mounting CD-ROM...
Identifying.. [2b17ce42747853c1d4d0119cebd5d574-2]
Scanning disc for index files..
Found 1 package indexes, 0 source indexes, 0 translation indexes and 1 signatures
Found label 'Debian GNU/Linux 5.0.4 _Lenny_ - Official i386 CD Binary-1 20100131-18:53'
This disc is called:
'Debian GNU/Linux 5.0.4 _Lenny_ - Official i386 CD Binary-1 20100131-18:53'
Copying package lists...gpgv: Signature made Tue 20 Apr 2010 06:17:29 PM CEST using RSA key ID E0E2DBA4
gpgv: Can't check signature: public key not found
E: Sub-process gpgv returned an error code (2)
W: Signature verification failed for: /cdrom/dists/lenny/Release.gpg
I have to unmount the cdrom now.
Blocking is the correct behaviour, but I have to unmount manual.
# umount /media/cdrom0
Then I import the signing key used to sign the CD-ROM into the keyring of the trusted repositories i.e. /etc/apt/trusted.gpg
# gpg -a --export 548ED131 | apt-key add -
# apt-cdrom add
Using CD-ROM mount point /cdrom/
Unmounting CD-ROM
Waiting for disc...
Please insert a Disc in the drive and press enter
Mounting CD-ROM...
Identifying.. [2b17ce42747853c1d4d0119cebd5d574-2]
Scanning disc for index files..
Found 1 package indexes, 0 source indexes, 0 translation indexes and 1 signatures
Found label 'Debian GNU/Linux 5.0.4 _Lenny_ - Official i386 CD Binary-1 20100131-18:53'
This disc is called:
'Debian GNU/Linux 5.0.4 _Lenny_ - Official i386 CD Binary-1 20100131-18:53'
Copying package lists...gpgv: Signature made Tue 20 Apr 2010 06:17:29 PM CEST using RSA key ID 548ED131
gpgv: Good signature from "secXtreme GmbH Debian Archive Signing Key (2009) <debsign@sec-xtreme.com>"
Reading Package Indexes... Done
Writing new source list
Source list entries for this disc are:
deb cdrom:[Debian GNU/Linux 5.0.4 _Lenny_ - Official i386 CD Binary-1 20100131-18:53]/ lenny main
Unmounting CD-ROM...
Repeat this process for the rest of the CDs in your set.
If I import an unsigned CD-ROM it is always imported.
Why does apt-cdrom not prevent the import of an unsigned CD-ROMs?
Regards
Andreas
-- Package-specific info:
-- apt-config dump --
APT "";
APT::Architecture "i386";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "1";
APT::Install-Suggests "0";
APT::Acquire "";
APT::Acquire::Translation "environment";
APT::Authentication "";
APT::Authentication::TrustCDROM "false";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^linux-image.*";
APT::NeverAutoRemove:: "^linux-restricted-modules.*";
APT::Cache-Limit "100000000";
APT::Periodic "";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
APT::Update "";
APT::Update::Post-Invoke-Success "";
APT::Update::Post-Invoke-Success:::: "touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";
APT::Archives "";
APT::Archives::MaxAge "30";
APT::Archives::MinAge "2";
APT::Archives::MaxSize "500";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::userstatus "status.user";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Acquire "";
Acquire::Pdiffs "false";
Acquire::ForceHash "sha256";
Unattended-Upgrade "";
Unattended-Upgrade::Allowed-Origins "";
Unattended-Upgrade::Allowed-Origins:: "Debian stable";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Post-Invoke "";
DPkg::Post-Invoke:: "if [ -x /usr/bin/debsums ]; then /usr/bin/debsums --generate=nocheck -sp /var/cache/apt/archives; fi";
DPkg::Post-Invoke:: "if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi";
-- (no /etc/apt/preferences present) --
-- /etc/apt/sources.list --
deb cdrom:[Debian GNU/Linux 5.0.4 _Lenny_ - Official i386 CD Binary-1 20100131-18:53]/ lenny main
deb http://security.debian.org/ lenny/updates main non-free
deb http://ftp.de.debian.org/debian/ lenny main non-free contrib
#deb http://ftp.de.debian.org/debian/ testing main non-free contrib
#deb http://ftp.de.debian.org/debian/ experimental main non-free contrib
deb-src http://ftp.de.debian.org/debian/ lenny main
deb-src http://security.debian.org/ lenny/updates main
deb http://volatile.debian.org/debian-volatile lenny/volatile main
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages apt depends on:
ii debian-archive-keyring 2009.01.31 GnuPG archive keys of the Debian a
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii libgcc1 1:4.3.2-1.1 GCC support library
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
apt recommends no packages.
Versions of packages apt suggests:
pn apt-doc <none> (no description available)
ii aptitude 0.4.11.11-1~lenny1 terminal-based package manager
ii bzip2 1.0.5-1 high-quality block-sorting file co
ii dpkg-dev 1.14.29 Debian package development tools
ii lzma 4.43-14 Compression method of 7z format in
ii python-apt 0.7.7.1+nmu1 Python interface to libapt-pkg
ii synaptic 0.62.1+nmu1 Graphical package manager
-- no debconf information
Reply to: