Package: apt Version: 1.4~beta2 Severity: wishlist Hi, I have struggled a pretty long time trying to find out why Debian stretch would complain about our private package repository, while it works perfectly well on Debian jessie and below. The symptom was this:
# apt-get update Hit:1 http://ftp.debian.xs4all.net/debian stretch InRelease Hit:2 http://ftp.debian.xs4all.net/debian stretch-updates InRelease Hit:3 http://security.debian.org stretch/updates InRelease Get:4 https://dpkg.xs4all.net stretch InRelease [4061 B] Err:4 https://dpkg.xs4all.net stretch InRelease The following signatures were invalid: D9EB3929A1511F1F9B0D47D2D16BDC99BCA6F741 Fetched 4061 B in 0s (7711 B/s) Reading package lists... Done W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dpkg.xs4all.net stretch InRelease: The following signatures were invalid: D9EB3929A1511F1F9B0D47D2D16BDC99BCA6F741 W: Failed to fetch https://dpkg.xs4all.net/dists/stretch/InRelease The following signatures were invalid: D9EB3929A1511F1F9B0D47D2D16BDC99BCA6F741 W: Some index files failed to download. They have been ignored, or old ones used instead. I first had to "apt-get update -o Debug::Acquire::gpgv=true" to find this: Read: [GNUPG:] VALIDSIG D9EB3929A1511F1F9B0D47D2D16BDC99BCA6F741 2017-01-09 1483967529 0 4 0 1 2 01 D9EB3929A1511F1F9B0D47D2D16BDC99BCA6F741 Got untrusted VALIDSIG, key ID: D9EB3929A1511F1F9B0D47D2D16BDC99BCA6F741 gpgv exited with status 0 And then I read gnupg/g10/mainproc.c and apt/methods/gpgv.cc to find out that it is probably the SHA-1 digest algorithm apt doesn't like, which led me to the relative simple fix found on https://debian-administration.org/users/dkg/weblog/48 Please make it easier to debug this kind of problem, or better: make apt just say what the problem is. When I later configured our private repo on Ubuntu xenial, it just told me exactly what the problem was: Reading package lists... Done W: https://dpkg.xs4all.net/dists/xenial/InRelease: Signature by key D9EB3929A1511F1F9B0D47D2D16BDC99BCA6F741 uses weak digest algorithm (SHA1) Regards, Robert Scheer. -- Package-specific info: -- (no /etc/apt/preferences present) -- -- (/etc/apt/preferences.d/puppet.pref present, but not submitted) -- -- (/etc/apt/sources.list present, but not submitted) -- -- (/etc/apt/sources.list.d/debian.list present, but not submitted) -- -- (/etc/apt/sources.list.d/debian_security.list present, but not submitted) -- -- (/etc/apt/sources.list.d/debian_updates.list present, but not submitted) -- -- (/etc/apt/sources.list.d/xs4all.list present, but not submitted) -- -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/16 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apt depends on: ii adduser 3.115 ii debian-archive-keyring 2014.3 ii gpgv 2.1.17-2 ii init-system-helpers 1.46 ii libapt-pkg5.0 1.4~beta2 ii libc6 2.24-8 ii libgcc1 1:6.2.1-5 ii libstdc++6 6.2.1-5 Versions of packages apt recommends: ii gnupg 2.1.17-2 Versions of packages apt suggests: pn apt-doc <none> pn aptitude | synaptic | wajig <none> ii dpkg-dev 1.18.18 pn powermgmt-base <none> pn python-apt <none> -- no debconf information
