On Thu, Feb 16, 2012 at 05:27:21AM -0200, Christian Robottom Reis wrote:
On Thu, Feb 16, 2012 at 12:49:21PM +0530, Amit wrote:
I am not able to install any packages related to linaro for example when I tried that below command
sudo add-apt-repository ppa:linaro-maintainers/toolchain I am getting error like Error reading https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: <urlopen error [Errno 111] Connection refused>
But when I use a direct INTERNET connection without proxy its working fine.
The problem you're running into is that add-apt-repository is fetching a GPG key from the Ubuntu keyserver, which is running on port 11371. You can indeed punch a hold in the firewall, but you can also just issue
sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7BE1F97Bsince this is a one-time operation -- once the key is set up transferring packages is done over regular http.
Is there a reason why we don't simply preinstall that key in the apt keyring before shipping the filesystem? The same goes for pre-seeding the apt litsts: downloading them as linaro-media-create time is worryingly non-deterministic. Really, the releases should be 100% self-contained.
Fetching apt keys in the above way is fundamentally insecure in any case, so nothing is gained securitywise by not shipping them in the fs.
I seem to remember previous discussion on this... I can't remember the conclusion though.
Cheers ---Dave