Dinner at Ubuntu?

Forum: LXer Meta ForumTotal Replies: 15
Author Content
ColonelPanik

Feb 25, 2009
10:04 PM EDT
You may have to read a bit but this is funny: http://www.washingtonpost.com/wp-dyn/content/article/2009/02...

So thats why we have the Ubuntu Cookbook? Ubuntu is healthy.
tracyanne

Feb 25, 2009
10:21 PM EDT
Quoting:W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: http://ppa.launchpad.net intrepid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3F2A5EE4B796B6FE

W: Failed to fetch http://ppa.launchpad.net/netbook-remix-team/ubuntu/dists/int...

W: Some index files failed to download, they have been ignored, or old ones used instead.


I keep getting this message. I've searched the web and gone to the launchpad .net site, but I can 't find a solution to this.

ANyone else get this?
TxtEdMacs

Feb 25, 2009
10:38 PM EDT
Are you running out of space? I am asking, because it seemed to load for me. However, scrolling down I got nowhere near to the bottom. Hence, if you were doing this on a netbook, it is conceivable you ran out of storage space.

Sorry no error seen, but I have loads of free Gigs on the drive.

YBT
tracyanne

Feb 26, 2009
12:55 AM EDT
Not possible to run out of space on the Ben that I have

it has 160gig of HD space with 20 gig put aside for software (/) and the rest bar some swap for user data (/home)
jdixon

Feb 26, 2009
7:45 AM EDT
> A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error:

As a pure guess, I'd say your gpg keys are corrupt, so your machine can't verify that you're hitting a correct repository.
tracyanne

Feb 26, 2009
8:43 AM EDT
Quoting:As a pure guess, I'd say your gpg keys are corrupt,


Indeed. The problem is Why (as in how did it happen) but more important how do I fix it.

as it happens I think I've got the answer, direct from a ppa person

Quoting:You have to enable apt to install packages signed with the mentioned key.

Each Launchpad PPA repository is signed with an exclusive GPG key. See [url=https://help.launchpad.net/Packaging/PPA#Adding a PPA's keys to your system]https://help.launchpad.net/Packaging/PPA#Adding a PPA's keys...[/url] for more information about this.

To make your life simpler, use the following command in a terminal (it's already adjusted to enable the key you're missing):

{{{ sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 3F2A5EE4B796B6FE


I tried this and it works
jdixon

Feb 26, 2009
10:03 AM EDT
> The problem is Why...

No idea, but again as a pure guess, I'd say a mangled update to the gpg keys.

> ...but more important how do I fix it.

Which I see you've found. :)
tracyanne

Feb 26, 2009
4:13 PM EDT
His explanation as to why this WASN'T as problem but was instead a feature, made absolutely no sense to mke at all.

Quoting:> Thanks that seems to have worked. The question remains why was it > a problem in the first place?

Simple, it's not :)

The fact that you allow apt to authenticate packages is a feature. It guarantees that debs being installed in your system really came from the place you think they came, the LP PPA you've added in your sources.list.

It avoids the (extreme) scenario where someone poisoned your DNS entry for ppa.launchpad.net to point to an arbitrary server containing debs that do not correspond to the sources you see in LP PPAs (and do `rm -rf /` in their preinst script :)).

Asking apt to check GPG signatures that only LP can create is the safest way to guarantee that the debs you are installing were really built from the sources that are presented to you.

Surely OEM installations based on PPAs could make this process much smoother to users and already enable the keys required for their specific repositories. That's what ubuntu itself does, the key used for archive.ubuntu.com is already enable after a normal installation.

Let me know if the explanation helped.


This made absolutely no sense to me, as he seems to be telling me that apt checks gpg signatures, which I assumed it does anyway, and which is as far as I'm concerned expected, and, required behaviour. It still doesn't tell me why the specific repository (which was included at the time the OS was installed, not added later by me) failed the test in the first place.
jdixon

Feb 26, 2009
4:18 PM EDT
> It still doesn't tell me why the specific repository (which was included at the time the OS was installed, not added later by me) failed the test in the first place.

As I noted above, probably because an updated failed in some way and corrupted your gpg files. At least, that seems the most likely explanation.
tracyanne

Feb 26, 2009
4:24 PM EDT
Yes that seems like a reasonable explanation. But it happened on both the net books I set up and with the same pre included repository, and in both cases all I had done (and before doing anything else) was to add the medibuntu and openoffice.org (for the latest version of OO.o) repositories, then do the required refresh.

Ok I may have a corrupted CD, it has to be the CD as I have installed the same iso onto a VM (for testing) and everything worked fine on it.
tracyanne

Feb 26, 2009
11:38 PM EDT
This bloke from the ppa thingo seems to have a completely wrong idea of what I'm talking about.

Quoting:> And there was no indication that I needed to do this, it's taken me two > days to track down your solution.

PPA pages and the help wiki page I pointed you and also `apt` are very clear about the need of enabling the repository signing key. I wonder where did you get lost.

Before you mentioned repositories that didn't require you to enable a signing key, could you please list them here ?


He seems to be under the misapprehension that I'm upset about having to sign the repositories.
jdixon

Feb 27, 2009
12:06 AM EDT
> I may have a corrupted CD

That would do it, yes. I've had CD's where only one package was bad on the entire CD and the iso was good, so it is possible.
krisum

Feb 28, 2009
4:22 AM EDT
Tracy, the problem is due to PPA repos starting to use GPG keys recently. Till a few months back, from what I recall, the PPA repos did not use signing keys (which showed up as a warning when installing packages from PPA repositories) due to which the distro might not be including the required keys yet. Or it could simply be that the distro may have missed including the key for installation in the CD.
tracyanne

Feb 28, 2009
4:33 AM EDT
@krisum, the ppa repository in question wasn't a problem when I installed the EeeBuntu distro on a virtual machine from the iso image. It only became a problem when I installed it on a n actual netbook from a CD. The bloke from the launchpad group that I dealt with only ever answered my questions obliquely. Mostly he lectured me on the need for the signing key, and kept telling me HE wasn't having a problem with that repo when he added it to his list of repo. I had to wonder if he wasn't being deliberately obtuse.
krisum

Feb 28, 2009
2:54 PM EDT
Yes that's what I am pointing to, that until recently the PPA repos weren't signed, so you did not see the GPG verification error since there was none (you would only see a warning when you install a package from such an unsigned repo). Now that the PPA repos have started using GPG keys for signing, the package manager will show an error while loading the repo data since the key may not be installed by default in eeebuntu. I have also been using some PPA repositories and had to add the keys manually recently due to the very same reason.
tracyanne

Feb 28, 2009
4:56 PM EDT
krisum the signing key must have been included in the Eeebuntu copy I have, as it didn't error with a message about the signing key, when I installed it on a VM from the iso image.

Posting in this forum is limited to members of the group: [Editors, MEMBERS, SITEADMINS.]

Becoming a member of LXer is easy and free. Join Us!