Package: apt Version: 0.8.10.3+squeeze1 Severity: minor W: Conflicting distribution: http://repo development/snapshots/test13 InRelease (expected development/snapshots but got development)
The problem goes away entirely if the Release.gpg file for the snapshot is moved, renamed or deleted. Originally found on Squeeze, since reproduced in sid using a pbuilder chroot. Snapshots are created using reprepro gensnapshot which creates Release files similar to: head ../snapshots/dists/lenny/snapshots/illgill1/Release Origin: Emdebian Label: EmdebianGrip Suite: lenny/snapshots/illgill1 Codename: lenny Version: 1.0 Date: Mon, 13 Dec 2010 13:14:49 UTC Architectures: armel Components: main Description: Emdebian Grip Lenny Note the generated suite which contains / separators which are real directories on the filesystem. If dists/lenny/snapshots/illgill1/Release.gpg exists, apt reports the warning. If that single file is removed, apt does not report the warning. No changes were made to the Release files themselves, the snapshot or the repository itself. We've been using reprepro snapshots since before Lenny because it is a safe way to freeze an entire distribution at a single point of time and let development / updates continue. This is particularly useful with copies of Debian or Emdebian stable releases where we don't want machines upgrading to a point release until that point release has been tested with the other software on device. It is only with our move to Squeeze that SecureApt support has been added internally and this is the first time we tried to use SecureApt with a snapshot. To test, use reprepro to create a dummy repository - conf/distributions file along the lines of: Codename: development Architectures: armel i386 source Components: main #SignWith: 0x61616E31 The secret key to use must be in the ~/.gnupg/ keyring of the user running reprepro. Generate the repo with: $ reprepro -v export development Include a handful of random packages in the repo using: $ reprepro includedeb development /var/cache/apt/archives/foo*.deb Then generate a snapshot: $ reprepro gensnapshot development test1 The apt source would then be: deb http://localhost/repo development/snapshots/test1 main If SignWith is uncommented and the repo exported, Release.gpg will be created and with any other source from this repo apt is perfectly happy with the signature. If the snapshot source is used with the '/' separators, the presence of the Release.gpg file causes apt to generate the erroneous warning. -- Package-specific info: -- (/etc/apt/preferences present, but not submitted) -- Default installation in a clean chroot. -- (/etc/apt/sources.list present, but not submitted) -- Example: deb http://repo/swift development/snapshots/oct17 main -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2010.08.28 GnuPG archive keys of the Debian a ii gnupg 1.4.10-4 GNU privacy guard - a free PGP rep ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libgcc1 1:4.4.5-8 GCC support library ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3 ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime apt recommends no packages. Versions of packages apt suggests: pn apt-doc <none> (no description available) ii aptitude 0.6.3-3.2 terminal-based package manager (te ii bzip2 1.0.5-6 high-quality block-sorting file co ii dpkg-dev 1.15.8.11 Debian package development tools ii lzma 4.43-14 Compression method of 7z format in ii python-apt 0.7.100.1+squeeze1 Python interface to libapt-pkg ii synaptic 0.70~pre1+b1 Graphical package manager -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

