Package: apt
Version: 0.7.2
Severity: grave
--- Please enter the report below this line. ---
Hi !
Since two days, the apt postinst script fails with the following output :
Paramétrage de apt (0.7.2) ...
gpg: key 2D230C5F: "Debian Archive Automatic Signing Key (2006)
<[EMAIL PROTECTED]>" not changed
gpg: key 6070D3A1: "Debian Archive Automatic Signing Key (4.0/etch)
<[EMAIL PROTECTED]>" not changed
gpg: key ADB11277: "Etch Stable Release Key
<[EMAIL PROTECTED]>" not changed
gpg: Total number processed: 3
gpg: unchanged: 3
gpg: key "1" not found: eof
gpg: 1: delete key failed: eof
dpkg : erreur de traitement de apt (--configure) :
le sous-processus post-installation script a retourné une erreur de
sortie d'état 2
Des erreurs ont été rencontrées pendant l'exécution :
apt
E: Sub-process /usr/bin/dpkg returned an error code (1)
(Sorry for French messages, but it's not useful to translate them)
I managed to go deeper in the analysis : it's the "apt-key update" in
the postinst script that generates this error. So I had a look at it,
and I found that the "add new keys" section is alright, it fails at
removing no-longer used keys. Here is the bash code :
keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys |
grep ^pub | cut -d: -f5`
for key in $keys; do
if $GPG --list-keys --with-colons | grep ^pub | cut -d: -f5 |
grep -q $key; then
$GPG --quiet --batch --delete-key --yes ${key}
fi
done
The unused keys are stored in the 'keys' variable. Here is what I have :
[EMAIL PROTECTED]:/tmp# $GPG_CMD --keyring $REMOVED_KEYS --with-colons
--list-keys | grep ^pub | cut -d: -f5
1
17
17
The for loop try to find each key in the existing keyring, but guess
what ? The key '1' is not in my keyring, so it fails removing it, but
the if condition returns true. Let's have a look at the condition
without the final grep :
[EMAIL PROTECTED]:/tmp# $GPG --list-keys --with-colons | grep ^pub | cut -d: -f5
17
17
17
17
Yes, you finally understand that grep 1 on that list is true... but it's
not what apt-key should be looking for ! So it may be a good idea to use
a regexp to match the whole line and not only an expression that could
be contained in a larger one.
This is a grave severity since I can't do any upgrade on my PC : the apt
configure script is run before anything else :'(
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.21-1-k7
Debian Release: lenny/sid
500 unstable ftp.fr.debian.org
--- Package information. ---
Depends (Version) | Installed
==============================================-+-====================
libc6 (>= 2.5-5) | 2.5-10
libgcc1 (>= 1:4.2-20070516) | 1:4.2-20070609-1
libstdc++6 (>= 4.2-20070516) | 4.2-20070609-1
debian-archive-keyring | 2007.02.19-0.1
