Posts Tagged Ubuntu

Debmirror problem: gpgv: Can’t check signature: public key not found

NoMirror.jpg

I have a mirror where  Debian and Ubuntu packages are hosted ,so people in the internal network can upgrade their software using this mirror. But the other day I realized it couldn’t sync against the Debian mirror, as described in the article How to build Debian and Ubuntu mirrors using debmirror. When I tried to run the sync script I got an error and it exited with errors.

Symptoms
When running debmirror script, it fails with a error similar to this one:

gpgv: Signature made Wed 17 Jul 2013 04:40:31 PM CST using RSA key ID 473041FA
[GNUPG:] ERRSIG AED4B06F473041FA 1 2 00 1374050431 9
[GNUPG:] NO_PUBKEY AED4B06F473041FA
gpgv: Can’t check signature: public key not found
gpgv: Signature made Wed 17 Jul 2013 04:40:31 PM CST using RSA key ID 46925553
[GNUPG:] ERRSIG 8B48AD6246925553 1 2 00 1374050431 9
[GNUPG:] NO_PUBKEY 8B48AD6246925553
gpgv: Can’t check signature: public key not found
Release signature does not verify.

Cause

Packages are validated using a key, so we can trust what we are downloading from the source repo and what will installed on our computers. Some repositories have a keyrnig with known keys, and it’s likely that a new key signature was added to the Debian/Ubuntu keyring. This can occur  if there is new distro version, and new keys were added, making our keyring out of date (the new keys are missing).

Solution

In order to fix this issue, follow the next steps depending on the distro you are mirroring:

Debian

Update the repository and import the new keys:

aptitude update
aptitude safe-upgrade
gpg --keyring /usr/share/keyrings/debian-archive-keyring.gpg  --export | gpg --no-default-keyring --keyring /var/data/keyrings/debian/trustedkeys.gpg --import

Sidenote: If no keys were added, download the latest debian-archive-keyring package from the repositories, extract it and use those keyrings. Example:

wget http://ftp.us.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2012.4_all.deb
dpkg -x debian-archive-keyring_2012.4_all.deb  ~
gpg --keyring ~/usr/share/keyrings/debian-archive-keyring.gpg  --export | gpg --no-default-keyring --keyring /var/data/keyrings/debian/trustedkeys.gpg --import

Ubuntu

Download the latest ubuntu-archive-kering package and extrack it,  later use the those keyrings . Example:

wget http://mirror.pnl.gov/ubuntu//pool/main/u/ubuntu-keyring/ubuntu-keyring_2012.05.19_all.deb
dpkg -x ubuntu-keyring_2012.05.19_all.deb ~
gpg --keyring ~/usr/share/keyrings/ubuntu-archive-keyring.gpg --export|gpg --no-default-keyring --keyring /var/data/keyrings/ubuntu/trustedkeys.gpg --import

After this procedure, the sync script will run without problems and it will downloaded the latest updates.


, ,

2 Comments

Mobile repository on Debian

Debian Mobile Repo

If by chances you have a slow connection but in another place have a better connection (school, university, work, etc.) and have a computer with Debian which on the same architecture (x86, x64, etc.)  with almost the same software selection, you can do this little trick to carry part of the downloaded packages:

Computer with good connection

Update and upgrade the computer with good connection:

root@dell~# aptitude update
aptitude safe-upgrade

On Debian and alike distros the downloaded packages are stored in /var/cache/apt/archives, so you can copy the content of that directory into a pen-drive or external hard drive:

cp -r /var/cache/apt/archives /media/usb0

Computer with poor connection

Update  the package list. Despite you have a poor connection , you still need Internet to retrieved the package’s information:

 root@cupcake:~# aptitude update
 root@cupcake:~# aptitude safe-upgrade
 The following packages will be upgraded:
 bind9-host dnsutils evolution-data-server evolution-data-server-common gdm3 gnome-shell gnome-shell-common google-chrome-stable gvfs
 gvfs-backends gvfs-bin gvfs-common gvfs-daemons gvfs-libs host icedtea-netx icedtea-netx-common krb5-locales libbind9-80 libc-bin libc-dev-bin
 libc6 libc6:i386 libc6-dev libc6-i386 libc6-i686:i386 libcairo-gobject2 libcairo2 libcamel-1.2-33 libdbus-glib-1-2 libdns88 libebackend-1.2-2
 libebook-1.2-13 libecal-1.2-11 libedata-book-1.2-13 libedata-cal-1.2-15 libedataserver-1.2-16 libedataserverui-3.0-1 libglib2.0-0
 libglib2.0-0:i386 libglib2.0-bin libglib2.0-data libgssapi-krb5-2 libgssapi-krb5-2:i386 libisc84 libisccc80 libisccfg82 libk5crypto3
 libk5crypto3:i386 libkrb5-3 libkrb5-3:i386 libkrb5support0 libkrb5support0:i386 liblwres80 libperl5.14 libproxy0 libssh-4 libxen-4.1
 libxenstore3.0 locales multiarch-support openssh-client openssh-server perl perl-base perl-modules python python-minimal vim vim-common
 vim-runtime vim-tiny xserver-xorg-video-nouveau
 The following packages are RECOMMENDED but will NOT be installed:
 xserver-xephyr
 73 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
 Need to get 103 MB of archives. After unpacking 16.6 MB will be used.
 Do you want to continue? [Y/n/?] n

Here you can see it needs to download 103 MB. Say no by typing “n”, and copy the packages from the pen-drive to  /var/cache/apt/archives/:

# cp -R /media/C6A7-9F3C/archives/* /var/cache/apt/archives/

Now update the package list and try to upgrade the packages one more time:

root@cupcake:~# aptitude update
 root@cupcake:~# aptitude safe-upgrade
 The following packages will be upgraded:
 bind9-host dnsutils evolution-data-server evolution-data-server-common gdm3 gnome-shell gnome-shell-common google-chrome-stable gvfs
 gvfs-backends gvfs-bin gvfs-common gvfs-daemons gvfs-libs host icedtea-netx icedtea-netx-common krb5-locales libbind9-80 libc-bin libc-dev-bin
 libc6 libc6:i386 libc6-dev libc6-i386 libc6-i686:i386 libcairo-gobject2 libcairo2 libcamel-1.2-33 libdbus-glib-1-2 libdns88 libebackend-1.2-2
 libebook-1.2-13 libecal-1.2-11 libedata-book-1.2-13 libedata-cal-1.2-15 libedataserver-1.2-16 libedataserverui-3.0-1 libglib2.0-0
 libglib2.0-0:i386 libglib2.0-bin libglib2.0-data libgssapi-krb5-2 libgssapi-krb5-2:i386 libisc84 libisccc80 libisccfg82 libk5crypto3
 libk5crypto3:i386 libkrb5-3 libkrb5-3:i386 libkrb5support0 libkrb5support0:i386 liblwres80 libperl5.14 libproxy0 libssh-4 libxen-4.1
 libxenstore3.0 locales multiarch-support openssh-client openssh-server perl perl-base perl-modules python python-minimal vim vim-common
 vim-runtime vim-tiny xserver-xorg-video-nouveau
 The following packages are RECOMMENDED but will NOT be installed:
 xserver-xephyr
 73 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
 Need to get 2,474 kB/103 MB of archives. After unpacking 16.6 MB will be used.
 Do you want to continue? [Y/n/?]

As you can see, now it needs 2,4 MB,  much less than originally needed and it will last much less in downloading with a poor connection like the Venezuela’s 3G networks (put here your preferred mobile operator’s name).

, ,

4 Comments

How to build Debian and Ubuntu mirrors using debmirror

Debmirror

Here I explain how to set up a mirror for Debian an Ubuntu repositories, on a Debian server. The steps explained next can be found on other sites, except how to deal with the repository’s keyrings. For instance, on the Ubuntu’s tutorial they explain how to install the keyrings assuming the server you are installing the mirror has Ubuntu running, but what if it’s running on a Debian server?

Installing debmirror

As I mentioned, I used debmirror for mirroring both distros. There are other programs, like apt-cacher, but I chose debmirror because I wanted to mirror all Debian and Ubuntu repos. So, in order to install debmirror just type the following as root:

aptitude install debmirror

Installing the keyrings

Now it’s time for installing the repositories’ keyrings. Because I wanted a mirror for Debian and other for Ubuntu, I had to download both keyrings packages and import the keyrings from them:

Debian

To install the keyrings for Debian’s repos the latest debian-archive-keyrings must be downloaded, for instance from testing:

# wget http://ftp.us.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2012.4_all.deb

Then the package’s content must be extracted in the root’s home directory:

# dpkg-deb -x debian-archive-keyring_2012.4_all.deb ~

And finally import the keyrings:

# gpg --no-default-keyring --keyring /home/repo/keyrings/debian/trustedkeys.gpg --import /root/usr/share/keyrings/debian-archive-keyring.gpg
 gpg: keyring `/home/repo/keyrings/debian/trustedkeys.gpg' created
 gpg: key B98321F9: public key "Squeeze Stable Release Key " imported
 gpg: key 473041FA: public key "Debian Archive Automatic Signing Key (6.0/squeeze) " imported
 gpg: key 65FFB764: public key "Wheezy Stable Release Key " imported
 gpg: key 46925553: public key "Debian Archive Automatic Signing Key (7.0/wheezy) " imported
 gpg: Total number processed: 4
 gpg: imported: 4 (RSA: 4)
 gpg: no ultimately trusted keys found

