Bug#733028: marked as done (apt: Secure apt runs into gpg "resource limit".)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Wed, 08 Oct 2014 11:00:07 +0000
with message-id <E1XboyV-0003mi-W3@franck.debian.org>
and subject line Bug#733028: fixed in apt 1.1~exp4
has caused the Debian Bug report #733028,
regarding apt: Secure apt runs into gpg "resource limit".
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
733028: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733028
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit <submit@bugs.debian.org>
• Subject: apt: Secure apt runs into gpg "resource limit".
• From: "a k'wala" <akwala@gmail.com>
• Date: Tue, 24 Dec 2013 01:28:43 -0500
• Message-id: <CAEtkY=CUQSzz1uf-1UENYDV6bV+1EU89D5JUL2yFsX9MTRYMDA@mail.gmail.com>

Package: apt
Version: 0.9.9.1~ubuntu3
Severity: important

Dear Maintainer,

'apt-get update' has started showing several warnings like the following, even though the keys are present:

W: GPG error: http://us.archive.ubuntu.com saucy Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32

'apt-key list' shows the keys in question in its output...

pub 1024D/437D05B5 2004-09-12
uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
sub 2048g/79164387 2004-09-12

pub 4096R/C0B21F32 2012-05-11
uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>

...and its output begins with the following:

gpg: keyblock resource `/etc/apt/trusted.gpg.d//webupd8team-y-ppa-manager.gpg': resource limit

I see the same gpg message when I manually update/remove/add the keys in question. E.g.:

$ sudo apt-key update
gpg: keyblock resource `/etc/apt/trusted.gpg.d//webupd8team-java.gpg': resource limit
gpg: keyblock resource `/etc/apt/trusted.gpg.d//webupd8team-y-ppa-manager.gpg': resource limit
gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>" not changed
gpg: key FBB75451: "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>" not changed
gpg: key C0B21F32: "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>" not changed
gpg: key EFE21092: "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" not changed
gpg: Total number processed: 4
gpg: unchanged: 4

I asked about the "resource limit" message on the gnupg-users mailing list...
http://www.mail-archive.com/gnupg-users@gnupg.org/msg23300.html
Based on Werner Koch's (the dev) answer...
http://www.mail-archive.com/gnupg-users@gnupg.org/msg23302.html
...the secure apt related programs might be making gpg use more than the maximum number of keyrings that it can handle.



I saw the following while attempting to work around this issue:

1.
In addition to /etc/apt/trusted.gpg, each *.gpg file in /etc/apt/trusted.gpg.d/ is a separate keyring, often containing a single key for the corresponding repository. This could effectively limit the number of repos/packages one can have, if the total number of keyrings exceeds GnuPG's limit.

2.
Deleting a key ('apt-key del <keyID>'), or removing a repository (e.g., using Synaptic), removes the key from its keyring in /etc/apt/trusted.gpg.d/ but leaves the empty keyring in the location. After I removed the empty keyring files, the "resource limit" message did not appear and 'apt-get update' did not complain about "NO_PUBKEY." So, once GnuPG's maximum number of keyrings is reached, one has to manually remove the empty keyring files, in addition to removing package repositories, in order to avoid the "NO_PUBKEY" scenario.



-- Package-specific info:

