On Thu, Feb 16, 2012 at 12:49:21PM +0530, Amit wrote:
I am not able to install any packages related to linaro for example when I tried that below command
sudo add-apt-repository ppa:linaro-maintainers/toolchain I am getting error like Error reading https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: <urlopen error [Errno 111] Connection refused>
But when I use a direct INTERNET connection without proxy its working fine.
The problem you're running into is that add-apt-repository is fetching a GPG key from the Ubuntu keyserver, which is running on port 11371. You can indeed punch a hold in the firewall, but you can also just issue
sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7BE1F97B
since this is a one-time operation -- once the key is set up transferring packages is done over regular http.
Hi Christian, I tried the alternative command, but I am getting error in that for connecting to the host. The error logs are as follows
gpg: directory `/home/bagggami/.gnupg' created gpg: new configuration file `/home/bagggami/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/bagggami/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/bagggami/.gnupg/secring.gpg' created gpg: keyring `/home/bagggami/.gnupg/pubring.gpg' created gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com gpgkeys: HTTP fetch error 7: couldn't connect to host gpg: no valid OpenPGP data found. gpg: Total number processed: 0
Can you tell me whats going wrong here.
Regards, Amit Bag
On 16/02/12 12:57, Christian Robottom Reis wrote:
On Thu, Feb 16, 2012 at 12:49:21PM +0530, Amit wrote:
I am not able to install any packages related to linaro for example when I tried that below command
sudo add-apt-repository ppa:linaro-maintainers/toolchain I am getting error like Error reading https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: <urlopen error [Errno 111] Connection refused>
But when I use a direct INTERNET connection without proxy its working fine.
The problem you're running into is that add-apt-repository is fetching a GPG key from the Ubuntu keyserver, which is running on port 11371. You can indeed punch a hold in the firewall, but you can also just issue
sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7BE1F97Bsince this is a one-time operation -- once the key is set up transferring packages is done over regular http.
On Thu, Feb 16, 2012 at 03:02:44PM +0530, Amit wrote:
gpg: directory `/home/bagggami/.gnupg' created gpg: new configuration file `/home/bagggami/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/bagggami/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/bagggami/.gnupg/secring.gpg' created gpg: keyring `/home/bagggami/.gnupg/pubring.gpg' created gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com gpgkeys: HTTP fetch error 7: couldn't connect to host
Looks like you are even having HTTP connection problems -- can you do web requests to http://keyserver.ubuntu.com at all? This is most certainly a network issue on your end.
On Thu, Feb 16, 2012 at 10:32 AM, Amit Amit.Bag@tieto.com wrote:
gpg: directory `/home/bagggami/.gnupg' created gpg: new configuration file `/home/bagggami/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/bagggami/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/bagggami/.gnupg/secring.gpg' created gpg: keyring `/home/bagggami/.gnupg/pubring.gpg' created gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com gpgkeys: HTTP fetch error 7: couldn't connect to host gpg: no valid OpenPGP data found. gpg: Total number processed: 0
Can you tell me whats going wrong here.
looks like you might be behind a corporate firewall, and 'sudo' is not passing the env variables properly.
the reliable way I usually do it is:
$ sudo su - $ export http_proxy='XXX' $ export https_proxy='XXX' $ add-apt-repository ppa:xxx
that should work with sudo -E as well, but I didn't try that.
On Thu, Feb 16, 2012 at 5:07 PM, Dechesne, Nicolas n-dechesne@ti.com wrote:
On Thu, Feb 16, 2012 at 10:32 AM, Amit Amit.Bag@tieto.com wrote:
gpg: directory `/home/bagggami/.gnupg' created gpg: new configuration file `/home/bagggami/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/bagggami/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/bagggami/.gnupg/secring.gpg' created gpg: keyring `/home/bagggami/.gnupg/pubring.gpg' created gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com gpgkeys: HTTP fetch error 7: couldn't connect to host gpg: no valid OpenPGP data found. gpg: Total number processed: 0
Can you tell me whats going wrong here.
