Bug#644610: marked as done (apt: Erroneous warning on signed snapshots)
Your message dated Sat, 26 Nov 2016 00:03:23 +0000
with message-id <E1cAQSh-000BfH-Hh@fasolo.debian.org>
and subject line Bug#644610: fixed in apt 1.4~beta1
has caused the Debian Bug report #644610,
regarding apt: Erroneous warning on signed snapshots
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
644610: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644610
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: Erroneous warning on signed snapshots
- From: Neil Williams <codehelp@debian.org>
- Date: Fri, 07 Oct 2011 11:51:13 +0100
- Message-id: <20111007105113.15218.61079.reportbug@calvin.TCLDOMAIN.OFFICE>
Package: apt
Version: 0.8.10.3+squeeze1
Severity: minor
W: Conflicting distribution: http://repo development/snapshots/test13 InRelease (expected development/snapshots but got development)
The problem goes away entirely if the Release.gpg file for the snapshot is
moved, renamed or deleted.
Originally found on Squeeze, since reproduced in sid using a pbuilder chroot.
Snapshots are created using reprepro gensnapshot which creates Release files
similar to:
head ../snapshots/dists/lenny/snapshots/illgill1/Release
Origin: Emdebian
Label: EmdebianGrip
Suite: lenny/snapshots/illgill1
Codename: lenny
Version: 1.0
Date: Mon, 13 Dec 2010 13:14:49 UTC
Architectures: armel
Components: main
Description: Emdebian Grip Lenny
Note the generated suite which contains / separators which are real
directories on the filesystem.
If dists/lenny/snapshots/illgill1/Release.gpg exists, apt reports the
warning. If that single file is removed, apt does not report the
warning.
No changes were made to the Release files themselves, the snapshot or
the repository itself.
We've been using reprepro snapshots since before Lenny because it is a
safe way to freeze an entire distribution at a single point of time and
let development / updates continue. This is particularly useful with
copies of Debian or Emdebian stable releases where we don't want
machines upgrading to a point release until that point release has
been tested with the other software on device.
It is only with our move to Squeeze that SecureApt support has been
added internally and this is the first time we tried to use SecureApt
with a snapshot.
To test, use reprepro to create a dummy repository - conf/distributions file
along the lines of:
Codename: development
Architectures: armel i386 source
Components: main
#SignWith: 0x61616E31
The secret key to use must be in the ~/.gnupg/ keyring of the user running
reprepro.
Generate the repo with:
$ reprepro -v export development
Include a handful of random packages in the repo using:
$ reprepro includedeb development /var/cache/apt/archives/foo*.deb
Then generate a snapshot:
$ reprepro gensnapshot development test1
The apt source would then be:
deb http://localhost/repo development/snapshots/test1 main
If SignWith is uncommented and the repo exported, Release.gpg
will be created and with any other source from this repo apt is
perfectly happy with the signature. If the snapshot source is
used with the '/' separators, the presence of the Release.gpg file
causes apt to generate the erroneous warning.
-- Package-specific info:
-- (/etc/apt/preferences present, but not submitted) --
Default installation in a clean chroot.
-- (/etc/apt/sources.list present, but not submitted) --
Example:
deb http://repo/swift development/snapshots/oct17 main
-- System Information:
Debian Release: 6.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apt depends on:
ii debian-archive-keyring 2010.08.28 GnuPG archive keys of the Debian a
ii gnupg 1.4.10-4 GNU privacy guard - a free PGP rep
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.5-8 GCC support library
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
apt recommends no packages.
Versions of packages apt suggests:
pn apt-doc <none> (no description available)
ii aptitude 0.6.3-3.2 terminal-based package manager (te
ii bzip2 1.0.5-6 high-quality block-sorting file co
ii dpkg-dev 1.15.8.11 Debian package development tools
ii lzma 4.43-14 Compression method of 7z format in
ii python-apt 0.7.100.1+squeeze1 Python interface to libapt-pkg
ii synaptic 0.70~pre1+b1 Graphical package manager
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: apt
Source-Version: 1.4~beta1
We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 644610@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated apt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 25 Nov 2016 23:49:54 +0100
Source: apt
Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 1.4~beta1
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
apt - commandline package manager
apt-doc - documentation for APT
apt-transport-https - https download transport for APT
apt-utils - package management related utility programs
libapt-inst2.0 - deb package format runtime library
libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
libapt-pkg-doc - documentation for APT development
libapt-pkg5.0 - package management runtime library
Closes: 272557 465572 644610 767891 837395 838779 840552 840757 841763 841874 842877 844724 845599
Changes:
apt (1.4~beta1) unstable; urgency=medium
.
[ Chris Leick ]
* Updated German documentation translation
* fix three typos in sources & manpages
* German translation proof read by Helge Kreutzmann
.
[ Frans Spiesschaert ]
* Dutch program translation update (Closes: #840552)
* Dutch manpages translation update (Closes: #840757)
.
[ David Kalnischkies ]
* don't install new deps of candidates for kept back pkgs
* keep Release.gpg on untrusted to trusted IMS-Hit (Closes: 838779)
* fix testcase expecting incorrect remove log from dpkg
* reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges (Closes: 842877)
* show the conflicting distribution warning again (Closes: 841874)
* rename Checksum-FileSize to Filesize in hashsum mismatch
* improve SOCKS error messages for http slightly
* support 'apt build-dep .' (aka: without /)
* add TMP/TEMP/TEMPDIR to the TMPDIR DropPrivileges dance
* http: skip connection cleanup if we close it anyhow
* add hidden config to set packages as Essential/Important.
Thanks to Anthony Towns for initial patch (Closes: 767891)
* don't warn if untransformed distribution matches.
Thanks to Lukas Anzinger for initial patch (Closes: 644610)
* show distribution mismatch for changed codenames
* react to trig-pend only if we have nothing else to do
* correct cross & disappear progress detection
* improve arch-unqualified dpkg-progress parsing
* don't perform implicit crossgrades involving M-A:same
* do not configure unconfigured to be removed packages
* skip unconfigure for unconfigured to-be removed pkgs
* report apt-key errors via status-fd messages (LP: #1522988)
* add apt-key support for armored GPG key files (*.asc)
* document which keyring formats are supported by apt-key (Closes: 844724)
* get pdiff files from the same mirror as the index
* follow the googletest merge in build-depends
.
[ Michael Vogt ]
* Do not (re)start "apt-daily.system"
Thanks to Alexandre Detiste (Closes: #841763)
.
[ Johannes Schauer ]
* add support for Build-Depends/Conflicts-Arch (Closes: #837395)
.
[ Edgar Fuß ]
* http: clear content before reporting the failure (Closes: #465572)
.
[ James Clarke ]
* apt-ftparchive: Support NotAutomatic and ButAutomaticUpgrades fields
(Closes: #272557)
.
[ Julian Andres Klode ]
* TagSection: Split AlphaIndexes into AlphaIndexes and BetaIndexes
* TagSection: Extract Find() methods taking Pos instead of Key
* Squashed 'triehash/' content from commit 16f59e1
* TagSection: Introduce functions for looking up by key ids
* debListParser: Convert to use pkgTagSection::Key-based lookup
* Bump the cache major version for non-backportable changes
* Introduce tolower_ascii_unsafe() and use it for hashing
* Optimize VersionHash() to not need temporary copy of input
* Compare size before data when ordering cache bucket entries
* debListParser: Micro-optimize AvailableDescriptionLanguages()
* Do not use MD5SumValue for Description_md5()
* gpgv: Untrust SHA1, RIPE-MD/160, but allow downgrading to weak
.
[ Paul Wise ]
* show output as documented for APT::Periodic::Verbose 2 (Closes: 845599)
Checksums-Sha1:
9f49c6a174ec4da92b27041060cb3531dfa93337 2565 apt_1.4~beta1.dsc
bde0ba2ec01caa7856bb02255ab96ed0bba6d56d 2053936 apt_1.4~beta1.tar.xz
Checksums-Sha256:
59965ea9f2489feeb510d945f8ec681f8cedf6ff9ddc413c02423b2f48b0d9c1 2565 apt_1.4~beta1.dsc
7321ec058d2a7d664e1b5123a1d73fc0d63738eb97783df8dce45e8a2b2898c1 2053936 apt_1.4~beta1.tar.xz
Files:
0bd8495d92665d653fc0552a29a1e707 2565 admin important apt_1.4~beta1.dsc
08e36fb472189a177a8f1b55949e41ae 2053936 admin important apt_1.4~beta1.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEzeVhi4gF/W4gLOnC1zw55WWAs4YFAlg4wOQPHGpha0BkZWJp
YW4ub3JnAAoJENc8OeVlgLOGoDcP/0TuSlspjqIdw0V7mP8jvDg69jH2WDVv4GGJ
8/+JTSry8k7x7X07GaZX7bPmSUbFB1JMeP1+SWyFYa/J3e/GwqTWhKllojjvCo79
XnduRT6KsMrzznzB4CIlS9MwpIn6Wz3hxogJYiJcST+8243m59QsqhdnnD+fWrHG
IpLk8cPgxrVPnw+9cSXt/zuJVuuZL2ExMBk+QaRYpSXXCdMN7rUuBCoWP4RE5hTy
isGA2K53tHt7QYpo6175N3zwcuFyOTzp4XuuOlemG2FcIHjIpZ978EhA8bLdh5QW
OSbW8suti7IwX7+TJyOjYOOGmZSwa+34f6lq4ED0N79SRQAaCpOKqx6OMWFnvDhN
vEeMXpaWZSsf1QIgQ6V27fMWHVncQJ5SO+Dz8E1VTmgqVU/kMSb6JKW06WCkH5fO
ebNfv1l9UndWQQAvVrLTS8SduR334lZN2Z1FfJLPVHLZTqfSNZjLQWuVwbnZReDR
GIEgmXge1MEmHFDW33/xISOe3kLJfWtSjQxe2NbvTKKKGvwEzawVQNlJxAOGmhMW
ZbGXSx4j7YWlUmBVObHSIsHqCLZov4pLA08CsYu6g3DE/YyuQqrzmIRC/cS6yR5K
lZ+6sJLnaWaTxjEsBsT5AKNpdoOB6vnodNJY4bY0malBcCDfv8BpnuApmyFRzyCw
sUscE3+G
=eM/Q
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: