Bug#618445: marked as done (apt: Please downgrade "There is no public key available ..." to a notice)

To: Julian Andres Klode <jak@debian.org>
Subject: Bug#618445: marked as done (apt: Please downgrade "There is no public key available ..." to a notice)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 11 May 2016 09:51:12 +0000
Message-id: <[🔎] handler.618445.D618445.146296016414115.ackdone@bugs.debian.org>
References: <E1b0Qld-0008O5-HT@franck.debian.org> <20110315080342.8686.23777.reportbug@octopus.hi.pengutronix.de>

Your message dated Wed, 11 May 2016 09:49:21 +0000
with message-id <E1b0Qld-0008O5-HT@franck.debian.org>
and subject line Bug#618445: fixed in apt 1.3~exp1
has caused the Debian Bug report #618445,
regarding apt: Please downgrade "There is no public key available ..." to a notice
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
618445: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618445
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apt: Please downgrade "There is no public key available ..." to a notice
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Date: Tue, 15 Mar 2011 09:03:42 +0100
Message-id: <20110315080342.8686.23777.reportbug@octopus.hi.pengutronix.de>

Package: apt
Version: 0.8.10
Severity: minor
Tags: patch

Hello,

I'm about to change the gpg key used to sign our apt and so signed the
archive for now with two keys and will update the keyring package to
contain the new key soon.

The "problem" I'm faced with now is that if apt only knows one of the
two keys used it prints a warning

	W: There is no public key available for the following key IDs:
	...

I don't know if this is the only situation where this warning is issued,
but if it is (and the comment[1] in the source makes me believe it is) IMHO
a notice would be enough.
The main difference is that a notice doesn't result in a red box that
looks too important for me in aptitude.

For now I simply don't remove the old key from the keyring package yet
such that the warning goes away when the most recent version is
installed.

So the remaining downsides are that I need to update the keyring package
once more when the old key is expired (well or ignore that and simply
ship two keys) and that the users of our repository see the warning
until they update the keyring package (and have to update once more
later).

Best regards
Uwe

[1] "check for missing sigs (that where not fatal because otherwise we
     had bombed earlier)"

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1422,7 +1422,7 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message)			/*{{{*/
       missingkeys += (Fingerprint);
    }
    if(!missingkeys.empty())
-      _error->Warning("%s", string(msg+missingkeys).c_str());
+      _error->Notice("%s", string(msg+missingkeys).c_str());
 
    string Transformed = MetaIndexParser->GetExpectedDist();

--- End Message ---

--- Begin Message ---

To: 618445-close@bugs.debian.org
Subject: Bug#618445: fixed in apt 1.3~exp1
From: Julian Andres Klode <jak@debian.org>
Date: Wed, 11 May 2016 09:49:21 +0000
Message-id: <E1b0Qld-0008O5-HT@franck.debian.org>

