Nick Boyce wrote:
Florian Kulzer wrote:
On Mon, Mar 24, 2008 at 04:29:47 +0000, Nick Boyce wrote:
Just wondering whether anyone here understands the cause of the "BADSIG"
error from "aptitude update"
[...]
I'm inclined to agree with you about our proxy having a caching problem,
and I like your suggestion of using 'wget' to flush the proxy's cache
before the 'aptitude update'. It seems odd however, that such a problem
could exist (big company, commercial web proxy), and be solvable by just
repeating the download.
I will try the investigations you suggest :
[...]
The next time when the problem appears, make a backup copy of
/var/lib/apt/lists/security.debian.org_dists_etch_updates_Release.gpg
and check if the file has changed after you rerun "apt-get update"
Well here's a funny thing - I've added some debug code to our overnight
"aptitude update" script to save the above signature file *and* the
signed file itself whenever the BADSIG error occurs, both before and
after the rerun ... and on every occasion I find that *before* the rerun
(i.e. immediately after the BADSIG) the 'Release' file is missing
altogether ... no wonder the signature fails to verify. Here's what the
script saved over the last few days :
[The code creates a couple of folders in ~root called
"nick-aptupdate-debug-YYYYMMDD-HHMM-[before|after], and saves the two
files into the relevant folders]
MYBOX:~# ls -lR nick*
nick-aptupdate-debug-20080405-0310-after:
total 39
-rw-r--r-- 1 root root 37583 2008-04-04 21:27
security.debian.org_dists_etch_updates_Release
-rw-r--r-- 1 root root 189 2008-04-04 21:27
security.debian.org_dists_etch_updates_Release.gpg
nick-aptupdate-debug-20080405-0310-before:
total 38
-rw-r--r-- 1 root root 37583 2008-04-04 21:27
security.debian.org_dists_etch_updates_Release
nick-aptupdate-debug-20080408-0310-after:
total 39
-rw-r--r-- 1 root root 37583 2008-04-07 18:40
security.debian.org_dists_etch_updates_Release
-rw-r--r-- 1 root root 189 2008-04-07 18:40
security.debian.org_dists_etch_updates_Release.gpg
nick-aptupdate-debug-20080408-0310-before:
total 38
-rw-r--r-- 1 root root 37583 2008-04-07 18:40
security.debian.org_dists_etch_updates_Release
nick-aptupdate-debug-20080409-0310-after:
total 39
-rw-r--r-- 1 root root 37583 2008-04-08 22:37
security.debian.org_dists_etch_updates_Release
-rw-r--r-- 1 root root 189 2008-04-08 22:37
security.debian.org_dists_etch_updates_Release.gpg
nick-aptupdate-debug-20080409-0310-before:
total 38
-rw-r--r-- 1 root root 37583 2008-04-08 22:37
security.debian.org_dists_etch_updates_Release
The implication is the first "aptitude update" had in fact failed to
download the 'Release' file but *without noticing*. Two further
inferences are :
(1) the aptitude code isn't checking the exit status from 'wget' (I
assume it uses wget).
(2) the wget operation is in fact asynchronous, and by the time I rerun
- 5 seconds later - the wget for 'Release' has by then completed. This
is just a wild guess, and may be way off-target.
and perhaps :
(3) the aptitude 'Release(.gpg)'-fetching code is different for people
using a proxy than for people with a direct connection.
I need to look at the relevant "aptitude" source code now; I'm already
on a promise to Daniel to do that on account of another aptitude problem
I reported :
http://lists.debian.org/debian-user/2007/12/msg00937.html
http://lists.debian.org/debian-user/2007/12/msg00941.html
but very much regret I've been too snowed under to get on to it so far.
Just reporting progress, such as it is ...
Cheers
Nick Boyce
--
Leave the Olympics in Greece, where they belong.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