looks like you might be behind a corporate firewall, and 'sudo' is not passing the env variables properly.
the reliable way I usually do it is:
$ sudo su - $ export http_proxy='XXX' $ export https_proxy='XXX' $ add-apt-repository ppa:xxx
You should set the proxy for apt via /etc/apt.conf or /etc/apt/apt.conf.d/
The line you need is:
Acquire::HTTP::Proxy "http://.../";
that should work with sudo -E as well, but I didn't try that.
linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
On Thu, Feb 16, 2012 at 5:10 PM, Zygmunt Krynicki < zygmunt.krynicki@linaro.org> wrote:
You should set the proxy for apt via /etc/apt.conf or /etc/apt/apt.conf.d/
The line you need is:
Acquire::HTTP::Proxy "http://.../";
this works for apt-get commands, but not for add-apt-repo which is a python script that does not use this config
On 17 February 2012 03:10, Zygmunt Krynicki zygmunt.krynicki@linaro.org wrote:
On Thu, Feb 16, 2012 at 5:07 PM, Dechesne, Nicolas n-dechesne@ti.com wrote:
On Thu, Feb 16, 2012 at 10:32 AM, Amit Amit.Bag@tieto.com wrote:
gpg: directory `/home/bagggami/.gnupg' created gpg: new configuration file `/home/bagggami/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/bagggami/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/bagggami/.gnupg/secring.gpg' created gpg: keyring `/home/bagggami/.gnupg/pubring.gpg' created gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com gpgkeys: HTTP fetch error 7: couldn't connect to host gpg: no valid OpenPGP data found. gpg: Total number processed: 0
Can you tell me whats going wrong here.
looks like you might be behind a corporate firewall, and 'sudo' is not passing the env variables properly.
the reliable way I usually do it is:
$ sudo su - $ export http_proxy='XXX' $ export https_proxy='XXX' $ add-apt-repository ppa:xxx
You should set the proxy for apt via /etc/apt.conf or /etc/apt/apt.conf.d/
The line you need is:
Acquire::HTTP::Proxy "http://.../";
for gpg, which is the problem here, you need to configure it in ~/.gnupg/gpg.conf with a line like
keyserver-options http-proxy=http://proxy.example.com:3128/
if there is already a keyserver-options line, you need to add that to it.
It may be a good idea to also put it into /root/.gnupg/gpg.conf.
Hi,
the third way is to go to the keyserver.ubuntu.com website, search for your keyid and copy the key to a text file for import locally...
1. go to http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xF1FCBACA7BE... 2. copy the GPG block to a text file: key.txt 3. sudo apt-key add key.txt
now things might work...
On Thu, Feb 16, 2012 at 10:32 AM, Amit Amit.Bag@tieto.com wrote:
** Hi Christian, I tried the alternative command, but I am getting error in that for connecting to the host. The error logs are as follows
gpg: directory `/home/bagggami/.gnupg' created gpg: new configuration file `/home/bagggami/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/bagggami/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/bagggami/.gnupg/secring.gpg' created gpg: keyring `/home/bagggami/.gnupg/pubring.gpg' created gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com gpgkeys: HTTP fetch error 7: couldn't connect to host gpg: no valid OpenPGP data found. gpg: Total number processed: 0
Can you tell me whats going wrong here.
Regards, Amit Bag
On 16/02/12 12:57, Christian Robottom Reis wrote:
On Thu, Feb 16, 2012 at 12:49:21PM +0530, Amit wrote:
I am not able to install any packages related to linaro for example when I tried that below command
sudo add-apt-repository ppa:linaro-maintainers/toolchain I am getting error like Error readinghttps://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: https://launchpad.net/api/1.0/%7Elinaro-maintainers/+archive/toolchain: <urlopen error [Errno 111] Connection refused>
But when I use a direct INTERNET connection without proxy its working fine.
