--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: 1.8.0~rc2 breaks using Release.gpg instead of InRelease
- From: Anthony DeRobertis <anthony@derobert.net>
- Date: Thu, 07 Feb 2019 16:54:01 -0500
- Message-id: <154957644138.12697.10594565579690248171.reportbug@Zia.metrics.net>
Package: libapt-pkg5.0
Version: 1.8.0~rc2
Severity: important
We have a local repository here which is generated with an (ancient!)
version of mini-dinstall. This worked fine until rc2. The problem
appears to be that it uses Release and Release.gpg instead of InRelease.
root@648fb8052f3f:/# apt-get update
Ign:1 http://haruhi.metrics.net/deb buster/ InRelease
Get:2 http://haruhi.metrics.net/deb buster/ Release [1521 B]
Get:3 http://haruhi.metrics.net/deb buster/ Release.gpg [88 B]
Get:5 http://haruhi.metrics.net/deb buster/ Packages [3626 B]
Get:4 http://security-cdn.debian.org/debian-security buster/updates InRelease [38.3 kB]
Get:6 http://cdn-fastly.deb.debian.org/debian buster InRelease [159 kB]
Get:7 http://cdn-fastly.deb.debian.org/debian buster-updates InRelease [47.6 kB]
Get:8 http://cdn-fastly.deb.debian.org/debian buster/main amd64 Packages [7958 kB]
Fetched 8208 kB in 3s (2477 kB/s)
Reading package lists... Done
root@648fb8052f3f:/# apt-get install libapt-pkg5.0=1.8.0~rc2
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
apt
Suggested packages:
apt-doc aptitude | synaptic | wajig dpkg-dev gnupg | gnupg2 | gnupg1 powermgmt-base
Recommended packages:
ca-certificates
The following packages will be upgraded:
apt libapt-pkg5.0
2 upgraded, 0 newly installed, 0 to remove and 11 not upgraded.
Need to get 2280 kB of archives.
After this operation, 14.3 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://cdn-fastly.deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.0~rc2 [965 kB]
Get:2 http://cdn-fastly.deb.debian.org/debian buster/main amd64 apt amd64 1.8.0~rc2 [1315 kB]
Fetched 2280 kB in 1s (3919 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 6577 files and directories currently installed.)
Preparing to unpack .../libapt-pkg5.0_1.8.0~rc2_amd64.deb ...
Unpacking libapt-pkg5.0:amd64 (1.8.0~rc2) over (1.8.0~beta1) ...
Setting up libapt-pkg5.0:amd64 (1.8.0~rc2) ...
(Reading database ... 6577 files and directories currently installed.)
Preparing to unpack .../apt_1.8.0~rc2_amd64.deb ...
Unpacking apt (1.8.0~rc2) over (1.8.0~beta1) ...
Setting up apt (1.8.0~rc2) ...
Processing triggers for libc-bin (2.28-5) ...
root@648fb8052f3f:/# apt-get update
Ign:1 http://haruhi.metrics.net/deb buster/ InRelease
Hit:2 http://haruhi.metrics.net/deb buster/ Release
Err:3 http://haruhi.metrics.net/deb buster/ Release.gpg
Signed file isn't valid, got 'NODATA' (does the network require authentication?)
Hit:5 http://cdn-fastly.deb.debian.org/debian buster InRelease
Hit:4 http://security-cdn.debian.org/debian-security buster/updates InRelease
Hit:6 http://cdn-fastly.deb.debian.org/debian buster-updates InRelease
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://haruhi.metrics.net/deb buster/ Release: Signed file isn't valid, got 'NODATA' (does the network require authentication?)
W: Failed to fetch http://haruhi.metrics.net/deb/buster/Release.gpg Signed file isn't valid, got 'NODATA' (does the network require authentication?)
W: Some index files failed to download. They have been ignored, or old ones used instead.
I think it's the lack of an InRelease file because when I ran this (in
the repository):
$ gpg --clearsign < Release > InRelease
... then "apt-get update" is happy again.
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (150, 'stable'), (100, 'experimental-debug'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-1-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en_GB (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: apt
Source-Version: 1.8.0
We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 921685@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated apt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 08 Mar 2019 09:41:20 +0100
Source: apt
Architecture: source
Version: 1.8.0
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Closes: 921685 923728 923834
Changes:
apt (1.8.0) unstable; urgency=medium
.
[ David Kalnischkies ]
* Add explicit message for unsupported binary signature (Closes: #921685)
.
[ Milo Casagrande ]
* [l10n] Update Italian translation
.
[ Julian Andres Klode ]
* Fix name of APT::Update::Post-Invoke-Stats (was ...Update-Post...)
* CMake: Install auth.conf.d directory (LP: #1818996)
.
[ Frans Spiesschaert ]
* Dutch program translation update (Closes: #923728)
* Dutch manpages translation update (Closes: #923834)
Checksums-Sha1:
2fcc3615dfc4f4b4c28f29f07c476a39876ae530 2738 apt_1.8.0.dsc
7cbad46302c7648851d192dbd5715703a396e636 2171520 apt_1.8.0.tar.xz
9b25f1f19a21ce215e3f5c56627cb45f8c2ab92e 7049 apt_1.8.0_source.buildinfo
Checksums-Sha256:
e89f17d37395b03e576260709b808702a7172255688e5b8d5d2640e3839585b5 2738 apt_1.8.0.dsc
9c56ae7ad58e21aa692a4118a676e2c5f366168a2275e6be104e4ed3cb00086b 2171520 apt_1.8.0.tar.xz
d6fac4ae38110e35244105f1bf8a674ce32d5404714b51ebe3a8a028c5ae850b 7049 apt_1.8.0_source.buildinfo
Files:
d6e5c3e1fbaf75b548387b539dd0af98 2738 admin important apt_1.8.0.dsc
1b263e3e0f5ece84120f0ce82f89725a 2171520 admin important apt_1.8.0.tar.xz
98d05a6ef62d8a10f8957d025e9a170a 7049 admin important apt_1.8.0_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAlyCLFUPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xBecP/iue4KNkC0VI7zsx+UaYEcidsp89i5qp5EAu
wHrZICz622Y4ZVOPFarNWqklxuT79rcu7Tx2aD0j1PdPVgYSkWhRl4RY4hQZb1+0
ZdT2Z2w8Y1M8jaI8p0XIos1glRoDSCRjRcQX4KKHKZYKTC2p+mGubTfLKou1LV1h
uxeAGYW4REl60VNmSofYU+l0m5Sxs1KskFBGfiUeQaB2sm+vqadXNL3XR7lbnVbO
TBXYUFD3xH0elXvWLrmoRxwPSSQvMTZjHFjtZluMzN9F9TtdLqvAc159P2gtWQEv
2SsJliMOx8OqftALoU3os7bKnnNRxlFsBGKCbR33EJeK0ltN/bm2MjXlnmpuToQZ
SH6+9ATNi7P8CmgZRIbWeBTIMXhuwyM+N6NF9VYG8CbbwS287j/wso+kF7DNZO94
Of1D0wolNo9ZmkT4LMjEwmGXYNZxrMJMhKk5euyh6l99OR9cZF7S+FmWd+cLgKfj
4qqYl04kXfy25WSClODgOBnP2/mNDu6jpSwm0uo+i0B/ZKlchofuFWJHFgzKVjYs
uFDViN2VwyN/l2z3+D6htvOjeKCKZRduAxast6AziO8f71WFCDMKVDcy7v2hyj5F
x4UNKzvSdDReoKM97pT3Jp7Udl8/qFftCRUp+INF4im7Id2JM7FzoK3VsQVwWblv
c0C5+yc8
=bKhZ
-----END PGP SIGNATURE-----
--- End Message ---