This bug was fixed in the package apt - 1.2.24
---------------
apt (1.2.24) xenial; urgency=medium
* Microrelease covering fixes of 1.4.6
* Fix parsing of or groups in build-deps with ignored packages (LP: #1694697)
* apt.systemd.daily: Use unattended-ugrade --download-only if available.
Instead of passing -d, which enables a debugging mode; check if
unattended-upgrade supports an option --download-only (which is yet
to be implemented) and use that (Closes: #863859)
apt (1.2.23) xenial; urgency=medium
* Microrelease covering fixes of 1.4.4
[ Alan Jenkins ]
* apt.systemd.daily: fix error from locking code (Closes: #862567)
apt (1.2.22) xenial; urgency=medium
[ Julian Andres Klode ]
* Run unattended-upgrade -d in download part
* apt.systemd.daily: Add locking
* Split apt-daily timer into two (LP: #1686470)
[ Matt Kraai ]
* bash-completion: Fix spelling of autoclean (Closes: #861846)
apt (1.2.21) xenial; urgency=medium
* Microrelease covering fixes of 1.4 and 1.4.1
[ Julian Andres Klode ]
* Ignore \.ucf-[a-z]+$ like we do for \.dpkg-[a-z]+$
* systemd: Rework timing and add After=network-online (was LP #1615482)
[ David Kalnischkies ]
* Fix and avoid quoting in CommandLine::AsString (LP: #1672710)
[ Unit 193 ]
* apt-ftparchive: Support '.ddeb' dbgsym packages
-- Julian Andres Klode <[email protected]> Mon, 19 Jun 2017 13:58:04
+0200
** Changed in: apt (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1672710
Title:
apt fails to verify keys when Dir has space, and set via cmdline
Status in apt package in Ubuntu:
Fix Released
Status in apt source package in Xenial:
Fix Released
Status in apt source package in Yakkety:
Won't Fix
Bug description:
When Dir has a space, and it is set via APT_CONFIG file, keys are found and
validated correctly.
When Dir is set without a space via cmdline, keys are found and validated
correctly.
When Dir is set with a space via cmdline, keys are not found and repositories
are not verified.
[Test case]
Please see attached reproducer, which works on xenial system (gpg1) but not
on zesty system (gpg2)
$ bash reproducer.sh
++ mktemp -d
+ tmpdir=/tmp/tmp.sFipy6h5yL
+ pushd /tmp/tmp.sFipy6h5yL
/tmp/tmp.sFipy6h5yL ~
+ mkdir 'Sub Dir'
+ pushd 'Sub Dir'
/tmp/tmp.sFipy6h5yL/Sub Dir /tmp/tmp.sFipy6h5yL ~
+ mkdir -p etc/apt/apt.conf.d
+ mkdir -p etc/apt/trusted.gpg.d
+ mkdir -p etc/apt/preferences.d
+ mkdir -p var/lib/apt/lists/partial
+ mkdir -p var/lib/dpkg
+ touch var/lib/dpkg/status
+ cp /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
etc/apt/trusted.gpg.d/
+ echo 'deb http://archive.ubuntu.com/ubuntu/ trusty main'
+ echo 'Dir "/tmp/tmp.sFipy6h5yL/Sub Dir";'
+ export APT_CONFIG=/tmp/tmp.sFipy6h5yL/apt.conf
+ APT_CONFIG=/tmp/tmp.sFipy6h5yL/apt.conf
+ cat /tmp/tmp.sFipy6h5yL/apt.conf
Dir "/tmp/tmp.sFipy6h5yL/Sub Dir";
+ :
+ : == list available keys ==
+ apt-key list
/tmp/tmp.sFipy6h5yL/Sub
Dir/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
---------------------------------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32
uid [ unknown] Ubuntu Archive Automatic Signing Key (2012)
<[email protected]>
+ :
+ : == update with environ APT_CONFIG setting the Dir variable ==
+ apt update
Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
Get:2 http://archive.ubuntu.com/ubuntu trusty Release [58.5 kB]
Get:3 http://archive.ubuntu.com/ubuntu trusty Release.gpg [933 B]
Get:4 http://archive.ubuntu.com/ubuntu trusty/main amd64 Packages [1,350 kB]
Fetched 1,410 kB in 0s (1,959 kB/s)
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
+ unset APT_CONFIG
+ :
+ : == update with cmdline Dir option setting Dir to relative pwd ==
+ apt -o Dir=./ update
Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
Hit:2 http://archive.ubuntu.com/ubuntu trusty Release
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
+ :
+ : == update with cmdline Dir option setting Dir to absolute pwd with space
==
+ apt -o 'Dir=/tmp/tmp.sFipy6h5yL/Sub Dir' update
Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease
Hit:2 http://archive.ubuntu.com/ubuntu trusty Release
Err:3 http://archive.ubuntu.com/ubuntu trusty Release.gpg
The following signatures couldn't be verified because the public key is not
available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not
updated and the previous index files will be used. GPG error:
http://archive.ubuntu.com/ubuntu trusty Release: The following signatures
couldn't be verified because the public key is not available: NO_PUBKEY
40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg
The following signatures couldn't be verified because the public key is not
available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: Some index files failed to download. They have been ignored, or old ones
used instead.
[Regression Potential]
The fix changes the code to generate quotes in the Commmandline:AsString
option, which dumps the command line for logging purposes. This was not
parseable before, causing the file to be rejected, so what can happen is that
something now works that did not before.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1672710/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : [email protected]
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
