Devuan bug report logs -
#778
cron-apt does not report repositories with GPG problems
Full log
🔗
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
This is an automatic notification regarding your bug report
which was filed against the cron-apt package:
#778: cron-apt does not report repositories with GPG problems
It has been closed by Mark Hindley <mark@hindley.org.uk>.
Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Mark Hindley <mark@hindley.org.uk> by
replying to this email.
--
778: https://bugs.devuan.org/cgi/bugreport.cgi?bug=778
Devuan Bug Tracking System
Contact owner@bugs.devuan.org with problems
[Message part 2 (message/rfc822, inline)]
Koos,
On Wed, Aug 30, 2023 at 10:17:46AM +0200, Koos van den Hout wrote:
> root@gosper:~# apt update
> Get:1 https://packages.grafana.com/oss/deb stable InRelease [5,984 B]
> Err:1 https://packages.grafana.com/oss/deb stable InRelease
> The following signatures couldn't be verified because the public key is not av
> ailable: NO_PUBKEY 963FA27710458545
There is no bug here. You just need to import the new key for this third-party
repository. Indeed https://packages.grafana.com/ has the instructions for doing
so.
HTH
Mark
[Message part 3 (message/rfc822, inline)]
Package: cron-apt
Version: 0.13.0
Severity: normal
(this time with the correct e-mail address)
Dear Maintainer,
I noticed the following using cron-apt: when a repository rotates its
GPG keys, cron-apt does not act on the error message about the unavailable
GPG key. This makes cron-apt not report about updates until a manual run
of apt update shows there is a problem with this repository and this is
fixed.
I expected cron-apt to report this error because this holds back updates
when the GPG key for a repository is updated.
I ran into this with the Grafana repository. There were no messages from
cron-apt, but by hand I saw the key had changed:
root@gosper:~# apt update
Get:1 https://packages.grafana.com/oss/deb stable InRelease [5,984 B]
Err:1 https://packages.grafana.com/oss/deb stable InRelease
The following signatures couldn't be verified because the public key is not av
ailable: NO_PUBKEY 963FA27710458545
Hit:2 http://deb.devuan.org/merged beowulf InRelease
Hit:3 http://deb.devuan.org/merged beowulf-security InRelease
Hit:4 http://deb.devuan.org/merged beowulf-updates InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not up
dated and the previous index files will be used. GPG error: https://packages.gra
fana.com/oss/deb stable InRelease: The following signatures couldn't be verified
because the public key is not available: NO_PUBKEY 963FA27710458545
W: Failed to fetch https://packages.grafana.com/oss/deb/dists/stable/InRelease
The following signatures couldn't be verified because the public key is not avai
lable: NO_PUBKEY 963FA27710458545
W: Some index files failed to download. They have been ignored, or old ones used
instead.
-- System Information:
Distributor ID: Devuan
Description: Devuan GNU/Linux 3 (beowulf)
Release: 3
Codename: beowulf
Architecture: x86_64
Kernel: Linux 4.19.0-24-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages cron-apt depends on:
ii apt 1.8.2.3
Versions of packages cron-apt recommends:
ii cron [cron-daemon] 3.0pl1-134+deb10u1
ii liblockfile1 1.14-1.1
ii sendmail-bin [mail-transport-agent] 8.15.2-14~deb10u1
cron-apt suggests no packages.
-- Configuration Files:
/etc/cron-apt/config changed:
MAILON="upgrade"
-- no debconf information
Send a report that this bug log contains spam.