Source: apt
Source-Version: 1.3~exp1

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 618445@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 May 2016 10:48:27 +0200
Source: apt
Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 1.3~exp1
Distribution: experimental
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst2.0 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg5.0 - package management runtime library
Closes: 618445 820861 823746 823918 823976
Changes:
 apt (1.3~exp1) experimental; urgency=medium
 .
   [ David Kalnischkies ]
   * make random acquire queues work less random
   * add dep11 files to default Release patterns
   * don't ask server if we have entire file in partial/
   * properly format multiline error messages
   * format multiline errors properly in acquire progress
   * show more details for "Hash Sum mismatch" errors
   * show more details for "Writing more data" errors, too
   * use the same redirection mirror for all index files
   * edsp: ask policy engine for the pin of the version directly
   * give rc-status packages a pin of -1
   * respect user pinning in M-A:same version (un)screwing
   * deprecate confusing Pkg.CandVersion() method
   * factor out Pkg/DepIterator prettyprinters into own header
   * gpgv: use EXPKEYSIG instead of KEYEXPIRED
   * gpgv: handle expired sig as worthless
   * don't show NO_PUBKEY warning if repo is signed by another key
     (Closes: 618445)
   * support multiple fingerprints in signed-by
   * support Signed-By in Release files as a sort of HPKP
   * bugscript: include all configuration fragment files (Closes: 820861)
   * move gnupg|gnupg2 from apt Depends to Recommends
   * warn if apt-key is run unconditionally in maintainerscript
   * remove 100-levels config nesting limit
   * let DPKG_COLORS default to our APT::Color setting
   * allow redirection for items without a space in the desc again
   * delay progress until Release files are downloaded
   * download arch:all also for NATIVE_ARCHITECTURE indextargets
   * implement Fallback-Of for IndexTargets
   * implement Identifier field for IndexTargets
   * gpgv: show always webportal error on NODATA (Closes: 823746)
   * don't sent uninstallable rc-only versions via EDSP
   * edsp: support generic and solver-specific configs (Closes: 823918)
 .
   [ Julian Andres Klode ]
   * policy: Get rid of old (pre-1.1) GetCandidateVer algorithm
   * private-show: Get rid of old policy support code
   * ftparchive: Support writing Signed-By fields
   * Strip trailing commas for created signed-by fingerprint lists
   * update: Run Post-Invoke-Success if not all sources failed
 .
   [ Patrick Cable ]
   * refactored no_proxy code to work regardless of where https proxy is set
 .
   [ James McCoy ]
   * deb822: Restore support for <multivalue>-{Add,Remove}
 .
   [ Zhou Mo ]
   * zh_TW.po: remove several fuzzy tags after review
 .
   [ Adrian Wielgosik ]
   * Don't copy strings in Startswith, Endswith
   * Speed up GetLocalitySortedVersionSet.
 .
   [ Frans Spiesschaert ]
   * Dutch program translation update (Closes: 823976)
Checksums-Sha1:
 c2e827ae93f643b15d62d6ce110211a111f980b3 2347 apt_1.3~exp1.dsc
 43f6d52d1930219dab308b4bee2aa41b3b9d0009 2056580 apt_1.3~exp1.tar.xz
Checksums-Sha256:
 0ec838a487e2a4ca8b9a4108945d60eecfc69b5d27cddb5948e647e58e00ff51 2347 apt_1.3~exp1.dsc
 2ad33cd007ea93be09cd96a1f3d0bb99a9be126c56c19de46eda4b48b7790c78 2056580 apt_1.3~exp1.tar.xz
Files:
 24d24c3a2add2a3d5a25bc6c24f3d8dc 2347 admin important apt_1.3~exp1.dsc
 eded8e4867f6d675f3b1de93970743b4 2056580 admin important apt_1.3~exp1.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXMvLDAAoJENc8OeVlgLOGe+cQAJqjiNhGK1+pJ3DLYU7wfQ21
vKijdiAnbukPgXatMIiSMo7Ccx3DFLrG482p69R2Hhqr7UTcKWAarQOP4NDZ0Lvc
mWeI8UXMedboUuYTkAIeFIBRrFtdI3ItVdaiO7AV168LcIaxgDhht9iwKfg15w1+
WvI0uP+gx9vhRWOcOK6x8QdqzqpIjHttT2XfHMGbz33aJksEpLZsV7CRXP0aqgyd
9gSyjewN9tEYoJCqv37tlEOpkY8RexYopy0+vZZonFTtwb/Bnj1DY4GkhLwWV/jv
VbecJY5aWwF2Cf8o4Zc7RDjSym9Immilps1QjrxAXk3+HTxROcwQR9mHVilR1xoP
lRSaJmQI1nTZEBMGqxOxz5TYLH9PVCCkVexPuvViG+k2tyaZYqP5Mz0ZHWUdHTok
7tfitoPh+9PHrhu9MtBTgb7mk4iNzKUqVV9Zz+l40zotLH5FFk8FMg9sLBgN722U
VaP+CauGS7iqXaNy5H0f/82dhUwlN4k69anzp5STQoE3XpPZPSYuTZwtsEtxj5Cz
ohQQnLG+RiBCop0xp35q2fEdPPM6qb7FeziThYDPURBU+QdIvLNkNof9Yhb42tL4
4iqHxHumt+oBAAEGAACSQbSbaNCK2wYaEhSEnBSSFKWneBJ2Eit45iM92PKQQiJ8
MwrHXBS4EIGhNrP7SRVc
=msKC
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#618445: marked as done (apt: Please downgrade "There is no public key available ..." to a notice)
Next by Date: Bug#823746: marked as done (apt: Broken error handling for GnuPG status-fd NODATA status)
Previous by thread: Bug#618445: marked as done (apt: Please downgrade "There is no public key available ..." to a notice)
Next by thread: Bug#820861: marked as done (apt reportbug collection script does not include preferences in /etc/apt/preferences.d)
Index(es):
- Date
- Thread