Devuan bug report logs - #778
cron-apt does not report repositories with GPG problems

version graph

Package: cron-apt; Maintainer for cron-apt is (unknown); Source for cron-apt is src:cron-apt.

Reported by: Koos van den Hout <koos@idefix.net>

Date: Wed, 30 Aug 2023 08:20:02 UTC

Severity: normal

Merged with 777

Found in version 0.13.0

Done: Mark Hindley <mark@hindley.org.uk>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to devuan-bugs@lists.dyne.org, devuan-dev@lists.dyne.org:
bug#778; Package cron-apt. (Wed, 30 Aug 2023 08:20:12 GMT) (full text, mbox, link).


Acknowledgement sent to Koos van den Hout <koos@idefix.net>:
New bug report received and forwarded. Copy sent to devuan-dev@lists.dyne.org. (Wed, 30 Aug 2023 08:20:13 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.devuan.org (full text, mbox, reply):

From: Koos van den Hout <koos@idefix.net>
To: Devuan Bug Tracking System <submit@bugs.devuan.org>
Subject: cron-apt does not report repositories with GPG problems
Date: Wed, 30 Aug 2023 10:17:46 +0200
Package: cron-apt
Version: 0.13.0
Severity: normal

(this time with the correct e-mail address)

Dear Maintainer,

I noticed the following using cron-apt: when a repository rotates its
GPG keys, cron-apt does not act on the error message about the unavailable
GPG key. This makes cron-apt not report about updates until a manual run
of apt update shows there is a problem with this repository and this is
fixed.

I expected cron-apt to report this error because this holds back updates
when the GPG key for a repository is updated.

I ran into this with the Grafana repository. There were no messages from
cron-apt, but by hand I saw the key had changed:

root@gosper:~# apt update
Get:1 https://packages.grafana.com/oss/deb stable InRelease [5,984 B]
Err:1 https://packages.grafana.com/oss/deb stable InRelease
  The following signatures couldn't be verified because the public key is not av
ailable: NO_PUBKEY 963FA27710458545
Hit:2 http://deb.devuan.org/merged beowulf InRelease
Hit:3 http://deb.devuan.org/merged beowulf-security InRelease
Hit:4 http://deb.devuan.org/merged beowulf-updates InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not up
dated and the previous index files will be used. GPG error: https://packages.gra
fana.com/oss/deb stable InRelease: The following signatures couldn't be verified
 because the public key is not available: NO_PUBKEY 963FA27710458545
W: Failed to fetch https://packages.grafana.com/oss/deb/dists/stable/InRelease
The following signatures couldn't be verified because the public key is not avai
lable: NO_PUBKEY 963FA27710458545
W: Some index files failed to download. They have been ignored, or old ones used
 instead.

-- System Information:
Distributor ID:	Devuan
Description:	Devuan GNU/Linux 3 (beowulf)
Release:	3
Codename:	beowulf
Architecture: x86_64

Kernel: Linux 4.19.0-24-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages cron-apt depends on:
ii  apt  1.8.2.3

Versions of packages cron-apt recommends:
ii  cron [cron-daemon]                   3.0pl1-134+deb10u1
ii  liblockfile1                         1.14-1.1
ii  sendmail-bin [mail-transport-agent]  8.15.2-14~deb10u1

cron-apt suggests no packages.

-- Configuration Files:
/etc/cron-apt/config changed:
MAILON="upgrade"


-- no debconf information

Reply sent to Mark Hindley <mark@hindley.org.uk>:
You have taken responsibility. (Wed, 30 Aug 2023 09:24:01 GMT) (full text, mbox, link).


Notification sent to Koos van den Hout <koos@idefix.net>:
bug acknowledged by developer. (Wed, 30 Aug 2023 09:24:03 GMT) (full text, mbox, link).


Message #10 received at 778-done@bugs.devuan.org (full text, mbox, reply):

From: Mark Hindley <mark@hindley.org.uk>
To: Koos van den Hout <koos@idefix.net>, 778-done@bugs.devuan.org
Subject: Re: bug#778: cron-apt does not report repositories with GPG problems
Date: Wed, 30 Aug 2023 10:21:54 +0100
Koos,

On Wed, Aug 30, 2023 at 10:17:46AM +0200, Koos van den Hout wrote:
> root@gosper:~# apt update
> Get:1 https://packages.grafana.com/oss/deb stable InRelease [5,984 B]
> Err:1 https://packages.grafana.com/oss/deb stable InRelease
>   The following signatures couldn't be verified because the public key is not av
> ailable: NO_PUBKEY 963FA27710458545

There is no bug here. You just need to import the new key for this third-party
repository. Indeed https://packages.grafana.com/ has the instructions for doing
so.

HTH

Mark

Merged 777 778 Request was from Mark Hindley <mark@hindley.org.uk> to control@bugs.devuan.org. (Wed, 06 Sep 2023 09:38:02 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Mon Sep 25 07:15:47 2023;