Julian - I just tried and it seems like Post-Invoke is run when there is a W: but not an E: - is that right?
In this snippet I've added an Apt::Update::Post-Invoke { "echo 'hello' } Reading package lists... Done W: http://dl.google.com/linux/musicmanager/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) W: http://dl.google.com/linux/talkplugin/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1) W: http://ppa.launchpad.net/pitti/systemd/ubuntu/dists/trusty/Release.gpg: Signature by key FB322597BBC86D52FEE950E299B656EA8683D8A2 uses weak digest algorithm (SHA1) E: Failed to fetch http://dl.google.com/linux/musicmanager/deb/dists/stable/Release No Hash entry in Release file /var/lib/apt/lists/dl.google.com_linux_musicmanager_deb_dists_stable_Release which is considered strong enough for security purposes E: Failed to fetch http://dl.google.com/linux/talkplugin/deb/dists/stable/Release No Hash entry in Release file /var/lib/apt/lists/dl.google.com_linux_talkplugin_deb_dists_stable_Release which is considered strong enough for security purposes E: Some index files failed to download. They have been ignored, or old ones used instead. laney@raleigh> ...and then after removing the google repositories: Hit:10 http://ppa.launchpad.net/pitti/systemd/ubuntu trusty Release hello Reading package lists... Done Building dependency tree Reading state information... Done 9 packages can be upgraded. Run 'apt list --upgradable' to see them. W: http://ppa.launchpad.net/pitti/systemd/ubuntu/dists/trusty/Release.gpg: Signature by key FB322597BBC86D52FEE950E299B656EA8683D8A2 uses weak digest algorithm (SHA1) laney@raleigh> I see <https://anonscm.debian.org/cgit/apt/apt.git/tree/apt-pkg/update.cc#n108> which looks like it's where the function is returning from (didn't trace it though), which would prevent the Post-Inboke hook from running. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1562733 Title: apt signature requierements prevent updates from some repositories Status in appstream package in Ubuntu: Confirmed Status in apt package in Ubuntu: In Progress Bug description: Since xenial updated the requirements for the strength of PGP signatures of packages, packages from some repositories are no longer updated. Apt-get update reports these errors: E: Failed to fetch http://[...]/Release No Hash entry in Release file /var/lib/apt/lists/partial/[...] which is considered strong enough for security purposes E: Some index files failed to download. They have been ignored, or old ones used instead. While the motivation for the change is valid, the result is a potential security problem, as the new versions of the packages that may fix recently discovered vulnerabilities are not automatically installed. One less important but unfortunate effect is a scary message that is displayed to the user, without clear explanation that the problem needs to be addressed by the repository owner. Related: Bug #1558331 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/appstream/+bug/1562733/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp