:: [devuan-dev] bug#778: marked as don…
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Devuan bug Tracking System
Fecha:  
A: Mark Hindley
Asunto: [devuan-dev] bug#778: marked as done (cron-apt does not report repositories with GPG problems)
Your message dated Wed, 30 Aug 2023 10:21:54 +0100
with message-id <ZO8KMqYW+RicCv2a@???>
and subject line Re: bug#778: cron-apt does not report repositories with GPG problems
has caused the Devuan bug report #778,
regarding cron-apt does not report repositories with GPG problems
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@???
immediately.)


--
778: https://bugs.devuan.org/cgi/bugreport.cgi?bug=778
Devuan Bug Tracking System
Contact owner@??? with problems
Package: cron-apt
Version: 0.13.0
Severity: normal

(this time with the correct e-mail address)

Dear Maintainer,

I noticed the following using cron-apt: when a repository rotates its
GPG keys, cron-apt does not act on the error message about the unavailable
GPG key. This makes cron-apt not report about updates until a manual run
of apt update shows there is a problem with this repository and this is
fixed.

I expected cron-apt to report this error because this holds back updates
when the GPG key for a repository is updated.

I ran into this with the Grafana repository. There were no messages from
cron-apt, but by hand I saw the key had changed:

root@gosper:~# apt update
Get:1 https://packages.grafana.com/oss/deb stable InRelease [5,984 B]
Err:1 https://packages.grafana.com/oss/deb stable InRelease
The following signatures couldn't be verified because the public key is not av
ailable: NO_PUBKEY 963FA27710458545
Hit:2 http://deb.devuan.org/merged beowulf InRelease
Hit:3 http://deb.devuan.org/merged beowulf-security InRelease
Hit:4 http://deb.devuan.org/merged beowulf-updates InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not up
dated and the previous index files will be used. GPG error: https://packages.gra
fana.com/oss/deb stable InRelease: The following signatures couldn't be verified
because the public key is not available: NO_PUBKEY 963FA27710458545
W: Failed to fetch https://packages.grafana.com/oss/deb/dists/stable/InRelease
The following signatures couldn't be verified because the public key is not avai
lable: NO_PUBKEY 963FA27710458545
W: Some index files failed to download. They have been ignored, or old ones used
instead.

-- System Information:
Distributor ID:    Devuan
Description:    Devuan GNU/Linux 3 (beowulf)
Release:    3
Codename:    beowulf
Architecture: x86_64


Kernel: Linux 4.19.0-24-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages cron-apt depends on:
ii apt 1.8.2.3

Versions of packages cron-apt recommends:
ii  cron [cron-daemon]                   3.0pl1-134+deb10u1
ii  liblockfile1                         1.14-1.1
ii  sendmail-bin [mail-transport-agent]  8.15.2-14~deb10u1


cron-apt suggests no packages.

-- Configuration Files:
/etc/cron-apt/config changed:
MAILON="upgrade"


-- no debconf information
Koos,

On Wed, Aug 30, 2023 at 10:17:46AM +0200, Koos van den Hout wrote:
> root@gosper:~# apt update
> Get:1 https://packages.grafana.com/oss/deb stable InRelease [5,984 B]
> Err:1 https://packages.grafana.com/oss/deb stable InRelease
> The following signatures couldn't be verified because the public key is not av
> ailable: NO_PUBKEY 963FA27710458545


There is no bug here. You just need to import the new key for this third-party
repository. Indeed https://packages.grafana.com/ has the instructions for doing
so.

HTH

Mark