The problem you're running into is that add-apt-repository is fetching a GPG key from the Ubuntu keyserver, which is running on port 11371. You can indeed punch a hold in the firewall, but you can also just issue
sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7BE1F97Bsince this is a one-time operation -- once the key is set up transferring packages is done over regular http.
--
linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
On Thu, Feb 16, 2012 at 05:27:21AM -0200, Christian Robottom Reis wrote:
On Thu, Feb 16, 2012 at 12:49:21PM +0530, Amit wrote:
I am not able to install any packages related to linaro for example when I tried that below command
sudo add-apt-repository ppa:linaro-maintainers/toolchain I am getting error like Error reading https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: <urlopen error [Errno 111] Connection refused>
But when I use a direct INTERNET connection without proxy its working fine.
The problem you're running into is that add-apt-repository is fetching a GPG key from the Ubuntu keyserver, which is running on port 11371. You can indeed punch a hold in the firewall, but you can also just issue
sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7BE1F97Bsince this is a one-time operation -- once the key is set up transferring packages is done over regular http.
Is there a reason why we don't simply preinstall that key in the apt keyring before shipping the filesystem? The same goes for pre-seeding the apt litsts: downloading them as linaro-media-create time is worryingly non-deterministic. Really, the releases should be 100% self-contained.
Fetching apt keys in the above way is fundamentally insecure in any case, so nothing is gained securitywise by not shipping them in the fs.
I seem to remember previous discussion on this... I can't remember the conclusion though.
Cheers ---Dave
On Mon, Feb 20, 2012 at 10:39:20AM +0000, Dave Martin wrote:
On Thu, Feb 16, 2012 at 05:27:21AM -0200, Christian Robottom Reis wrote:
On Thu, Feb 16, 2012 at 12:49:21PM +0530, Amit wrote:
I am not able to install any packages related to linaro for example when I tried that below command
sudo add-apt-repository ppa:linaro-maintainers/toolchain I am getting error like Error reading https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: <urlopen error [Errno 111] Connection refused>
But when I use a direct INTERNET connection without proxy its working fine.
The problem you're running into is that add-apt-repository is fetching a GPG key from the Ubuntu keyserver, which is running on port 11371. You can indeed punch a hold in the firewall, but you can also just issue
sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7BE1F97Bsince this is a one-time operation -- once the key is set up transferring packages is done over regular http.
Is there a reason why we don't simply preinstall that key in the apt keyring before shipping the filesystem?
It's a good question. I'm going to borrow James W.'s opinion here who will know of any unforseen consequences of it.
The same goes for pre-seeding the apt litsts: downloading them as linaro-media-create time is worryingly non-deterministic. Really, the releases should be 100% self-contained.
I think the reason we don't pre-seed these is that they take up a lot of space on the downloaded image. Am I wrong?
On Wed, 22 Feb 2012 17:21:45 -0200, Christian Robottom Reis kiko@linaro.org wrote:
Is there a reason why we don't simply preinstall that key in the apt keyring before shipping the filesystem?
It's a good question. I'm going to borrow James W.'s opinion here who will know of any unforseen consequences of it.
There shouldn't be any issues with doing this. Users of the image are trusting Linaro already, so trusting the PPA is just an extension of that.
The image build should insert the key using the long fingerprint though (not the 8 character version) to avoid collision attacks on the build process.
The same goes for pre-seeding the apt litsts: downloading them as linaro-media-create time is worryingly non-deterministic. Really, the releases should be 100% self-contained.
I think the reason we don't pre-seed these is that they take up a lot of space on the downloaded image. Am I wrong?
No, that's right. Usually linaro-media-create doesn't actually need the downloaded files either. Unfortunately there aren't apt APIs to do what it needs to do without downloading all of the files though.
Thanks,
James
-
Alexander Sack -
Amit -
Christian Robottom Reis -
Dave Martin -
Dechesne, Nicolas -
James Westby -
Martin Pool -
Zygmunt Krynicki