search

rickysarraf / apt-offline

Offline APT Package Manager
http://rickysarraf.github.io/apt-offline/
GNU General Public License v3.0
214 stars 37 forks source link

apt-offline install does not accept custom public key path as in deb [signed-by=...] ... #232

Open McTrk opened 3 months ago

McTrk commented 3 months ago 
me@z620:~/devel/work/apt-offline$ sudo apt-offline set --update ud.sig
Gathering details needed for 'update' operation
me@z620:~/devel/work/apt-offline$ sudo apt-offline get ud.sig --bundle ud.zip

Fetching APT Data

Downloading http://packages.microsoft.com/repos/code/dists/stable/Release.gpg                                                             
http://packages.microsoft.com/repos/code/dists/stable/Release.gpg done                                                             
...
Downloading http://archive.ubuntu.com/ubuntu/dists/noble-backports/multiverse/cnf/Commands-all.xz                                                             
...
Downloading https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.gpg                                                             
https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.gpg done                                                             
...
Downloading https://pkgs.k8s.io/core:/stable:/v1.28/deb/Contents-all.xz                                                             
Downloading http://downloads.linux.hpe.com/SDR/repo/mcp/dists/noble/current/Release.gpg                                                             
...
Downloading https://download.docker.com/linux/ubuntu/dists/jammy/stable/cnf/Commands-all.xz                                                             
1061 / 1061 items: [##############################] 100.0% of 70 MiB
Downloaded data to /home/me/devel/work/apt-offline/ud.zip
me@z620:~/devel/work/apt-offline$ ls -l
total 71436
-rw-r--r-- 1 root root    57214 Jun  3 19:46 ud.sig
-rw-r--r-- 1 root root 73088713 Jun  3 19:49 ud.zip
me@z620:~/devel/work/apt-offline$ sudo apt-offline install ud.zip 
Proceeding with installation
gpgv: Signature made Fri 31 May 2024 07:38:25 AM EDT
gpgv:                using RSA key F6ECB3762474EDA9D21B7022871920D1991BC93C
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>"
gpgv: Signature made Fri 31 May 2024 07:38:25 AM EDT
gpgv:                using RSA key F6ECB3762474EDA9D21B7022871920D1991BC93C
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>"
gpgv: Signature made Mon 03 Jun 2024 06:51:30 PM EDT
gpgv:                using RSA key F6ECB3762474EDA9D21B7022871920D1991BC93C
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>"
gpgv: Signature made Mon 03 Jun 2024 06:51:30 PM EDT
gpgv:                using RSA key F6ECB3762474EDA9D21B7022871920D1991BC93C
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>"
gpgv: Signature made Thu 25 Apr 2024 11:11:21 AM EDT
gpgv:                using RSA key F6ECB3762474EDA9D21B7022871920D1991BC93C
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>"
gpgv: Signature made Thu 25 Apr 2024 11:11:21 AM EDT
gpgv:                using RSA key F6ECB3762474EDA9D21B7022871920D1991BC93C
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>"
gpgv: Signature made Tue 28 May 2024 10:07:10 AM EDT
gpgv:                using RSA key 7EA0A9C3F273FCD8
gpgv: Can't check signature: No public key
ERROR: /tmp/tmpbplh675u/download.docker.com_linux_ubuntu_dists_jammy_InRelease bad signature.  Not syncing because in strict mode.
gpgv: Signature made Tue 28 May 2024 10:07:10 AM EDT
gpgv:                using RSA key 7EA0A9C3F273FCD8
gpgv: Can't check signature: No public key
ERROR: /tmp/tmpbplh675u/download.docker.com_linux_ubuntu_dists_jammy_Release.gpg bad signature. Not syncing because in strict mode.
gpgv: Signature made Thu 09 May 2024 04:15:37 AM EDT
gpgv:                using RSA key 57446EFDE098E5C934B69C7DC208ADDE26C2B797
gpgv: Can't check signature: No public key
ERROR: /tmp/tmpbplh675u/downloads.linux.hpe.com_SDR_repo_mcp_dists_noble_current_Release.gpg bad signature. Not syncing because in strict mode.
gpgv: Signature made Tue 18 Jul 2023 03:04:24 PM EDT
gpgv:                using RSA key C95B321B61E88C1809C4F759DDCAE044F796ECB0
gpgv: Can't check signature: No public key
ERROR: /tmp/tmpbplh675u/nvidia.github.io_libnvidia-container_stable_ubuntu18.04_amd64_InRelease bad signature.  Not syncing because in strict mode.
gpgv: Signature made Thu 15 Apr 2021 11:01:52 PM EDT
gpgv:                using RSA key F9FDA6BED73CDC22
gpgv: Good signature from "Canonical Archive Automatic Signing Key <ftpmaster@canonical.com>"
gpgv: Signature made Mon 03 Jun 2024 11:42:39 AM EDT
gpgv:                using RSA key EB3E94ADBE1229CF
gpgv: Good signature from "Microsoft (Release signing) <gpgsecurity@microsoft.com>"
gpgv: Signature made Mon 03 Jun 2024 11:43:09 AM EDT
gpgv:                using RSA key EB3E94ADBE1229CF
gpgv: Good signature from "Microsoft (Release signing) <gpgsecurity@microsoft.com>"
gpgv: Signature made Mon 03 Jun 2024 04:55:25 AM EDT
gpgv:                using RSA key EB3E94ADBE1229CF
gpgv: Good signature from "Microsoft (Release signing) <gpgsecurity@microsoft.com>"
gpgv: Signature made Mon 03 Jun 2024 04:55:38 AM EDT
gpgv:                using RSA key EB3E94ADBE1229CF
gpgv: Good signature from "Microsoft (Release signing) <gpgsecurity@microsoft.com>"
gpgv: Signature made Tue 14 May 2024 06:01:40 PM EDT
gpgv:                using RSA key 234654DA9A296436
gpgv: Can't check signature: No public key
ERROR: /tmp/tmpbplh675u/pkgs.k8s.io_core:_stable:_v1.28_deb_InRelease bad signature.  Not syncing because in strict mode.
gpgv: Signature made Tue 14 May 2024 06:01:40 PM EDT
gpgv:                using RSA key 234654DA9A296436
gpgv: Can't check signature: No public key
ERROR: /tmp/tmpbplh675u/pkgs.k8s.io_core:_stable:_v1.28_deb_Release.gpg bad signature. Not syncing because in strict mode.
gpgv: Signature made Mon 03 Jun 2024 04:18:18 PM EDT
gpgv:                using RSA key F6ECB3762474EDA9D21B7022871920D1991BC93C
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>"
gpgv: Signature made Mon 03 Jun 2024 04:18:18 PM EDT
gpgv:                using RSA key F6ECB3762474EDA9D21B7022871920D1991BC93C
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>"
archive.ubuntu.com_ubuntu_dists_noble-backports_InRelease synced.
archive.ubuntu.com_ubuntu_dists_noble-backports_Release.gpg synced.
...
security.ubuntu.com_ubuntu_dists_noble-security_universe_source_Sources.xz synced.
security.ubuntu.com_ubuntu_dists_noble-security_universe_source_Sources.xz synced.
me@z620:~/devel/work/apt-offline$

