Re: linaro blocking issue
On Mon, Feb 20, 2012 at 10:39:20AM +, Dave Martin wrote: On Thu, Feb 16, 2012 at 05:27:21AM -0200, Christian Robottom Reis wrote: On Thu, Feb 16, 2012 at 12:49:21PM +0530, Amit wrote: I am not able to install any packages related to linaro for example when I tried that below command sudo add-apt-repository ppa:linaro-maintainers/toolchain I am getting error like Error reading https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: urlopen error [Errno 111] Connection refused But when I use a direct INTERNET connection without proxy its working fine. The problem you're running into is that add-apt-repository is fetching a GPG key from the Ubuntu keyserver, which is running on port 11371. You can indeed punch a hold in the firewall, but you can also just issue sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7BE1F97B since this is a one-time operation -- once the key is set up transferring packages is done over regular http. Is there a reason why we don't simply preinstall that key in the apt keyring before shipping the filesystem? It's a good question. I'm going to borrow James W.'s opinion here who will know of any unforseen consequences of it. The same goes for pre-seeding the apt litsts: downloading them as linaro-media-create time is worryingly non-deterministic. Really, the releases should be 100% self-contained. I think the reason we don't pre-seed these is that they take up a lot of space on the downloaded image. Am I wrong? -- Christian Robottom Reis, Engineering VP Brazil (GMT-3) | [+55] 16 9112 6430 | [+1] 612 216 4935 Linaro.org: Open Source Software for ARM SoCs ___ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
Re: linaro blocking issue
On Wed, 22 Feb 2012 17:21:45 -0200, Christian Robottom Reis k...@linaro.org wrote: Is there a reason why we don't simply preinstall that key in the apt keyring before shipping the filesystem? It's a good question. I'm going to borrow James W.'s opinion here who will know of any unforseen consequences of it. There shouldn't be any issues with doing this. Users of the image are trusting Linaro already, so trusting the PPA is just an extension of that. The image build should insert the key using the long fingerprint though (not the 8 character version) to avoid collision attacks on the build process. The same goes for pre-seeding the apt litsts: downloading them as linaro-media-create time is worryingly non-deterministic. Really, the releases should be 100% self-contained. I think the reason we don't pre-seed these is that they take up a lot of space on the downloaded image. Am I wrong? No, that's right. Usually linaro-media-create doesn't actually need the downloaded files either. Unfortunately there aren't apt APIs to do what it needs to do without downloading all of the files though. Thanks, James ___ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
Re: linaro blocking issue
Hi, the third way is to go to the keyserver.ubuntu.com website, search for your keyid and copy the key to a text file for import locally... 1. go to http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xF1FCBACA7BE1F97B 2. copy the GPG block to a text file: key.txt 3. sudo apt-key add key.txt now things might work... On Thu, Feb 16, 2012 at 10:32 AM, Amit amit@tieto.com wrote: ** Hi Christian, I tried the alternative command, but I am getting error in that for connecting to the host. The error logs are as follows gpg: directory `/home/bagggami/.gnupg' created gpg: new configuration file `/home/bagggami/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/bagggami/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/bagggami/.gnupg/secring.gpg' created gpg: keyring `/home/bagggami/.gnupg/pubring.gpg' created gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com gpgkeys: HTTP fetch error 7: couldn't connect to host gpg: no valid OpenPGP data found. gpg: Total number processed: 0 Can you tell me whats going wrong here. Regards, Amit Bag On 16/02/12 12:57, Christian Robottom Reis wrote: On Thu, Feb 16, 2012 at 12:49:21PM +0530, Amit wrote: I am not able to install any packages related to linaro for example when I tried that below command sudo add-apt-repository ppa:linaro-maintainers/toolchain I am getting error like Error readinghttps://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: https://launchpad.net/api/1.0/%7Elinaro-maintainers/+archive/toolchain: urlopen error [Errno 111] Connection refused But when I use a direct INTERNET connection without proxy its working fine. The problem you're running into is that add-apt-repository is fetching a GPG key from the Ubuntu keyserver, which is running on port 11371. You can indeed punch a hold in the firewall, but you can also just issue sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7BE1F97B since this is a one-time operation -- once the key is set up transferring packages is done over regular http. -- ___ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev -- Alexander Sack Technical Director, Linaro Platform Teams http://www.linaro.org | Open source software for ARM SoCs http://twitter.com/#!/linaroorg - http://www.linaro.org/linaro-blog ___ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
Re: linaro blocking issue
On Thu, Feb 16, 2012 at 05:27:21AM -0200, Christian Robottom Reis wrote: On Thu, Feb 16, 2012 at 12:49:21PM +0530, Amit wrote: I am not able to install any packages related to linaro for example when I tried that below command sudo add-apt-repository ppa:linaro-maintainers/toolchain I am getting error like Error reading https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: urlopen error [Errno 111] Connection refused But when I use a direct INTERNET connection without proxy its working fine. The problem you're running into is that add-apt-repository is fetching a GPG key from the Ubuntu keyserver, which is running on port 11371. You can indeed punch a hold in the firewall, but you can also just issue sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7BE1F97B since this is a one-time operation -- once the key is set up transferring packages is done over regular http. Is there a reason why we don't simply preinstall that key in the apt keyring before shipping the filesystem? The same goes for pre-seeding the apt litsts: downloading them as linaro-media-create time is worryingly non-deterministic. Really, the releases should be 100% self-contained. Fetching apt keys in the above way is fundamentally insecure in any case, so nothing is gained securitywise by not shipping them in the fs. I seem to remember previous discussion on this... I can't remember the conclusion though. Cheers ---Dave ___ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
