Page MenuHomePhabricator

[equuleus] buster: GPG error on vyos package repository
Closed, ResolvedPublic

Description

Support for GPG signatures using SHA1 is disabled in apt >= 1.4, as mentioned here, under (1.4~beta1):

https://launchpad.net/debian/+source/apt/+changelog

or more detail in distribution

/usr/share/doc/apt/NEWS.Debian.gz

The error can be viewed with:

diff --git a/scripts/live-build-config b/scripts/live-build-config
index 7141df0..2f3e23c 100755

  • a/scripts/live-build-config

+++ b/scripts/live-build-config
@@ -56,6 +56,7 @@ lb config noauto \

--firmware-binary false \
--updates true \
--security true \

+ --apt-options "--yes -oDebug::Acquire::gpgv=true" \

--apt-indices false
"${@}"

"""

And the behavior reverted with the (not recommended) option:

diff --git a/scripts/live-build-config b/scripts/live-build-config
index 7141df0..2a1f64a 100755

  • a/scripts/live-build-config

+++ b/scripts/live-build-config
@@ -56,6 +56,7 @@ lb config noauto \

--firmware-binary false \
--updates true \
--security true \

+ --apt-options "--yes -oDebug::Acquire::gpgv=true -oAPT::Hashes::SHA1::Weak=true" \

--apt-indices false
"${@}"

"""

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close

Event Timeline

jestabro created this task.Jul 18 2019, 2:56 PM
jestabro created this object in space S1 VyOS Public.
dmbaturin closed this task as Resolved.Jul 29 2019, 10:29 PM
dmbaturin added a subscriber: dmbaturin.

I've fixed the setup and re-populated the equuleus repo.

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Aug 5 2019, 12:22 PM