Smart Package Manager

Bug #562496
Comment #1

Comment 1 for bug 562496

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2010-04-13:

This is how smart calls gpg:

root@nsn2:~# gpg --keyring /etc/apt/trusted.gpg --status-fd 1 --no-default-keyring --no-secmem-warning --batch --verify Release.gpg Release
gpg: Signature made Tue 13 Apr 2010 09:25:39 AM BRT using DSA key ID 437D05B5
[GNUPG:] SIG_ID mIKaw5+pk677fzgzZBFIUb9ehSs 2010-04-13 1271161539
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: fatal: /root/.gnupg: directory does not exist!
secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768
root@nsn2:~# echo $?
2

If I drop "--no-default-keyring", then it seems to work:

root@nsn2:~# gpg --keyring /etc/apt/trusted.gpg --status-fd 1 --no-secmem-warning --batch --verify Release.gpg Release
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: Signature made Tue 13 Apr 2010 09:25:39 AM BRT using DSA key ID 437D05B5
[GNUPG:] SIG_ID mIKaw5+pk677fzgzZBFIUb9ehSs 2010-04-13 1271161539
gpg: /root/.gnupg/trustdb.gpg: trustdb created
[GNUPG:] GOODSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
gpg: Good signature from "Ubuntu Archive Automatic Signing Key <email address hidden>"
[GNUPG:] VALIDSIG 630239CC130E1A7FD81A27B140976EAF437D05B5 2010-04-13 1271161539 0 3 0 17 2 00 630239CC130E1A7FD81A27B140976EAF437D05B5
[GNUPG:] TRUST_UNDEFINED
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6302 39CC 130E 1A7F D81A 27B1 4097 6EAF 437D 05B5
root@nsn2:~# echo $?
0

With smart tweaked to not include --no-default-keyring:

root@nsn2:~# rm -rf .gnupg /var/lib/smart/*
root@nsn2:~# smart update
Updating cache... ################################################################################################################### [100%]

(...)

We should check why that option was added and what does it do.

This is how smart calls gpg:

If I drop "--no-default-keyring", then it seems to work:

root@nsn2:~# gpg --keyring /etc/apt/trusted.gpg --status-fd 1 --no-secmem-warning --batch --verify Release.gpg Release
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: Signature made Tue 13 Apr 2010 09:25:39 AM BRT using DSA key ID 437D05B5
[GNUPG:] SIG_ID mIKaw5+pk677fzgzZBFIUb9ehSs 2010-04-13 1271161539
gpg: /root/.gnupg/trustdb.gpg: trustdb created
[GNUPG:] GOODSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
gpg: Good signature from "Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>"
[GNUPG:] VALIDSIG 630239CC130E1A7FD81A27B140976EAF437D05B5 2010-04-13 1271161539 0 3 0 17 2 00 630239CC130E1A7FD81A27B140976EAF437D05B5
[GNUPG:] TRUST_UNDEFINED
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6302 39CC 130E 1A7F D81A  27B1 4097 6EAF 437D 05B5
root@nsn2:~# echo $?
0

With smart tweaked to not include --no-default-keyring:

root@nsn2:~# rm -rf .gnupg /var/lib/smart/*
root@nsn2:~# smart update
Updating cache...                                                                ################################################################################################################### [100%]

Fetching information for 'lucid - partner'...                                                                                                                                                              
-> http://archive.canonical.com/ubuntu/dists/lucid/Release.gpg                                                                                                                                             
Release.gpg                                                                      ################################################################################################################### [  1%]
-> http://archive.canonical.com/ubuntu/dists/lucid/Release                                                                                                                                                 
Release                                                                          ################################################################################################################### [  3%]
-> http://archive.canonical.com/ubuntu/dists/lucid/partner/binary-i386/Packages.bz2                                                                                                                        
Packages.bz2                                                                     ################################################################################################################### [  5%]
                                                  
(...)

We should check why that option was added and what does it do.