Ubuntu

On Ubuntu I did something similar. I downloaded the latest ubuntu-keyring package up-to-date, from quantal’s repos:

# wget http://pa.archive.ubuntu.com/ubuntu/pool/main/u/ubuntu-keyring/ubuntu-keyring_2012.05.19_all.deb

Then I proceed to extract the package content in the root’s home directory and import the keyrinngs:

# dpkg-deb -x ubuntu-keyring_2012.05.19_all.deb ~
# gpg --no-default-keyring --keyring /home/repo/keyrings/ubuntu/trustedkeys.gpg --import /root/usr/share/keyrings/ubuntu-archive-keyring.gpg
gpg: keyring `/home/repo/keyrings/ubuntu/trustedkeys.gpg' created
 gpg: key 437D05B5: public key "Ubuntu Archive Automatic Signing Key " imported
 gpg: key FBB75451: public key "Ubuntu CD Image Automatic Signing Key " imported
 gpg: key C0B21F32: public key "Ubuntu Archive Automatic Signing Key (2012) " imported
 gpg: key EFE21092: public key "Ubuntu CD Image Automatic Signing Key (2012) " imported
 gpg: Total number processed: 4
 gpg: imported: 4 (RSA: 2)
 gpg: no ultimately trusted keys found

The debmirror script

On Ubuntu

The script is an adaptation of the the one at Ubuntu’s documentation, I saved as /home/repo/scripts/debian.sh with the following values:

#!/bin/sh
# Don't touch the user's keyring, have our own instead
export GNUPGHOME=/home/repo/keyrings/ubuntu

# Architecture. For Ubuntu can be i386, powerpc or amd64.
arch=i386,amd64

# Minimum Ubuntu system requires main, restricted
# Section (One of the following - main/restricted/universe/multiverse).
section=main,multiverse,universe,restricted

# Release of the system (Quantal, Precise, etc)
release=quantal,quantal-security,quantal-updates,quantal-backports,precise,precise-security,precise-updates,precise-backports

# Server name, minus the protocol and the path at the end
server=us.archive.ubuntu.com

# Path from the main server, so http://my.web.server/$dir, Server dependant
inPath=/ubuntu

# Protocol to use for transfer (http, ftp, hftp, rsync)
proto=http

# Directory to store the mirror in
outPath=/home/repo/mirrors/ubuntu

# Start script

debmirror       -a $arch \
                --no-source \
                --md5sums \
                --progress \
                --passive \
                --verbose \
                -s $section \
                -h $server \
                -d $release \
                -r $inPath \
                -e $proto \

On Debian

For Debian I used other parameters and save it as /home/repo/scripts/debian.sh with this values:

#!/bin/sh

# Don't touch the user's keyring, have our own instead
export GNUPGHOME=/home/repo/keyrings/debian

# Architecture (i386, powerpc, amd64, etc.)
arch=i386,amd64

# Section (main,contrib,non-free)
section=main,contrib,non-free

# Release of the system (squeeze,lenny,stable,testing,etc)
release=squeeze

# Server name, minus the protocol and the path at the end
server=ftp.us.debian.org

# Path from the main server, so http://my.web.server/$dir, Server dependant
inPath=/debian

# Protocol to use for transfer (http, ftp, hftp, rsync)
proto=http

# Directory to store the mirror in
outPath=/home/repo/mirrors/debian

# Start script

debmirror       -a $arch \
                --no-source \
		--md5sums \
		--progress \
		--passive \
		--verbose \
                -s $section \
                -h $server \
                -d $release \
                -r $inPath \
                -e $proto \
                $outPath

Note: On both cases you have to make the scripts executable, check the connection with the chosen servers and check if you have enough space available for hosting the mirrors.

Scheduled job (crontab)

Once the scripts are working, you can create a cron for keep the mirrors synced. For example, to run he scripts at midnight every day you can put the following in the /etc/crontab:

0 0 * * *    root    /home/repo/scripts/debian.sh
0 0 * * *    root    /home/repo/scripts/ubuntu.sh

Publishing the mirrrors

I published the mirror via http with Apache, the web server:

aptitude install apache2

By default on Debian, Apache uses /var/www as root directory. Thus in order to set the mirrors just make the symbolic links to that directory:

# ln -s /home/repo/mirrors/ubuntu /var/www/
# ln -s /home/repo/mirrors/debian /var/www/

Setting the clients

On the client side, you have to edit the /etc/apt/sources.list file according to the Linux version used on the client.