-- apt-config dump --

APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "true";
APT::Install-Suggests "0";
APT::Authentication "";
APT::Authentication::TrustCDROM "true";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^kfreebsd-image.*";
APT::NeverAutoRemove:: "^gnumach$";
APT::NeverAutoRemove:: "^gnumach-image.*";
APT::NeverAutoRemove:: "^linux-image-3.11.0-13-generic$";
APT::NeverAutoRemove:: "^linux-image-extra-3.11.0-13-generic$";
APT::NeverAutoRemove:: "^linux-signed-image-3.11.0-13-generic$";
APT::NeverAutoRemove:: "^linux-backports-modules-.*-3.11.0-13-generic$";
APT::NeverAutoRemove:: "^linux-headers-3.11.0-13-generic$";
APT::NeverAutoRemove:: "^linux-tools-3.11.0-13-generic$";
APT::NeverAutoRemove:: "^linux-image-3.11.0-14-generic$";
APT::NeverAutoRemove:: "^linux-image-extra-3.11.0-14-generic$";
APT::NeverAutoRemove:: "^linux-signed-image-3.11.0-14-generic$";
APT::NeverAutoRemove:: "^linux-backports-modules-.*-3.11.0-14-generic$";
APT::NeverAutoRemove:: "^linux-headers-3.11.0-14-generic$";
APT::NeverAutoRemove:: "^linux-tools-3.11.0-14-generic$";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "restricted/metapackages";
APT::Never-MarkAuto-Sections:: "universe/metapackages";
APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
APT::Never-MarkAuto-Sections:: "oldlibs";
APT::Never-MarkAuto-Sections:: "restricted/oldlibs";
APT::Never-MarkAuto-Sections:: "universe/oldlibs";
APT::Never-MarkAuto-Sections:: "multiverse/oldlibs";
APT::Periodic "";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
APT::Update "";
APT::Update::Post-Invoke-Success "";
APT::Update::Post-Invoke-Success:: "touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";
APT::Update::Post-Invoke-Success:: "test -x /usr/bin/apt-show-versions || exit 0 ; apt-show-versions -i";
APT::Update::Post-Invoke-Success:: "[ ! -f /var/run/dbus/system_bus_socket ] || /usr/bin/dbus-send --system --dest=org.debian.apt --type=signal /org/debian/apt org.debian.apt.CacheChanged || true";
APT::Archives "";
APT::Archives::MaxAge "30";
APT::Archives::MinAge "2";
APT::Archives::MaxSize "500";
APT::Changelogs "";
APT::Changelogs::Server "http://changelogs.ubuntu.com/changelogs";
APT::Architectures "";
APT::Architectures:: "amd64";
APT::Architectures:: "i386";
APT::Compressor "";
APT::Compressor::. "";
APT::Compressor::.::Name ".";
APT::Compressor::.::Extension "";
APT::Compressor::.::Binary "";
APT::Compressor::.::Cost "1";
APT::Compressor::gzip "";
APT::Compressor::gzip::Name "gzip";
APT::Compressor::gzip::Extension ".gz";
APT::Compressor::gzip::Binary "gzip";
APT::Compressor::gzip::Cost "2";
APT::Compressor::gzip::CompressArg "";
APT::Compressor::gzip::CompressArg:: "-9n";
APT::Compressor::gzip::UncompressArg "";
APT::Compressor::gzip::UncompressArg:: "-d";
APT::Compressor::bzip2 "";
APT::Compressor::bzip2::Name "bzip2";
APT::Compressor::bzip2::Extension ".bz2";
APT::Compressor::bzip2::Binary "bzip2";
APT::Compressor::bzip2::Cost "3";
APT::Compressor::bzip2::CompressArg "";
APT::Compressor::bzip2::CompressArg:: "-9";
