Bug#564829: How to turn off all APT security checking?
W: GPG error: http://ftp.tw.debian.org unstable Release: The following signatures were invalid: BADSIG 9AA38DCD55BE302B Debian Archive Automatic Signing Key (5.0/lenny) ftpmas...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
W: Failed to fetch http://ftp.tw.debian.org/debian/dists/unstable/main/binary-i386/Packages.bz2 Hash Sum mismatch # LC_ALL=C date -u Mon Mar 8 10:43:55 UTC 2010 -rw-r--r-- 1 30883557 2010-02-10 10:21 ftp.tw.debian.org_debian_dists_unstable_main_binary-i386_Packages.FAILED the release file says: c987e89d6c7056b99ac02d099082087f 30883751 main/binary-i386/Packages -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
Now all is OK again with $ md5sum * 929287c06c9492e41e091a3e1cb964a5 ftp.tw.debian.org_debian_dists_unstable_Release 038fcb40763c69b39768c3ad5f4efb62 ftp.tw.debian.org_debian_dists_unstable_Release.gpg b995e411dcc5e34ad05e901746a385f9 ftp.tw.debian.org_debian_dists_unstable_main_binary-i386_Packages $ date -u Mon Mar 8 11:27:02 UTC 2010 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
Hi, On Mon, Mar 08, 2010 at 06:49:42PM +0800, jida...@jidanni.org wrote: W: Failed to fetch http://ftp.tw.debian.org/debian/dists/unstable/main/binary-i386/Packages.bz2 Hash Sum mismatch # LC_ALL=C date -u Mon Mar 8 10:43:55 UTC 2010 -rw-r--r-- 1 30883557 2010-02-10 10:21 ftp.tw.debian.org_debian_dists_unstable_main_binary-i386_Packages.FAILED the release file says: c987e89d6c7056b99ac02d099082087f 30883751 main/binary-i386/Packages But our log show that the sync was over at the time you mentionned the issue (at 10:43 UTC) 2010/03/08 09:44:30 [2055] connect from linux3.cc.ntu.edu.tw (140.112.8.139) 2010/03/08 09:44:30 [2055] rsync on debian-all/ from nt...@linux3.cc.ntu.edu.tw (140.112.8.139) 2010/03/08 09:44:31 [2055] building file list 2010/03/08 10:13:32 [2055] sent 566746605 bytes received 194129 bytes total size 519447183858 2010/03/08 10:13:32 [27595] connect from linux3.cc.ntu.edu.tw (140.112.8.139) 2010/03/08 10:13:33 [27595] rsync on debian-all/ from nt...@linux3.cc.ntu.edu.tw (140.112.8.139) 2010/03/08 10:13:33 [27595] building file list 2010/03/08 10:23:42 [27595] sent 100875242 bytes received 176823 bytes total size 520147701923 Please provide the IP you are connected from, use no-cache and advices from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564829#82 Checking at the time you meet issues for the presence http://ftp.tw.debian.org/debian/Archive-Update-in-Progress-ftp.tw.debian.org might help as well. -- Simon Paillard -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
SP Please provide the IP you are connected from, My rural line always one of 218.163.*.*. I am certainly the only Debian user in the whole range at that time. SP use no-cache and advices from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564829#82 OK, next time I will try that. Hmmm, I will also try # apt-get -o Acquire::http::No-Cache=true update SP Checking at the time you meet issues for the presence SP http://ftp.tw.debian.org/debian/Archive-Update-in-Progress-ftp.tw.debian.org SP might help as well. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
On Tue, Feb 09, 2010 at 09:38:24AM +0800, jida...@jidanni.org wrote: Today it's W: Failed to fetch http://ftp.tw.debian.org/debian-multimedia/dists/sid/main/binary-i386/Packages.bz2 debian-multimedia is not debian official, I don't know how Andrew perform the mirroring of debian-multimedia. Please report issues when then affect official Debian mirrors. regards -- Simon Paillard -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
