search

binbeobo / google-cloud-sdk

Automatically exported from code.google.com/p/google-cloud-sdk
0 stars 1 forks source link

google-cloud-sdk package cannot be authenticated on Debian testing #279

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Following the instructions on https://cloud.google.com/sdk/#debubu to install 
the Debian packages for the Google Cloud SDK on the current Debian testing 
distribution (by changing cloud-sdk-stretch to cloud-sdk-jessie since neither 
cloud-sdk-stretch nor cloud-sdk-testing appear to exist yet). Results in the 
following error:

W: GPG error: http://packages.cloud.google.com cloud-sdk-jessie InRelease: The 
following signatures were invalid: BADSIG 3746C208A7317B0F Google Cloud 
Packages Automatic Signing Key <gc-team@google.com>

WARNING: The following packages cannot be authenticated!
  google-cloud-sdk
Install these packages without verification? [y/N]

This is due to a bug in GnuPG which appears when it is compiled with GCC 5 at 
-O2 or higher, as described in a post to gnupg-devel 
<https://lists.gnupg.org/pipermail/gnupg-devel/2015-September/030334.html> with 
followup 
<https://lists.gnupg.org/pipermail/gnupg-devel/2015-October/030336.html>.  The 
bug has been fixed in the master branch and there are open bugs in both Ubuntu 
<https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1501634> and Debian 
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800641> to backport the fix, 
although no movement has occurred yet.  The bug could also be worked around by 
signing the InRelease file with gpg, or possibly by altering the options passed 
to your PGP software so that at least one unhashed packet is included in the 
output datastream.

I have confirmed that the issue does not appear in Ubuntu vivid or in current 
pre-release wily, although the issue will appear in wily when the default is 
switched to GCC 5 
<https://lists.ubuntu.com/archives/ubuntu-devel/2015-July/038809.html> if that 
happens before bug #1501634 is fixed.

I realize that Debian testing is likely an unsupported configuration and that 
the issue is ultimately a GnuPG bug, rather than your package infrastructure, 
but I wanted to submit this issue so that you are aware of the problem.

Original issue reported on code.google.com by ke...@kevinlocke.name on 2 Oct 2015 at 8:06

GoogleCodeExporter commented 8 years ago 
Thanks for letting us know! Unfortunately, because of the way our signing 
infrastructure works, it would be extraordinarily difficult to incorporate this 
into our release process, and it's unlikely to happen anytime soon.

We hope that Debian/Ubuntu backport the fix.

Original comment by z...@google.com on 5 Oct 2015 at 8:07

GoogleCodeExporter commented 8 years ago 
Roger that.  Thanks for the update.

Original comment by ke...@kevinlocke.name on 5 Oct 2015 at 8:11