Problem: Files downloaded from sources with the so-called "bad signature" (namely, those from download.docker.com, downloads.linux.hpe.com, nvidia.github.io, pkgs.k8s.io) have not been synced. These are sources with a custom signed-by field, such as deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /. Such custom-located signatures are recognized by apt-get:

me@z620:~/devel/work/apt-offline$ sudo apt-get update
Hit:2 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease                                                                                                                       
Get:3 https://nvidia.github.io/libnvidia-container/stable/ubuntu18.04/amd64  InRelease [1,484 B]                                                                                             
Hit:4 http://security.ubuntu.com/ubuntu noble-security InRelease                                                                                                                             
Hit:5 https://download.docker.com/linux/ubuntu jammy InRelease                                                                                                                               
Get:1 https://packages.microsoft.com/repos/code stable InRelease [3,590 B]                                                                                                                   
Hit:7 http://archive.ubuntu.com/ubuntu noble InRelease                                                                                                                                       
Hit:8 http://oem.archive.canonical.com/updates focal-qemu InRelease                                   
Hit:9 http://archive.ubuntu.com/ubuntu noble-updates InRelease                                        
Ign:10 http://downloads.linux.hpe.com/SDR/repo/mcp noble/current InRelease             
Hit:11 http://archive.ubuntu.com/ubuntu noble-backports InRelease                      
Hit:6 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.28/deb  InRelease
Hit:12 http://downloads.linux.hpe.com/SDR/repo/mcp noble/current Release         
Fetched 5,074 B in 1s (3,680 B/s)
Reading package lists... Done
N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease' doesn't support architecture 'i386'
N: Skipping acquire of configured file 'stable/binary-i386/Packages' as repository 'https://download.docker.com/linux/ubuntu jammy InRelease' doesn't support architecture 'i386'
N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://packages.microsoft.com/repos/code stable InRelease' doesn't support architecture 'i386'
N: Missing Signed-By in the sources.list(5) entry for 'http://oem.archive.canonical.com/updates'
N: Missing Signed-By in the sources.list(5) entry for 'http://packages.microsoft.com/repos/code'
me@z620:~/devel/work/apt-offline$

Desired behavior should match the output from apt-get update, above. Version detail:

me@z620:~/devel/work/apt-offline$ apt-offline -v
1.8.5
me@z620:~/devel/work/apt-offline$ cat /etc/os-release 
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
me@z620:~/devel/work/apt-offline$
rickysarraf commented 3 months ago

This has just been fixed in master with 8cd98befe3860fe09a8d4badf97a25ecb26203b4 Could you please test and report ?