Univention Bugzilla – Bug 45950
python-apt does not trust cdrom
Last modified: 2018-05-10 08:15:04 CEST
+++ This bug was initially created as a clone of Bug #45896 comment 3 +++ There is a bug is in python-apt, where updating the APT cache using only a CD-ROM returns a fatal error, even when the CDROM should be trusted: $ python >>> from apt import Cache >>> cache = Cache() >>> cache.update() Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.7/dist-packages/apt/cache.py", line 464, in update raise FetchFailedException(e) apt.cache.FetchFailedException: E:The repository 'cdrom://[UCS Linux 4.3 GNU/Linux 4.3-0 _Ucs430_ - Official amd64 DVD Binary-1 20171219-16:32] ucs430 Release' does not have a Release file. >>> from apt import apt_pkg >>> print(apt_pkg.config.get('APT::Authentication::TrustCDROM')) 'true' I have started debugging this, but so far failed to find the cause.
#0 AllowInsecureRepositories (msg=msg@entry=InsecureType::NORELEASE, repo="cdrom://[UCS Linux 4.3 GNU/Linux 4.3-0 _Ucs430_ - Official amd64 DVD Binary-1 20171220-08:40] ucs430 Release", MetaIndexParser=0x555555d63e10, TransactionManager=0x555555db1f60, I=I@entry=0x555555db1130) at ./apt-pkg/acquire-item.cc:222 #1 0x00007ffff6910527 in pkgAcqMetaIndex::Failed (this=0x555555db1130, Message=..., Cnf=<optimized out>) at ./apt-pkg/acquire-item.cc:1814 #2 0x00007ffff6923b7a in pkgAcquire::Worker::RunMessages (this=this@entry=0x555555db2790) at ./apt-pkg/acquire-worker.cc:530 #3 0x00007ffff692660c in pkgAcquire::Worker::InFdReady (this=this@entry=0x555555db2790) at ./apt-pkg/acquire-worker.cc:737 #4 0x00007ffff69282ea in pkgAcquire::RunFdsSane (this=this@entry=0x7fffffffd4b0, RSet=RSet@entry=0x7fffffffd1d0, WSet=WSet@entry=0x7fffffffd250) at ./apt-pkg/acquire.cc:532 #5 0x00007ffff692ceaa in pkgAcquire::Run (this=this@entry=0x7fffffffd4b0, PulseIntervall=<optimized out>) at ./apt-pkg/acquire.cc:704 #6 0x00007ffff6a18797 in AcquireUpdate (Fetcher=..., PulseInterval=PulseInterval@entry=0, RunUpdateScripts=RunUpdateScripts@entry=true, ListCleanup=ListCleanup@entry=true) at ./apt-pkg/update.cc:57 # apt-cache policy apt python-apt apt: Installed: 1.4.8A~4.3.0.201711271936 Candidate: 1.4.8A~4.3.0.201711271936 Version table: *** 1.4.8A~4.3.0.201711271936 500 500 cdrom://[UCS Linux 4.3 GNU/Linux 4.3-0 _Ucs430_ - Official amd64 DVD Binary-1 20171220-08:40] ucs430/main amd64 Packages 100 /var/lib/dpkg/status python-apt: Installed: 1.4.0~beta3 Candidate: 1.4.0~beta3 Version table: *** 1.4.0~beta3 500 500 cdrom://[UCS Linux 4.3 GNU/Linux 4.3-0 _Ucs430_ - Official amd64 DVD Binary-1 20171220-08:40] ucs430/main amd64 Packages 100 /var/lib/dpkg/status
r17892 debian-installer/4.3-0-0-ucs/20170615+deb9u2/0010-local-univention-sources.patch is also a workaround for that. Note: I think due to this workaround, setting the repository for 4.3 dvd builds has currently no effect.
Due to recent changes in apt-secure the template for the UCRV update/secure_apt has become outdated. Thus the old way, of allowing for insecure repositories, failed here. "man apt-secure" in Debian Stretch [1] suggests using different configuration options. I have committed an updated version of the UCRV-template. univention-base-files.yaml 099878ddfc16 | Bug #45950: Add yaml entry univention-base-files (7.0.0-10) 05f5806dc959 | Bug #45950: Update broken template for UCRV update/secure_apt [1] https://manpages.debian.org/stretch/apt/apt-secure.8.en.html
OK: 05f5806dc9 OK: 099878ddfc OK: errata-announce -V --only univention-base-files.yaml OK: ucr set repository/online=no repository/mirror=no apt-cdrom add echo 'Acquire::AllowInsecureRepositories "true";' >>/etc/apt/apt.conf.d/00trustcdrom python -c 'from apt import Cache;cache = Cache();cache.update()' apt -qq update apt-get -qq update
This breaks installing Apps from the Test App Center. Please include APT::Get::AllowUnauthenticated "true";
*** Bug 46758 has been marked as a duplicate of this bug. ***
I have added APT::Get::AllowUnauthenticated to the configuration, again. univention-base-files.yaml 051d1a58d9 | Bug #45950: Update yaml entry univention-base-files (7.0.0-12) 8b4541960e | Bug #45950: Update broken template for UCRV update/secure_apt
OK: 8b4541960e OK: 051d1a58d9 OK: errata-announce -V --only univention-base-files.yaml WIP: ucs-test
<http://errata.software-univention.de/ucs/4.3/23.html>
(In reply to Philipp Hahn from comment #8) > WIP: ucs-test [4.3-0] c49e14f023 Bug #45950 QA: Test secure apt-cdrom [4.3-0] 76f439bc6b Bug #45950 QA: Test secure APT