Opened 7 years ago
Closed 7 years ago
#862 closed defect (fixed)
Ubuntu Trusty Release.gpg contains random data
|Reported by:||Owned by:|
I tried to update recently from the ubuntu packages, and it seems to me that
contains seemingly random data instead of the expected gpg signature. apt-get update fails to interpret the file as well.
I sincerely hope that this is not security-relevant data or indicates an attack on the nginx.org package server, but in case it is, I have opened this issue with high priority.
Change History (5)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
Sorry, I just re-tested it with a proper apt and realized the errors I was seeing came from Aptly (http://www.aptly.info/). I openend some other Release.gpg up and they are all ASCII-Armored, e.g. https://get.docker.io/ubuntu/dists/docker/Release.gpg so I was not expecting an unarmored signature.
I will file a bug with aptly that they also work with unarmored signatures.
Thank you for the quick response!
For reference and others who might google this error:
Updating mirror nginx-repo...
ERROR: unable to update: malformed stanza syntax
comment:3 by , 7 years ago
|Component:||other → nginx-package|
|Priority:||blocker → minor|
|Status:||new → closed|
comment:4 by , 7 years ago
|Status:||closed → reopened|
The actual issue has not been resolved.
There seem to be missing colons in the Release file.
comment:5 by , 7 years ago
|Status:||reopened → closed|
Fixed, thanks for spotting this.
Release.gpg is expected to contain non-armored signature.
$ sha256sum Release.gpg
Can you show how apt errors out on you? Tests here show the file is just fine.