APT::Compressor::bzip2::UncompressArg "";
APT::Compressor::bzip2::UncompressArg:: "-d";
APT::Compressor::xz "";
APT::Compressor::xz::Name "xz";
APT::Compressor::xz::Extension ".xz";
APT::Compressor::xz::Binary "xz";
APT::Compressor::xz::Cost "4";
APT::Compressor::xz::CompressArg "";
APT::Compressor::xz::CompressArg:: "-6";
APT::Compressor::xz::UncompressArg "";
APT::Compressor::xz::UncompressArg:: "-d";
APT::Compressor::lzma "";
APT::Compressor::lzma::Name "lzma";
APT::Compressor::lzma::Extension ".lzma";
APT::Compressor::lzma::Binary "xz";
APT::Compressor::lzma::Cost "5";
APT::Compressor::lzma::CompressArg "";
APT::Compressor::lzma::CompressArg:: "--format=lzma";
APT::Compressor::lzma::CompressArg:: "-9";
APT::Compressor::lzma::UncompressArg "";
APT::Compressor::lzma::UncompressArg:: "--format=lzma";
APT::Compressor::lzma::UncompressArg:: "-d";
APT::Compressor::::Name "";
APT::Compressor::::Extension ".";
APT::Compressor::::Binary "";
APT::Compressor::::Cost "100";
APT::Compressor::::CompressArg "";
APT::Compressor::::CompressArg:: "-9";
APT::Compressor::::UncompressArg "";
APT::Compressor::::UncompressArg:: "-d";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::mirrors "mirrors/";
Dir::State::extended_states "extended_states";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Etc::trusted "trusted.gpg";
Dir::Etc::trustedparts "trusted.gpg.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::solvers "";
Dir::Bin::solvers:: "/usr/lib/apt/solvers";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Bin::bzip2 "/bin/bzip2";
Dir::Bin::xz "/usr/bin/xz";
Dir::Media "";
Dir::Media::MountPath "/media/apt";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Dir::Log::History "history.log";
Dir::Ignore-Files-Silently "";
Dir::Ignore-Files-Silently:: "~$";
Dir::Ignore-Files-Silently:: "\.disabled$";
Dir::Ignore-Files-Silently:: "\.bak$";
Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
Dir::Ignore-Files-Silently:: "\.save$";
Dir::Ignore-Files-Silently:: "\.orig$";
Dir::Ignore-Files-Silently:: "\.distUpgrade$";
Acquire "";
Acquire::cdrom "";
Acquire::cdrom::mount "/media/cdrom/";
Acquire::Languages "";
Acquire::Languages:: "en";
Acquire::Languages:: "none";
Aptitude "";
Aptitude::Get-Root-Command "sudo:/usr/bin/sudo";
Aptitude::Keep-Unused-Pattern "^linux-image.*$ | ^linux-restricted-modules.*$ | ^linux-ubuntu-modules.*$";
Dpkg "";
Dpkg::Post-Invoke "";
Dpkg::Post-Invoke:: "if test -x /usr/share/dhelp/scripts/index-deferred; then /usr/share/dhelp/scripts/index-deferred; fi";
Dpkg::Post-Invoke:: "if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi; if [ -e /var/lib/update-notifier/updates-available ]; then echo > /var/lib/update-notifier/updates-available; fi ";
Dpkg::Pre-Install-Pkgs "";
Dpkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
Unattended-Upgrade "";
Unattended-Upgrade::Allowed-Origins "";
Unattended-Upgrade::Allowed-Origins:: "${distro_id}:${distro_codename}-security";
CommandLine "";
CommandLine::AsString "apt-config dump";

