touch-packages team mailing list archive

Thread
Date

[Bug 1284053] Re: Signature warning should include full repository name/path

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Seth Arnold <1284053@xxxxxxxxxxxxxxxxxx>
Date: Fri, 15 May 2015 18:31:35 -0000
Reply-to: Bug 1284053 <1284053@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is unwieldy, I'd really like to know which repositories requested
which keys:

Reading package lists... Done
W: There is no public key available for the following key IDs:
7638D0442B90D010
W: There is no public key available for the following key IDs:
7638D0442B90D010
W: There is no public key available for the following key IDs:
7638D0442B90D010
W: There is no public key available for the following key IDs:
9D6D8F6BC857C906
W: There is no public key available for the following key IDs:
7638D0442B90D010
W: There is no public key available for the following key IDs:
9D6D8F6BC857C906
W: There is no public key available for the following key IDs:
7638D0442B90D010
W: GPG error: http://ppa.launchpad.net vivid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 85504128ECF1204C
W: There is no public key available for the following key IDs:
7638D0442B90D010

I'd love to see this addressed. Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1284053

Title:
  Signature warning should include full repository name/path

Status in apt package in Ubuntu:
  Triaged

Bug description:
  Most people nowadays can collect quite a few APT repositories hosted
  on the same server (ppa.launchpad.net, for instance). In case the
  signature check on one of these repositories fails, apt-get just
  prints this:

  W: GPG error: http://ppa.launchpad.net saucy Release: The following
  signatures couldn't be verified because the public key is not
  available: NO_PUBKEY <blah>

  Unfortunately, this informs the user only that one of the repositories
  on ppa.launchpad.net has a missing key. But not which one. It could be
  any of them. Tracking down the specific signature (<blah> in my
  example) is difficult so the only practical option is to disable the
  repositories one by one until the warning disappears. Which is not
  only annoying to the user but also puts unnecessary load on the
  servers which get repeatedly hit by 'apt-get update'.

  I therefore suggest to change the warning to include the full path of
  the repository. Example:

  W: GPG error: http://ppa.launchpad.net/ubuntu-wine/ppa/ubuntu saucy
  Release: The following signatures couldn't be verified because the
  public key is not available: NO_PUBKEY <blah>

  This would inform the user which repository needs a key. Other options
  (such as printing the repository's name are also valid, of course).

  PS: I am aware that apt-add-repository automatically adds the key but
  this magic only works on Launchpad whereas the problem is one in
  general. Furthermore, you don't always get to use apt-add-repository
  for various reasons.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1284053/+subscriptions