[Bug 1577926] Re: apt-key works fine, yet apt fails with "Could not execute 'apt-key'"
James Stevenson
james at stev.org
Tue Sep 20 20:55:09 UTC 2016
What I think that might be useful is being able to get a list of open file descriptors of the process and the point of the execve is being called. I suspect that its failing because it doesn't have access to something so it get an EPERM
The only reference to execve failing in the man page is because of
setuid and a file system being mounted nosuid
Unless somebody wants to read the kernel code and figure out why execve
can return EPERM
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1577926
Title:
apt-key works fine, yet apt fails with "Could not execute 'apt-key'"
Status in apt package in Ubuntu:
Confirmed
Bug description:
Apt can fail to verify a Release file which verifies just fine when
calling apt-key directly.
Please advise how i can supply further debug information to help fix
the underlying bug.
Expected:
apt-get should only report that a repository is not signed when no such signature was found.
If a signature was in fact successfully acquired but not verified, apt-get should report failure to verify instead.
apt-get should have a meaningful error message when calling apt-key fails.
Bonus:
Calling apt-key should not fail when the same thing works fine on command line.
A reference to "Debug::Acquire::gpgv" should be in apt-secure(8) documentation.
Observed:
# uname -a
Linux hostname 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:34:49 UTC 2016 i686 i686 i686 GNU/Linux
# chroot reproducable
$ uname -a
Linux hostname 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:34:49 UTC 2016 armv7l armv7l armv7l GNU/Linux
$ lsb_release -a 2>/dev/null
Distributor ID: Ubuntu
Description: Ubuntu 16.04 LTS
Release: 16.04
Codename: xenial
$ apt-get -o "Debug::Acquire::gpgv=true" update
Get:1 http://ports.ubuntu.com xenial-security InRelease [92.2 kB]
0% [1 InRelease gpgv 92.2 kB]igners
Preparing to exec: /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.jYGUCG /tmp/apt.data.uTkX1c
gpgv exited with status 111
Summary:
Good:
Bad:
Worthless:
SoonWorthless:
NoPubKey:
Ign:1 http://ports.ubuntu.com xenial-security InRelease
Fetched 92.2 kB in 1s (79.5 kB/s)
Reading package lists... Done
W: GPG error: http://ports.ubuntu.com xenial-security InRelease: Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: The repository 'http://ports.ubuntu.com xenial-security InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
$ /usr/bin/apt-key --quiet --readonly verify --status-fd /dev/stderr /tmp/apt.sig.jYGUCG /tmp/apt.data.uTkX1c
gpgv: Signature made Tue May 3 19:02:17 2016 UTC using DSA key ID 437D05B5
[GNUPG:] SIG_ID e53PXRjA/EMb7CuZJtAicvvUm60 2016-05-03 1462302137
[GNUPG:] GOODSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>"
[GNUPG:] VALIDSIG 630239CC130E1A7FD81A27B140976EAF437D05B5 2016-05-03 1462302137 0 4 0 17 10 01 630239CC130E1A7FD81A27B140976EAF437D05B5
gpgv: Signature made Tue May 3 19:02:17 2016 UTC using RSA key ID C0B21F32
[GNUPG:] SIG_ID kCsrLo9VUm7YcYhhqQUw2fbWoY4 2016-05-03 1462302137
[GNUPG:] GOODSIG 3B4FE6ACC0B21F32 Ubuntu Archive Automatic Signing Key (2012) <ftpmaster at ubuntu.com>
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster at ubuntu.com>"
[GNUPG:] VALIDSIG 790BC7277767219C42C86F933B4FE6ACC0B21F32 2016-05-03 1462302137 0 4 0 1 10 01 790BC7277767219C42C86F933B4FE6ACC0B21F32
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1577926/+subscriptions
More information about the foundations-bugs
mailing list