-- (no /etc/apt/preferences present) --


-- /etc/apt/sources.list --

# deb cdrom:[Ubuntu 13.10 _Saucy Salamander_ - Release amd64 (20131016.1)]/ saucy main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ saucy main restricted #Added by software-properties

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us.archive.ubuntu.com/ubuntu/ saucy main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ saucy multiverse universe #Added by software-properties

## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ saucy-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ saucy-updates restricted main multiverse universe #Added by software-properties

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ saucy universe
deb http://us.archive.ubuntu.com/ubuntu/ saucy-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://us.archive.ubuntu.com/ubuntu/ saucy multiverse
deb http://us.archive.ubuntu.com/ubuntu/ saucy-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.

deb http://us.archive.ubuntu.com/ubuntu/ saucy-security main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ saucy-security restricted main multiverse universe #Added by software-properties
deb http://us.archive.ubuntu.com/ubuntu/ saucy-security universe
deb http://us.archive.ubuntu.com/ubuntu/ saucy-security multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
deb http://archive.canonical.com/ubuntu saucy partner
# deb-src http://archive.canonical.com/ubuntu saucy partner

## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
deb http://extras.ubuntu.com/ubuntu saucy main
deb-src http://extras.ubuntu.com/ubuntu saucy main
deb http://deb.torproject.org/torproject.org saucy main
# deb-src http://deb.torproject.org/torproject.org saucy main
deb http://archive.getdeb.net/ubuntu saucy-getdeb apps
deb http://deb.torproject.org/torproject.org tor-experimental-0.2.5.x-saucy main
# deb-src http://deb.torproject.org/torproject.org tor-experimental-0.2.5.x-saucy main

-- System Information:
Debian Release: wheezy/sid
  APT prefers saucy-updates
  APT policy: (500, 'saucy-updates'), (500, 'saucy-security'), (500, 'saucy')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11.0-14-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  gnupg           1.4.14-1ubuntu2.1
ii  libapt-pkg4.12  0.9.9.1~ubuntu3
ii  libc6           2.17-93ubuntu4
ii  libgcc1         1:4.8.1-10ubuntu9
ii  libstdc++6      4.8.1-10ubuntu9
ii  ubuntu-keyring  2012.05.19

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc     <none>
ii  aptitude    0.6.8.2-1ubuntu2
ii  dpkg-dev    1.16.12ubuntu1
ii  python-apt  0.8.9.1ubuntu1
ii  synaptic    0.80.2
ii  xz-utils    5.1.1alpha+20120614-2ubuntu1

-- no debconf information

--- End Message ---

--- Begin Message ---

• To: 733028-close@bugs.debian.org
• Subject: Bug#733028: fixed in apt 1.1~exp4
• From: Michael Vogt <mvo@ubuntu.com>
• Date: Wed, 08 Oct 2014 11:00:07 +0000
• Message-id: <E1XboyV-0003mi-W3@franck.debian.org>

