On Thu, Feb 16, 2012 at 05:27:21AM -0200, Christian Robottom Reis wrote: > On Thu, Feb 16, 2012 at 12:49:21PM +0530, Amit wrote: > > I am not able to install any packages related to linaro for example > > when I tried that below command > > > > sudo add-apt-repository ppa:linaro-maintainers/toolchain > > I am getting error like > > Error reading > > https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: > > <urlopen error [Errno 111] Connection refused> > > > > But when I use a direct INTERNET connection without proxy its working > > fine. > > The problem you're running into is that add-apt-repository is fetching a > GPG key from the Ubuntu keyserver, which is running on port 11371. You > can indeed punch a hold in the firewall, but you can also just issue > > sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7BE1F97B > > since this is a one-time operation -- once the key is set up > transferring packages is done over regular http.
Is there a reason why we don't simply preinstall that key in the apt keyring before shipping the filesystem? The same goes for pre-seeding the apt litsts: downloading them as linaro-media-create time is worryingly non-deterministic. Really, the releases should be 100% self-contained. Fetching apt keys in the above way is fundamentally insecure in any case, so nothing is gained securitywise by not shipping them in the fs. I seem to remember previous discussion on this... I can't remember the conclusion though. Cheers ---Dave _______________________________________________ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
