Your message dated Sun, 21 Jun 2009 18:02:05 +0000
with message-id <[email protected]>
and subject line Bug#533753: fixed in cupt 0.2.3
has caused the Debian Bug report #533753,
regarding cupt: overzelous signature checking breaks ia32-apt-get
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
533753: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533753
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cupt
Version: 0.2.2
Severity: normal
Hi,
for ia32-apt-get to work it has to do some magic with the Index files
apt-get downloads. This means mangling them after they have been
downloaded and signatures checked. This is fine in apt-get as it does
not check the signature again, only on download.
Now cupt on the otherhand seems to check the signature on every
invocation, even "cupt show cupt" resulting in warnings like this:
W: gpg: '/var/lib/apt/lists/chocos_debian_dists_sid-amd64_Release': bad
signature: EA4ADBF06B83280C reprepro (signing key)
<[email protected]>
The signature check is not needed as the Release.gpg file will ever
only be there if the signature did check out during download. So
besides this breaking ia32-apt-get it is also a huge waste of time.
MfG
Goswin
-- System Information:
Debian Release: squeeze/sid
APT prefers transitional-i386
APT policy: (500, 'transitional-i386'), (500, 'transitional'), (500,
'unstable'), (400, 'unstable-i386'), (1, 'experimental-i386'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.29.4-frosties-1
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages cupt depends on:
ii libcupt-perl 0.2.2 alternative front-end for dpkg --
ii perl 5.10.0-23 Larry Wall's Practical Extraction
cupt recommends no packages.
cupt suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: cupt
Source-Version: 0.2.3
We believe that the bug you reported is fixed in the latest version of
cupt, which is due to be installed in the Debian FTP archive:
cupt_0.2.3.dsc
to pool/main/c/cupt/cupt_0.2.3.dsc
cupt_0.2.3.tar.gz
to pool/main/c/cupt/cupt_0.2.3.tar.gz
cupt_0.2.3_all.deb
to pool/main/c/cupt/cupt_0.2.3_all.deb
libcupt-perl_0.2.3_all.deb
to pool/main/c/cupt/libcupt-perl_0.2.3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eugene V. Lyubimkin <[email protected]> (supplier of updated cupt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 21 Jun 2009 18:42:49 +0300
Source: cupt
Binary: libcupt-perl cupt
Architecture: source all
Version: 0.2.3
Distribution: unstable
Urgency: medium
Maintainer: Eugene V. Lyubimkin <[email protected]>
Changed-By: Eugene V. Lyubimkin <[email protected]>
Description:
cupt - alternative front-end for dpkg -- console interface
libcupt-perl - alternative front-end for dpkg -- Perl modules
Closes: 533752 533753
Changes:
cupt (0.2.3) unstable; urgency=medium
.
* Cupt:
- System:
- Worker:
- 'update_release_and_index_data': fixed downloading of non-compressed
indexes.
- 'update_release_and_index_data': fixed removing downloaded file after
uncompressing.
- 'update_release_and_index_data': remove the downloaded Release.gpg if
signature verification failed and 'cupt::update::keep-bad-signatures'
is false (this is the default setting) for the compatibility with
APT.
Thanks to Goswin von Brederlow <[email protected]>.
(Closes: #533753). Urgency is set to 'medium' because of this fix.
- 'update_release_and_index_data': download index file even if
signature download/check failed.
- Resolvers/Native:
- Reworked solution rank system.
- Dropped 'first-good' solution chooser. It can be mimicked by setting
'max-solution-count' option to 1.
- Run cleaning auto-installed packages also before resolving, aiming
to reduce number of solutions resolver should work with.
- Made "zero" line for actions 400 points less, affecting ordering
solutions for processing for default 'fair' resolver type. Leads to
significant (several times) speed-up for some cases. Makes possible
to obtain at least one solution for some hard queries (like removing
core system components).
- Fixed erroneous auto-removing of some dependencies which were brought
by 'satisfy' query.
- Download:
- Manager:
- Enabled basic HTTPS protocol support.
- IPC is rewritten using UNIX sockets instead of fifos.
- Progress:
- Changed speed-o-meter accuracy to 4 seconds (previous value was
2 seconds).
- Methods/Curl:
- Added basic handling of transitive download errors.
- Cache:
- New free subroutine 'verify_signature'.
- BinaryVersion:
- [API break] Renamed field 'source_name' to 'source_package_name'.
- Added a check for hash sums presence. Thanks to
Goswin von Brederlow <[email protected]>.
- Added a check for version string presence.
- Config:
- Added configuration option 'apt::cache-limit'. Thanks to
Goswin von Brederlow <[email protected]>. (Closes: #533752)
- New configuration option 'cupt::update::keep-bad-signatures'.
* debian/control:
- Bumped Standards-Version to 3.8.2, no changes needed.
- Changed Homepage to wiki.debian.org/Cupt.
Checksums-Sha1:
e364cc981a7c1981aeac87033b35ebabb0433268 868 cupt_0.2.3.dsc
f91fad7ab30a5042f0c2129212278b64d6bf6835 79843 cupt_0.2.3.tar.gz
565716a61b4ee664098544c648529c47be288f65 103816 libcupt-perl_0.2.3_all.deb
7a0609180e6307e09633096cb3d5207f694abcd1 40456 cupt_0.2.3_all.deb
Checksums-Sha256:
afa652078d9fa53bb6aaceeb2dfa50ddb30622acbccc97928cd13a4ec228147c 868
cupt_0.2.3.dsc
959053e0bcf0755d4c493cd98954270267ef2df4c4e6409e3a78b10cbbd974d1 79843
cupt_0.2.3.tar.gz
e7fbce5f17c95751592650b55e9a68e60b3a2804a056f000a8287a7e03d810fb 103816
libcupt-perl_0.2.3_all.deb
ad2066d9bdc0d49201893eb768e52d622ba705338bb221eb2726fbab23c30311 40456
cupt_0.2.3_all.deb
Files:
c9ea8a133281da4981e892f210192eb0 868 perl optional cupt_0.2.3.dsc
f132fca8c9f91d1e97b6c7988c2054ca 79843 perl optional cupt_0.2.3.tar.gz
9ace4f71a9073dbf713808faddac418e 103816 perl optional
libcupt-perl_0.2.3_all.deb
c8e5f50dac8fdf1a6ea5712b073b625f 40456 perl optional cupt_0.2.3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAko+cakACgkQchorMMFUmYygpQCfTAhjUiDkeRh2Oup+/Ubty2zb
nsgAoJo3UekT4MBrilygMKCgyf4SdrMi
=C2PL
-----END PGP SIGNATURE-----
--- End Message ---