Re: linaro blocking issue
Hi Christian, I tried the alternative command, but I am getting error in that for connecting to the host. The error logs are as follows gpg: directory `/home/bagggami/.gnupg' created gpg: new configuration file `/home/bagggami/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/bagggami/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/bagggami/.gnupg/secring.gpg' created gpg: keyring `/home/bagggami/.gnupg/pubring.gpg' created gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com gpgkeys: HTTP fetch error 7: couldn't connect to host gpg: no valid OpenPGP data found. gpg: Total number processed: 0 Can you tell me whats going wrong here. Regards, Amit Bag On 16/02/12 12:57, Christian Robottom Reis wrote: On Thu, Feb 16, 2012 at 12:49:21PM +0530, Amit wrote: I am not able to install any packages related to linaro for example when I tried that below command sudo add-apt-repository ppa:linaro-maintainers/toolchain I am getting error like Error reading https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: urlopen error [Errno 111] Connection refused But when I use a direct INTERNET connection without proxy its working fine. The problem you're running into is that add-apt-repository is fetching a GPG key from the Ubuntu keyserver, which is running on port 11371. You can indeed punch a hold in the firewall, but you can also just issue sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7BE1F97B since this is a one-time operation -- once the key is set up transferring packages is done over regular http. -- ___ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
Re: linaro blocking issue
On Thu, Feb 16, 2012 at 03:02:44PM +0530, Amit wrote: gpg: directory `/home/bagggami/.gnupg' created gpg: new configuration file `/home/bagggami/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/bagggami/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/bagggami/.gnupg/secring.gpg' created gpg: keyring `/home/bagggami/.gnupg/pubring.gpg' created gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com gpgkeys: HTTP fetch error 7: couldn't connect to host Looks like you are even having HTTP connection problems -- can you do web requests to http://keyserver.ubuntu.com at all? This is most certainly a network issue on your end. -- Christian Robottom Reis, Engineering VP Brazil (GMT-3) | [+55] 16 9112 6430 | [+1] 612 216 4935 Linaro.org: Open Source Software for ARM SoCs ___ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
Re: linaro blocking issue
On Thu, Feb 16, 2012 at 10:32 AM, Amit amit@tieto.com wrote: gpg: directory `/home/bagggami/.gnupg' created gpg: new configuration file `/home/bagggami/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/bagggami/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/bagggami/.gnupg/secring.gpg' created gpg: keyring `/home/bagggami/.gnupg/pubring.gpg' created gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com gpgkeys: HTTP fetch error 7: couldn't connect to host gpg: no valid OpenPGP data found. gpg: Total number processed: 0 Can you tell me whats going wrong here. looks like you might be behind a corporate firewall, and 'sudo' is not passing the env variables properly. the reliable way I usually do it is: $ sudo su - $ export http_proxy='XXX' $ export https_proxy='XXX' $ add-apt-repository ppa:xxx that should work with sudo -E as well, but I didn't try that. ___ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
Re: linaro blocking issue
On Thu, Feb 16, 2012 at 5:10 PM, Zygmunt Krynicki zygmunt.kryni...@linaro.org wrote: You should set the proxy for apt via /etc/apt.conf or /etc/apt/apt.conf.d/ The line you need is: Acquire::HTTP::Proxy http://.../;; this works for apt-get commands, but not for add-apt-repo which is a python script that does not use this config ___ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
Re: linaro blocking issue
On 17 February 2012 03:10, Zygmunt Krynicki zygmunt.kryni...@linaro.org wrote: On Thu, Feb 16, 2012 at 5:07 PM, Dechesne, Nicolas n-deche...@ti.com wrote: On Thu, Feb 16, 2012 at 10:32 AM, Amit amit@tieto.com wrote: gpg: directory `/home/bagggami/.gnupg' created gpg: new configuration file `/home/bagggami/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/bagggami/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/bagggami/.gnupg/secring.gpg' created gpg: keyring `/home/bagggami/.gnupg/pubring.gpg' created gpg: requesting key 7BE1F97B from hkp server keyserver.ubuntu.com gpgkeys: HTTP fetch error 7: couldn't connect to host gpg: no valid OpenPGP data found. gpg: Total number processed: 0 Can you tell me whats going wrong here. looks like you might be behind a corporate firewall, and 'sudo' is not passing the env variables properly. the reliable way I usually do it is: $ sudo su - $ export http_proxy='XXX' $ export https_proxy='XXX' $ add-apt-repository ppa:xxx You should set the proxy for apt via /etc/apt.conf or /etc/apt/apt.conf.d/ The line you need is: Acquire::HTTP::Proxy http://.../;; for gpg, which is the problem here, you need to configure it in ~/.gnupg/gpg.conf with a line like keyserver-options http-proxy=http://proxy.example.com:3128/ if there is already a keyserver-options line, you need to add that to it. It may be a good idea to also put it into /root/.gnupg/gpg.conf. -- Martin ___ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
Re: linaro blocking issue
On Thu, Feb 16, 2012 at 12:49:21PM +0530, Amit wrote: I am not able to install any packages related to linaro for example when I tried that below command sudo add-apt-repository ppa:linaro-maintainers/toolchain I am getting error like Error reading https://launchpad.net/api/1.0/~linaro-maintainers/+archive/toolchain: urlopen error [Errno 111] Connection refused But when I use a direct INTERNET connection without proxy its working fine. The problem you're running into is that add-apt-repository is fetching a GPG key from the Ubuntu keyserver, which is running on port 11371. You can indeed punch a hold in the firewall, but you can also just issue sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7BE1F97B since this is a one-time operation -- once the key is set up transferring packages is done over regular http. -- Christian Robottom Reis, Engineering VP Brazil (GMT-3) | [+55] 16 9112 6430 | [+1] 612 216 4935 Linaro.org: Open Source Software for ARM SoCs ___ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
