Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
finottiOffline
Post subject: [solved] iceweasel 4.0 repository problem  PostPosted: 15.01.2011, 19:45



Joined: 2010-09-12
Posts: 319

Status: Offline
Dear all,

Recently I started to have problems with Iceweasels 4 (beta)
repository.

Here is the entry:

      Code:

root@debian[/etc/default]# cat /etc/apt/sources.list.d/iceweasel4.list
#deb http://mozilla.debian.net/packages/ ./
deb http://mozilla.debian.net/packages/ experimental iceweasel-4.0


I've followed the instructions from
http://mozilla.debian.net/, which I think I had done
before, but to doublw check:

      Code:

root@debian[/etc/default]# GET http://mozilla.debian.net/archive.asc | gpg --import
gpg: key 06C4AE2A: public key "Debian Mozilla team APT archive <pkg-mozilla-maintainers@lists.alioth.debian.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found


The last line seems already weird...

      Code:

root@debian[/etc/default]# gpg --check-sigs --fingerprint --keyring /usr/share/keyrings/debian-keyring.gpg 06C4AE2A
gpg: keyblock resource `/usr/share/keyrings/debian-keyring.gpg': file open error
pub   4096R/06C4AE2A 2010-11-20 [expires: 2011-11-20]
      Key fingerprint = 85F0 6FBC 75E0 67C3 F305  C3C9 85A3 D265 06C4 AE2A
uid                  Debian Mozilla team APT archive <pkg-mozilla-maintainers@lists.alioth.debian.org>
sig!3        06C4AE2A 2010-11-20  Debian Mozilla team APT archive <pkg-mozilla-maintainers@lists.alioth.debian.org>

2 signatures not checked due to missing keys
root@debian[/etc/default]# gpg --export -a 06C4AE2A | sudo apt-key add -
OK


Now the error (same I had before I (re)did the above):

      Code:

root@debian[/etc/default]# apt-get update
(...)
Get:7 http://mozilla.debian.net experimental Release [3,522 B]                           
Ign http://mozilla.debian.net experimental Release     
Get:8 http://mozilla.debian.net experimental/iceweasel-4.0 amd64 Packages [3,522 B]     
64% [8 Packages bzip2 0 B]bzip2: (stdin) is not a bzip2 file.
Err http://mozilla.debian.net experimental/iceweasel-4.0 amd64 Packages
  Sub-process /bin/bzip2 returned an error code (2)
Fetched 9,352 B in 31s (295 B/s)
W: GPG error: http://mozilla.debian.net experimental Release: The following signatures were invalid: NODATA 1 NODATA 2
W: Failed to fetch http://mozilla.debian.net/packages/dists/experimental/iceweasel-4.0/binary-amd64/Packages.bz2  Sub-process /bin/bzip2 returned an error code (2)

E: Some index files failed to download, they have been ignored, or old ones used instead.


Anyone else having this problem? Any ideas?

Thanks,

Luis


Last edited by finotti on 15.01.2011, 20:47; edited 1 time in total
 
 View user's profile Send private message  
Reply with quote Back to top
domiciusOffline
Post subject: RE: iceweasel 4.0 repository problem  PostPosted: 15.01.2011, 20:25



Joined: 2010-09-13
Posts: 35
Location: Zagreb, Croatia
Status: Offline
Try removing "packages/" from your sources file (see what happened yesterday: http://glandium.org/blog/?p=1529 - following these instructions I have no problems other than not knowing how to properly import a key without being root through the whole process or doing without "sudo" in the last step Embarassed).

_________________
domicius
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
finottiOffline
Post subject: RE: iceweasel 4.0 repository problem  PostPosted: 15.01.2011, 20:46



Joined: 2010-09-12
Posts: 319

Status: Offline
Thanks! That fixed it and was what the site actually said... Sorry.
 
 View user's profile Send private message  
Reply with quote Back to top
domiciusOffline
Post subject: RE: iceweasel 4.0 repository problem  PostPosted: 15.01.2011, 20:49



Joined: 2010-09-13
Posts: 35
Location: Zagreb, Croatia
Status: Offline
Np. Glad to see it resolved. Smile

_________________
domicius
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
DonKultOffline
Post subject: Re: RE: iceweasel 4.0 repository problem  PostPosted: 15.01.2011, 20:56
Team Member


Joined: 2010-09-02
Posts: 482

Status: Offline
      domicius wrote:
following these instructions I have no problems other than not knowing how to properly import a key without being root through the whole process or doing without "sudo" in the last step Embarassed

      Code:
gpg --export -a 06C4AE2A | su -c 'apt-key add -'


But please, please inform yourself what you do with this key adding! Adding a key is a security risk as from there on upgrades signed with this key are used - so if an attacker can trick you into inserting his key into your APT keyring he can from there on provide you 'upgrades' for your complete system of any kind - none, malware, whatever - and you will not notice it if he is clever enough.

Thats why the page describes how to check that the key you downloaded is signed by debian developer - assuming you are trusting this developer or another developer trusting this developer you can trust that this key is not used by an attacker and is therefore 'safe' to use.

//edit: korecd speelink

_________________
MfG. DonKult
"I never make stupid mistakes. Only very, very clever ones." ~ The Doctor
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
domiciusOffline
Post subject: RE: Re: RE: iceweasel 4.0 repository problem  PostPosted: 17.01.2011, 17:43



Joined: 2010-09-13
Posts: 35
Location: Zagreb, Croatia
Status: Offline
DonKult, thanks for pointing me to that "-c" option. Funny how su is probably the command I use the most (and one of the first I learned) yet I think I have never looked into it's help/man page.

And thank you for actually turning my attention to that part of the page which describes how to check the trust path (actually link to another one) - I never really understood these keys that I've been importing (although I've been very wary from whom I download unofficial packages - and it was usually (even though rarely) from guys like Mike but doing something without understanding it, and what's more, creating a habit of doing it without thinking about it is sure an accident waiting to happen).

Regarding this specific case, using that Pathfinder tool, not only can I not find a path I could trust but I can't find any path other than: http://webware.lysator.liu.se/jc/wotsap/wots/latest/paths/0x54FD2A58-0xA6AA8C72.png (it confuses me most that it reports key 06C4AE2A as not found) - as far as I can understand, that tool can't really help me if I don't have my own key (which I still don't) or some other that I trust. Or I'm doing something wrong here... Smile

But I started reading (and understanding more) about all this so I might actually understand all of this at some point. Very Happy

EDIT: I'm finally getting the hang of this and finding some useful data from that tool. And I answered my question from above - it can help me even if I don't have my own key.

_________________
domicius
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT - 12 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Powered by Zafenio