unsigned repositories (PROBLEM FOUND!)

Juraj Holtak juraj.holtak at proaut.org
Thu Sep 21 15:03:36 CEST 2006 

Well,

what I did was using FAI 2.10.5 just 2 days ago to install ETCH -> no 
problems, no additional fix or hook,the fix is alredy in apt.conf.d

then I moved to beta, as it got into testing(etch) (too soon in my opinion) 
and from this point on, I`m experiencing problems

now if I look at /tmp/target/etc/apt/apt.conf.d/ on the clients it says:

f-t3-b-c-t-0a9:~# ls /tmp/target/etc/apt/apt.conf.d/70debconf
/tmp/target/etc/apt/apt.conf.d/70debconf

and 

ls /etc/apt/apt.conf.d/
10fai  70debconf  90fai

so the 10fai and 90fai is MISSING.

ok now tell me how this is possible and how to quickfix it, so I can install 
my testmaschine and calm down some people who are getting littlebit  nervous 
(including myself)  because of project delays ;-)

cheers
juraj

On Thursday 21 September 2006 14:34, Henning Sprang wrote:
> On 9/21/06, Thomas Lange <lange at informatik.uni-koeln.de> wrote:
> > >>>>> On Thu, 21 Sep 2006 12:26:08 +0200, Juraj Holtak
> > >>>>> <juraj.holtak at proaut.org>
> >
> > said:
> >     > as you can see from my previous email (fai-client), I have the same
> >     > problem with unsigned repositories even with your repositories for
> >     > the developer pool
> >     >
> >     > any idea what it could be?
>
> AFAIK since etch apt's default policy is to not install unsigned packages.
>
> We had a bug report in fai that the process we used to avoid this
> shoud be removed. (somewhere in apt preferences or in the actual call
> to apt, I am not sure).
> It seems this bug report has been fixed, but the solution is causing
> trouble to some users, even those who just want to use FAI's extra
> repositories which are also unsigned.
>
> Look into apt preferences to fix that, mayve you have to write a hook
> to put the right apt config in place before installing software.
>
> > No. ATM I do not have the time to look into the unsigned/signed
> > repository topic. I hope that someone else will care about this.
>
> But didn't you put the mentioned fix in?
>
> As I said in the thread about the mentioned bug, I am not convinved
> that forcing this stuff to people is helpful - security ignorant
> admins will find enough ways to trash their infrastructure, and
> security aware admins have lots of ways to set high security levels.
> If we force (or, in this case, not unforce) signed repos, we must at
> least be consequent and sign our own repository.
>
> Henning

More information about the linux-fai mailing list