Today it's W: Failed to fetch http://ftp.tw.debian.org/debian-multimedia/dists/sid/main/binary-i386/Packages.bz2 $ wget -Y off http://ftp.tw.debian.org/debian-multimedia/dists/sid/main/binary-i386/Packages.bz2 $ wget -Y off --no-cache http://ftp.tw.debian.org/debian-multimedia/dists/sid/main/binary-i386/Packages.bz2 Connecting to ftp.tw.debian.org|140.112.8.139|:80... connected. $ md5sum Packages.bz2* 10c9ee48399ebee030a1e2e744adb5ac Packages.bz2 10c9ee48399ebee030a1e2e744adb5ac Packages.bz2.1 $ find /var/lib/apt/lists -name *multi\*|xargs grep -h main.*386.*Packages.bz2 912031f75e5830ec588db29412c6c7c663319 main/binary-i386/Packages.bz2 c405f04354827ace1a72ab9881def69f2996f68a63319 main/binary-i386/Packages.bz2 096c2f45a9c91374d094a4142f952f71c93eb19b58967b106dc232fa7fcf309963319 main/binary-i386/Packages.bz2 # LC_ALL=C date -u Tue Feb 9 01:26:43 UTC 2010 # LC_ALL=C date Tue Feb 9 09:26:53 CST 2010 # grep ppp.*local.*IP /var/log/syslog Feb 9 02:31:26 jidanni1 pppd[3689]: local IP address 218.163.0.34 # apt-get update|LC_ALL=C ts|grep tw.*sid Feb 09 09:36:45 Hit http://ftp.tw.debian.org sid Release.gpg Feb 09 09:36:45 Hit http://ftp.tw.debian.org sid Release Feb 09 09:36:47 Get:1 http://ftp.tw.debian.org sid/main Packages [63.5kB] W: Failed to fetch http://ftp.tw.debian.org/debian-multimedia/dists/sid/main/binary-i386/Packages.bz2 Hash Sum mismatch E: Some index files failed to download, they have been ignored, or old ones used instead. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
On Mon, 8 Feb 2010 20:38:24 -0500 (EST), jida...@jidanni.org wrote: E: Some index files failed to download, they have been ignored, or old ones used instead. I am just an ordinary user, not a package maintainer. This is a long shot, but it seems to me that I used to get errors like this often on one machine, but not another. I tried comparing my /etc/apt/sources.list file between the failing machine and the working machine. The only difference I could find was the order in which contrib and non-free were listed. On one machine, contrib was listed before non-free and on the other non-free was listed before contrib. I changed the order on the machine that was having the problems to match the order on the machine that wasn't having the problems. I didn't think it would really fix the problem, but I thought it was worth a try. It worked! I don't remember which was the order that worked, but I think it was main non-free contrib I don't know if that will fix your problem or not, but you might want to give it a try. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
OK, I'll try messing with the order next time it happens. I can tell you one thing for sure, now that is has recovered: It is the _Release files that are the problem. The Packages.bz2 files are fine. It was the _Release file that finally caught up later to it: $ md5sum Packages.bz2* 10c9ee48399ebee030a1e2e744adb5ac Packages.bz2 10c9ee48399ebee030a1e2e744adb5ac Packages.bz2.1 10c9ee48399ebee030a1e2e744adb5ac Packages.bz2.2 $ find /var/lib/apt/lists -name *multi\*|xargs grep -h main.*386.*Packages.bz2 10c9ee48399ebee030a1e2e744adb5ac63469 main/binary-i386/Packages.bz2 14762c3e9fc81bda49228848f274196669aadd3763469 main/binary-i386/Packages.bz2 a55a312af80841aa8fdc925a855ee429809e3c38a5735d97082476800610d8a763469 main/binary-i386/Packages.bz2 $ find /var/lib/apt/lists -name *multi\*|xargs grep -l main.*386.*Packages.bz2 /var/lib/apt/lists/ftp.tw.debian.org_debian-multimedia_dists_sid_Release $ LC_ALL=C date -u Tue Feb 9 02:47:00 UTC 2010 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
