softupdate

Per Foreby perf at ddg.lth.se
Sun Aug 19 16:48:45 CEST 2007


We have our own repository for local packages. It is gpg signed with our 
own key, and the key is present in /etc/apt/trusted.gpg in the nfsroot, 
which is copied to the installed client (verified with "apt-key list").

This works fine on the initial installation, but when I add more 
packages and try to install them with a softudate, I get the following 
error:

-----------------------------------------------------------------------
WARNING: untrusted versions of the following packages will be installed!

Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.

   lth-jdk-1.4.2 lth-jdk-1.5.0.12 lth-jdk-1.6.0.02
-----------------------------------------------------------------------

After an "aptitude update" the complaints are gone, and the packages are 
installable with softupdate.

Never had this problem in sarge, but those packages weren't signed.

The same thing happens if i add component to sources.list and try a 
softupdate. (Started out with "main" only, but needed some packages from 
"non-free").

My fix was to add "aptitude update" to hooks/softupdate.LTHBASE (a hook 
in our local base class which I use to fcopy sources.list).

Am I doing anything wrong to get this problem, or does updatebase need 
some fixing?

/Per



More information about the linux-fai mailing list