Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maybe issue with Ubuntu 22.04 signed Release "provides only weak security information" #125

Closed
ppoilbarbe opened this issue Apr 25, 2022 · 1 comment
Closed

Maybe issue with Ubuntu 22.04 signed Release "provides only weak security information" #125

ppoilbarbe opened this issue Apr 25, 2022 · 1 comment

Comments

@ppoilbarbe
Copy link

ppoilbarbe commented Apr 25, 2022
edited
Loading

I am making an Ansible set of roles for migrating all our HPC and Desktop computers from Ubuntu Xenial (16.04) to Ubuntu Jammy (22.04).
I built the roles with the version 21.10 as a basis for tests until the 22.04 was released. It was working well on my test PCs.
Now, 22.04 is released and I tried to redo the same in order to check that there is no regression.
We have a repository built with Freight which was working well until now (and with 21.10 too).
With the version of apt-get (2.4.5) included with Ubuntu 22.04, I now have an error with the following message:

W: No Hash entry in Release file /var/lib/apt/lists/partial/packages.server.fr_apt_dists_jammy_InRelease
E: The repository 'http://packages.server.fr/apt jammy InRelease' provides only weak security information.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Is there something wrong in the way I build the repository ? (I do freight add then freight cache, as supposed to be done)

I tried to define GPG_DIGEST_ALGO=SHA256 in conf file (and recache all), but after digging in the code, it seems to be the default one.

Here is my freight.conf file:

#
# Freight configuration file.
# File managed by CHEF!!! DO NOT MODIFY BY HAND

# Directories for the Freight library and Freight cache.  Your web
# server's document root should be `$VARCACHE`.
VARLIB="/data/APP_REPOSITORY/repository-ubuntu/repo_dir/lib"
VARCACHE="/data/APP_REPOSITORY/repository-ubuntu/repo_dir/apt"

# Default `Origin` and `Label` fields for `Release` files.
ORIGIN="XXXX"
LABEL="XXXX"
#SUITE="XXXX"

# Which architectures are supported
ARCHS="amd64 source"

# Cache the control files after each run (on), or regenerate them every
# time (off).
CACHE="on"

# GPG key to use to sign repositories.  This is required by the `apt`
# repository provider.  Use `gpg --gen-key` (see `gpg`(1) for more
# details) to generate a key and put its email address here.
GPG="our-key@in-gpg-ring"
# GPG_DIGEST_ALGO=SHA256

# Whether to follow symbolic links in `$VARLIB` to produce extra components
# in the cache directory (on) or not (off).
SYMLINKS="off"

NOTE: The repository is built and served on a node running Ubuntu 16.04 (GPG 1.4.20, apt-get 1.2.35)
@ppoilbarbe
Copy link
Author

Oops... My fault.... The repository for 22.04 is new and I forgot to put a dummy package to not have an empty repository. Because it (freight or apt, I don't know) does not like.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ppoilbarbe