OK, I'll try messing with the order next time it happens. I can tell you one thing for sure, now that is has recovered: It is the _Release files that are the problem. The Packages.bz2 files are fine. It was the _Release file that finally caught up later to it: $ md5sum Packages.bz2* 10c9ee48399ebee030a1e2e744adb5ac Packages.bz2 10c9ee48399ebee030a1e2e744adb5ac Packages.bz2.1 10c9ee48399ebee030a1e2e744adb5ac Packages.bz2.2 $ find /var/lib/apt/lists -name *multi\*|xargs grep -h main.*386.*Packages.bz2 10c9ee48399ebee030a1e2e744adb5ac63469 main/binary-i386/Packages.bz2 14762c3e9fc81bda49228848f274196669aadd3763469 main/binary-i386/Packages.bz2 a55a312af80841aa8fdc925a855ee429809e3c38a5735d97082476800610d8a763469 main/binary-i386/Packages.bz2 $ find /var/lib/apt/lists -name *multi\*|xargs grep -l main.*386.*Packages.bz2 /var/lib/apt/lists/ftp.tw.debian.org_debian-multimedia_dists_sid_Release $ LC_ALL=C date -u Tue Feb 9 02:47:00 UTC 2010 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
I can't take it any more, day after day various incomplete apt-get updates, e.g., bug 564829 and Bug#553533: Seeing BADSIG 9AA38DCD55BE302B frequently. What apt-get -o option can I use to turn off all this security or whatever checking? It's just too much hassle. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
Now the update is clean. However it would be nice to know the -o option for these everyday occasions. It isn't easy to find on the apt man pages. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
On Sun Feb 07, 2010 at 00:47:10 +0800, jida...@jidanni.org wrote: I can't take it any more, day after day various incomplete apt-get updates, e.g., bug 564829 and Bug#553533: Seeing BADSIG 9AA38DCD55BE302B frequently. What apt-get -o option can I use to turn off all this security or whatever checking? It's just too much hassle. apt-get -o APT::Get::AllowUnauthenticated=true update apt-get -o APT::Get::AllowUnauthenticated=true upgrade You can see this option documented in man apt-get where you can also see --allow-unauthenticated documented. Steve -- Debian GNU/Linux System Administration http://www.debian-administration.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#564829: How to turn off all APT security checking?
On Sun, Feb 07, 2010 at 12:47:10AM +0800, jida...@jidanni.org wrote: I can't take it any more, day after day various incomplete apt-get updates, e.g., bug 564829 and Bug#553533: Seeing BADSIG 9AA38DCD55BE302B frequently. What apt-get -o option can I use to turn off all this security or whatever checking? It's just too much hassle. I guess you can read yourself the apt-get manpage or search it on the web: http://lmgtfy.com/?q=disable+gpg+check+apt. Anyway, turning this off wouldn't help in your case. Indeed such a signature allows to check the authentication and integrity of the file. Here, as we know the file is indeed signed by the ftp-master key, the issue is in the file integrity. Sometimes the integrity issues is on the Release file and hence detected by GPG, sometimes at a later step this is detected by the MD5 sum. So, I still suspect a transparrent proxy on your path to ftp.tw, that serves outdated data. (no a traceroute cannot tell you whether there is a transparent proxy) See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564829#40 where I requested your IP when issues happens. When you get an error about a specific file, download it yourself and perform a md5sum on it, provide the result (and date). wget [--no-cache] http://ftp.tw.debian.org/debian/dists/experimental/main/binary-i386/Packages.bz2 --no-cache tells any intermediate transparent proxy to disable caching. -- Simon Paillard -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
