Ubuntu
apt-p2p package

Software repository authentication with modified /etc/apt/sources.list

Asked by Stefan Nagy

I modified my /etc/apt/sources.list like it is described here: http://www.camrdale.org/apt-p2p/install/. After that, always when I want to install a package in Synaptic get a warning message in Synaptic that my software repositories can't be or aren't authenticated.

Is that normal or is it a malfunction? I couldn't find anything about that on the net...

Thanks in advance!

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu apt-p2p Edit question
Assignee:
No assignee Edit question
Solved by:
Stefan Nagy
Solved:
Last query:
Last reply:
Revision history for this message
Stefan Nagy (stefan-nagy) said : 		#1

To restate my question:

The article in the german ubuntuusers-wiki (http://wiki.ubuntuusers.de/apt-p2p) tells me, that apt-p2p isn't risky because the packages in the software repositories are signed and so APT would notice a changed/corrupted package.

Now, as I understand the apt-secure manual, not just the packages are signed but there are also realease files on each software repository. The release file aswell as the package file contains a checksum and "these two checksums allow apt to verify that it has downloaded a correct copy of the Packages file, with a checksum that matches the one in the Release file" (http://wiki.debian.org/SecureApt).

As I understand it, both verification processes should work with apt-p2p because the packages of peers should be signed and they also should contain the checksum - it shouldn't make any difference.

But, as I said: When I modify my /ect/apt/sources.list and, after that, try to install a package, synaptic tells me "Sie haben Software vorgemerkt, die nicht authentifiziert werden konnte..." - which means something like "You chose software which couldn't be authenticated...".

So my restated question is: Why isn't APT (or Synaptic) able to authenticate the packeges when I use apt-p2p?

Revision history for this message
unbekannt1984 (unbekannt1984) said : 		#2

Problem has been solved on the german Ubuntu-forum www.ubuntuusers.de.

Have a look at: http://forum.ubuntuusers.de/topic/authentifizierung-von-softwarepaketen-bei-der-/

The used Server at.archive.ubuntu.com seems to have old files. Use another mirror if you also have this problem.

Torsten

Revision history for this message
Stefan Nagy (stefan-nagy) said : 		#3

The country mirror for Austria seems to be hosted by the "lagis Internet Serviceprovider GmbH" (https://launchpad.net/ubuntu/+mirror/ubuntu.lagis.at-archive) and according to the "Official Archive Mirrors for Ubuntu"-list (https://launchpad.net/ubuntu/+archivemirrors) this mirror really seems to be "one week behind".

As you can see in this list also a lot of other official mirrors aren't really up-to-date - so if this is really the reason for the apt-p2p authentication issue this means it would be quite common.

In this case the "APT setup"-section of the apt-p2p manual sould contain information about choosing a good (up-to-date) mirror.

Revision history for this message
Stefan Nagy (stefan-nagy) said : 		#4

Since this clearly seems to be a bug (Bug #667313), I'm closing this question. Thanks.