Home | Devuan | Git | Forum | Packages | Popcon
Donate now!
Download

Devuan bug report logs - #778
cron-apt does not report repositories with GPG problems

version graph

Package: cron-apt; Maintainer for cron-apt is (unknown); Source for cron-apt is src:cron-apt.

Reported by: Koos van den Hout <koos@idefix.net>

Date: Wed, 30 Aug 2023 08:20:02 UTC

Severity: normal

Merged with 777

Found in version 0.13.0

Done: Mark Hindley <mark@hindley.org.uk>

Full log

🔗 View this message in rfc822 format

MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
X-Loop: owner@bugs.devuan.org
From: "Devuan bug Tracking System" <owner@bugs.devuan.org>
To: Mark Hindley <mark@hindley.org.uk>
Subject: bug#778: marked as done (cron-apt does not report repositories
 with GPG problems)
Message-ID: <handler.778.D778.16933873532658.ackdone@bugs.devuan.org>
References: <ZO8KMqYW+RicCv2a@hindley.org.uk>
 <169338346613.25642.11656744352431709814.reportbug@gosper.idefix.net>
X-Devuan-PR-Message: closed 778
X-Devuan-PR-Package: cron-apt
Reply-To: 778@bugs.devuan.org
Date: Wed, 30 Aug 2023 09:24:01 +0000
Content-Type: multipart/mixed; boundary="----------=_1693387441-2667-0"

[Message part 1 (text/plain, inline)]
Your message dated Wed, 30 Aug 2023 10:21:54 +0100
with message-id <ZO8KMqYW+RicCv2a@hindley.org.uk>
and subject line Re: bug#778: cron-apt does not report repositories with GPG problems
has caused the Devuan bug report #778,
regarding cron-apt does not report repositories with GPG problems
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.devuan.org
immediately.)


-- 
778: https://bugs.devuan.org/cgi/bugreport.cgi?bug=778
Devuan Bug Tracking System
Contact owner@bugs.devuan.org with problems

[Message part 2 (message/rfc822, inline)]
From: Koos van den Hout <koos@idefix.net>
To: Devuan Bug Tracking System <submit@bugs.devuan.org>
Subject: cron-apt does not report repositories with GPG problems
Date: Wed, 30 Aug 2023 10:17:46 +0200
Package: cron-apt
Version: 0.13.0
Severity: normal

(this time with the correct e-mail address)

Dear Maintainer,

I noticed the following using cron-apt: when a repository rotates its
GPG keys, cron-apt does not act on the error message about the unavailable
GPG key. This makes cron-apt not report about updates until a manual run
of apt update shows there is a problem with this repository and this is
fixed.

I expected cron-apt to report this error because this holds back updates
when the GPG key for a repository is updated.

I ran into this with the Grafana repository. There were no messages from
cron-apt, but by hand I saw the key had changed:

root@gosper:~# apt update
Get:1 https://packages.grafana.com/oss/deb stable InRelease [5,984 B]
Err:1 https://packages.grafana.com/oss/deb stable InRelease
  The following signatures couldn't be verified because the public key is not av
ailable: NO_PUBKEY 963FA27710458545
Hit:2 http://deb.devuan.org/merged beowulf InRelease
Hit:3 http://deb.devuan.org/merged beowulf-security InRelease
Hit:4 http://deb.devuan.org/merged beowulf-updates InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not up
dated and the previous index files will be used. GPG error: https://packages.gra
fana.com/oss/deb stable InRelease: The following signatures couldn't be verified
 because the public key is not available: NO_PUBKEY 963FA27710458545
W: Failed to fetch https://packages.grafana.com/oss/deb/dists/stable/InRelease
The following signatures couldn't be verified because the public key is not avai
lable: NO_PUBKEY 963FA27710458545
W: Some index files failed to download. They have been ignored, or old ones used
 instead.

-- System Information:
Distributor ID:	Devuan
Description:	Devuan GNU/Linux 3 (beowulf)
Release:	3
Codename:	beowulf
Architecture: x86_64

Kernel: Linux 4.19.0-24-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages cron-apt depends on:
ii  apt  1.8.2.3

Versions of packages cron-apt recommends:
ii  cron [cron-daemon]                   3.0pl1-134+deb10u1
ii  liblockfile1                         1.14-1.1
ii  sendmail-bin [mail-transport-agent]  8.15.2-14~deb10u1

cron-apt suggests no packages.

-- Configuration Files:
/etc/cron-apt/config changed:
MAILON="upgrade"


-- no debconf information

[Message part 3 (message/rfc822, inline)]
From: Mark Hindley <mark@hindley.org.uk>
To: Koos van den Hout <koos@idefix.net>, 778-done@bugs.devuan.org
Subject: Re: bug#778: cron-apt does not report repositories with GPG problems
Date: Wed, 30 Aug 2023 10:21:54 +0100
Koos,

On Wed, Aug 30, 2023 at 10:17:46AM +0200, Koos van den Hout wrote:
> root@gosper:~# apt update
> Get:1 https://packages.grafana.com/oss/deb stable InRelease [5,984 B]
> Err:1 https://packages.grafana.com/oss/deb stable InRelease
>   The following signatures couldn't be verified because the public key is not av
> ailable: NO_PUBKEY 963FA27710458545

There is no bug here. You just need to import the new key for this third-party
repository. Indeed https://packages.grafana.com/ has the instructions for doing
so.

HTH

Mark

Send a report that this bug log contains spam.

Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Sun Nov 24 21:58:08 2024;