Source: apt
Source-Version: 1.1~exp4

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 733028@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Vogt <mvo@ubuntu.com> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 08 Oct 2014 09:37:35 +0200
Source: apt
Binary: apt libapt-pkg4.14 libapt-inst1.6 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all amd64
Version: 1.1~exp4
Distribution: experimental
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@ubuntu.com>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst1.6 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg4.14 - package management runtime library
Closes: 647001 686221 733028 754436 762889 762898 763004 763033 763379 764055 764066
Changes:
 apt (1.1~exp4) experimental; urgency=medium
 .
   [ Michael Vogt ]
   * Merge sid version 1.0.9.2
   * feature/acq-trans:
     - Make apt-get update more transactional by keeping all data from
       a sources.list line in partial/ until all data is good and only
       then move it into lists/ in one step
     - add new -o Debug::Acquire::Transaction=1 debug option
   * feature/expected-size:
     Do not download more data in the mehotds than expected if we know
     the size. For the InRelease/Release/Release.gpg add new
     Acquire::MaxReleaseFileSize that defaults to 10Mb for now
   * Verify the the hashes of the downloaded compressed files early
   * Only load unauthenticated data into our parsers when the user
     explicitly asked for it via --allow-insecure-repositories
     (Acquire::AllowInsecureRepositories)
   * Print warning when trying to use unauthenticated repositories
   * Use /var/empty as the homedir for _apt
   * Revert making pkgAcquire::Item::DescURI() "const" to not break
     API
   * Do not allow going from a authenticated to unauthenticated repository
   * Add missing "adduser" dependency (for the new _apt user)
     Thanks to Russ Allbery (Closes: #763004)
   * Test if TMPDIR is a directory in apt-key and if not unset it
   * add early verification for the .diff/Index download
   * Bump library version to libapt-pkg4.14
   * Rework pkgAcqMeta{Index,Sig,ClearSig}::{Done,Failed]() for readability
   * Ignore EINVAL from prctl(PR_SET_NO_NEW_PRIVS) (closes: 764066)
 .
   [ David Kalnischkies ]
   * deprecate Pkg->Name in favor of Grp->Name
   * drop stored StringItems in favor of in-memory mappings
   * de-duplicate version strings in the cache
   * fix progress output for (dist-)upgrade calculation
   * move PCI::From* methods into CacheSetHelper class (Closes: 686221)
   * add a (hidden) --quiet option for apt-key
   * only create new trusted.gpg if directory is writeable
   * support (multiple) arguments properly in apt-key
   * set a primary-keyring only if we have access to it
   * merge fragment keyrings in apt-key to avoid hitting gpg limits
     (Closes: 733028)
   * use apt-key adv (+ gnupg) instead of gpgv for verify
   * support gnupg2 as drop-in replacement for gnupg
   * allow to specify fingerprints in 'apt-key del'
   * use only one --keyring in gpg interactions
   * add and use 'apt-key verify' which prefers gpgv over gpg
   * remove empty keyrings in trusted.gpg.d on upgrade
   * store source name and version in binary cache
   * allow fetcher setup without directory creation (Closes: 762898)
   * cleanup partial directory of lists in apt-get clean (Closes: #762889)
   * allow options between command and -- on commandline
   * update symbols file
   * support parsing of all hashes for pdiff
   * ensure world-readability for trusted.gpg in postinst (Closes: 647001)
   * ensure partial dirs are 0700 and owned by _apt:root
   * use _apt:root only for partial directories
   * display errortext for all Err
   * set PR_SET_NO_NEW_PRIVS also if run as non-root
 .
   [ James McCoy ]
   * ensure apt-key del handles 16-byte key ids (Closes: 754436)
 .
   [ Kenshi Muto ]
   * Japanese program translation update (Closes: 763033)
 .
   [ Trần Ngọc Quân ]
   * Set STRIP_FROM_PATH for doxygen
 .
   [ Mert Dirik ]
   * Turkish program translation update (Closes: 763379)
 .
   [ Guillem Jover ]
   * apt-get: Create the temporary downloaded changelog inside tmpdir
 .
   [ Miroslav Kure ]
   * [l10n] Updated Czech translation of apt (Closes: #764055)
Checksums-Sha1:
 94e9dc7f0ff5d8e6b43cf62ddafe416ab9c16f64 2357 apt_1.1~exp4.dsc
 35b3355e4fa6f4c13fdbb234a6520817799f1495 1824432 apt_1.1~exp4.tar.xz
 c60da50e75d44b3ae684b18562b516da5344ecc1 302332 apt-doc_1.1~exp4_all.deb
 96be7087c8fa3169e953961a46af025ed4ad907f 859900 libapt-pkg-doc_1.1~exp4_all.deb
 135d59429a8315f9098301d022535b48ce204a82 804034 libapt-pkg4.14_1.1~exp4_amd64.deb
 01c4dd671b9cb7e0fd266ced320b6d668fe5245f 170452 libapt-inst1.6_1.1~exp4_amd64.deb
 6345ef48080c84c77b9980c11eab92f20566b346 1105576 apt_1.1~exp4_amd64.deb
 9ce2edfb76b543b628ef466a782bcda56e9f8162 199334 libapt-pkg-dev_1.1~exp4_amd64.deb
 e6fce60187a0af81cfba4b6a4332a6daeba255b8 370724 apt-utils_1.1~exp4_amd64.deb
 3e3a472d93dfe9dd8e83c8feeef02a82a27fa807 138784 apt-transport-https_1.1~exp4_amd64.deb
Checksums-Sha256:
 4b4f00eeb0562d64d4727927e0ef35c75ff63e9672ea7144b88caf92a41d9208 2357 apt_1.1~exp4.dsc
 edbb52e5fae376194def49b3edef3b51fb4aa043493c1e94eeeff1c2cad429c7 1824432 apt_1.1~exp4.tar.xz
 f1e0f97fa1a9a6b00a75edbaa877f24d9c90611aa6a5522e87304fb0c94e8b98 302332 apt-doc_1.1~exp4_all.deb
 57aa542a6b957369bcdfda186aec581b0eff20e3b0ecef86c0cc2e7a3e139a10 859900 libapt-pkg-doc_1.1~exp4_all.deb
 25663802aa4bfa2246fe385679ca6558a9dfb430eedd38ddf40392ed457d00dd 804034 libapt-pkg4.14_1.1~exp4_amd64.deb
 5a55287e6ad900050a246293ec8c2a843d60b6e583fc0850fe6a3210cc84fd39 170452 libapt-inst1.6_1.1~exp4_amd64.deb
 dc976e9118e07b97b768a5ad22712f5825d6564f3bf3c2206807afd4ef73c346 1105576 apt_1.1~exp4_amd64.deb
 1c9ee7b618bcf8efeb3f40bad4e4cade143709dab35b8967193ed5fed0ddb0d0 199334 libapt-pkg-dev_1.1~exp4_amd64.deb
 661ad0f64f3950421baf59b6e4136edf1ed1e5612e9972cc563c87832cfd6975 370724 apt-utils_1.1~exp4_amd64.deb
 8aac0f89a15e9a08ce9c6b02e356ee73034b77bab51578cd4457430ea7e7edb3 138784 apt-transport-https_1.1~exp4_amd64.deb
Files:
 f5096e0f107df56fae947b5296a6bd27 2357 admin important apt_1.1~exp4.dsc
 ce7bf46f6ae580ab1dbc223f06dbd811 1824432 admin important apt_1.1~exp4.tar.xz
 e204ab933990236e67b3eda430f9bbec 302332 doc optional apt-doc_1.1~exp4_all.deb
 72367b2cfcc3069708180fa01a4075ed 859900 doc optional libapt-pkg-doc_1.1~exp4_all.deb
 b1a393c98af4ca150ecc7c72edb5ca72 804034 libs important libapt-pkg4.14_1.1~exp4_amd64.deb
 fa42e776db6ba5cdda6985c6a48d2eb6 170452 libs important libapt-inst1.6_1.1~exp4_amd64.deb
 da64e619525d6aacda53dadb3cac51df 1105576 admin important apt_1.1~exp4_amd64.deb
 f02fd73daddae42c5b2bf8f73b86ac5e 199334 libdevel optional libapt-pkg-dev_1.1~exp4_amd64.deb
 ae2931e63117648ea20aca17cc90f5dd 370724 admin important apt-utils_1.1~exp4_amd64.deb
 2cc88efed3428b753fd36aec6bb325d4 138784 admin optional apt-transport-https_1.1~exp4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUNO4WAAoJEJjKuzq9TKWey/IQAOuc+uegxVa0tsWCIHxJqTYN
7QzsLv/D3yJyuDjPzgUP1Lt4xsoq0hJq4hlhRDDYxPeXJuNHuga5UZTh0ysZUlRh
dHd4EbR5YsYR/oNWr7jpIGhYJOOwVhurPGkZJm82A6JKvXxHwk/Fq2nA3XItZ4u/
YDHCj3oS7ZI4Kfx0N3249RbCIPGCFvQpudPcR6X+tYsaGCJPS1PZGkLp4n+j7Q1v
5KYU4F3HPpInT4QN9/kTFnw9fKwDXb0T+DOo5dhODiS4MDIzE3b1Os4EtGtDvecP
eEuj8Ag3IDmXNNSIGumzAMGNy8/cY125t6ZhMDd43aVitK6YqORF3g4gmCe4cHHS
a+nxjim4Y0iPA+2gF6qwt0v2agyB52dyRxUBgxnBopc/5kMI2P2rV+tIRCWaPCb9
fDLVSz+F9/RhYLFOrfcRqPSpsq+Ej2aACZsKiw8ZlDo9jcbtgyMbG4VpDSJOE0dS
rpvXg5ZVI74OZJ3FrKd20mtPSn/t/QzP7DhV8yVS/XnswdJlDqQnpUQ0RFt6tMr7
IaPjIug0JFo6EnRCIwc4z/eWrCTUat1jUWt7e6rWTVeMnCrq+/aq8WnHKoRM7acw
bMR+lEmuubnhENGVr6F8dc8dKay2puslX1Im82sVpL8e4BwF7XIT6egIVDUQxVnQ
rYEbfRlZW6bwOGft7UH2
=Apvx
-----END PGP SIGNATURE-----

--- End Message ---