On Ubuntu

For Ubuntu precise (12.04) you have to put something like this in the /etc/apt/sources.list file:

deb http://192.168.1.1/ubuntu/ precise main restricted universe multiverse
deb http://192.168.1.1/ubuntu/ precise-updates main restricted universe multiverse
deb http://192.168.1.1/ubuntu/ precise-backports main restricted universe multiverse
deb http://192.168.1.1/ubuntu/ precise-security main restricted universe multiverse

In this case the IP addresses 192.168.1.1 belongs to the server hosting the mirrors, which were published via http with Apache. Change to other IP or a DNS entry according to your configuration.

On Debian

For Debian Squeeze you must have the following in your /etc/apt/sources.list:

deb http://192.168.1.1/debian squeeze main contrib non-free
deb http://192.168.1.1/debian-security squeeze/updates main contrib non-free

For both cases after doing these changes you have to update the package list:

aptitude update

Once the package list has been updated you can use those repositories.

, ,

17 Comments

What to do after installing Ubuntu 12.04?

ubuntu_logo_black-orange-300x67

I’m sure you were thinking I was tell you: install Debian!…but no, this time I’m going to be more condescend thus I’m going to give you a tip. After installing Ubuntu one thing you can do to feel you are using Debian is open a terminal and type this:

sudo apt-get install aptitude
sudo aptitude update

Now you will be using the Debian’s default console package management .

But what are the differences between aptitude and apt-get / apt-cache?

That doubt was already commented on this article aptitude vs. apt-get

User password vs. root password

Another thing you can do is to assign a password to root

sudo passwd root

After this you can log in as root and forget about sudo, in addition you will separating the installing user from the real system administrator role.

, ,

14 Comments

How to update to Ubuntu 10.10

Ubuntu 10.10

On October 10, 2010 (10/10/10) Ubuntu 10.10 was released, so if you want to update your system to this version you can type the following from a terminal:

update-manager -d

Once you have done this just click on the Upgrade button and follow the wizard.

,

15 Comments

Addinding Ubuntu repos to cron-apt on Debian

cron-apt ubuntu repos

I have an apt-cacher server at home for caching Debian and Ubuntu repos, and the same PC has cron-apt for downloading Debian packages daily, the idea is to have the packages ready to download whenever I want to update them. On the other hand, my sister has a netbook with Ubuntu, but due to cron-apt is set to download only those packages from the distro it’s running by default, in this case Debian, when my sister’s netbook is updated she can’t take advantage of the cache because she has to wait until all packages are downloaded.

The solution is to make cron-apt download Ubuntu packages. Let’s see how to do it…

Adding Ubuntu repos to cron-apt

In order  to add the Ubuntu repos you have to edit the /etc/cron-apt/config file in the following line:

OPTIONS="-o quiet=1 -o Dir::Etc::SourceList=/etc/apt/sources.list.ubuntu10"

Where the  /etc/apt/sources.list.ubuntu10 file must have the Ubuntu repos definitions. In my case, it’s the apt-cacher server:

deb http://192.168.2.100:3142/ubuntu/ lucid main restricted
deb http://192.168.2.100:3142/ubuntu/ lucid-updates main restricted
deb http://192.168.2.100:3142/ubuntu/ lucid universe
deb http://192.168.2.100:3142/ubuntu/ lucid-updates universe
deb http://192.168.2.100:3142/ubuntu/ lucid multiverse
deb http://192.168.2.100:3142/ubuntu/ lucid-updates multiverse
deb http://192.168.2.100:3142/ubuntu/ lucid-security main restricted
deb http://192.168.2.100:3142/ubuntu/ lucid-security universe
deb http://192.168.2.100:3142/ubuntu/ lucid-security multiverse

Ubuntu public keys

You also have to set the public keys, otherwise apt-cacher will send a email with a message like this one:

W: GPG error: http://192.168.2.100 lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5

In order to download and install the public key you have to do the following steps:

gpg --recv-keys 40976EAF437D05B5
gpg --export --armo 40976EAF437D05B5 | apt-key add -

Now next time I update my sister netbook, many of the packages will be ready to download from the local network at home!!

Reference

, ,

No Comments

Automatical updates for Debian using cron-apt

cron-apt

I’ve already mentioned the advantage of using a cached repository like apt-cacher. Okay, it’s true that all packages will be available when upgrading applications, but only if somebody had already downloaded them. It would be great to have something that automatically downloads those packages for you, so when you upgrade from any computer within the network those applications will already be in apt-cacher.

Installing

In order to install cron-apt just type this in a terminal as root:

aptitude install cron-apt

Setting

You have to define a running frequency of cron-apt in the /etc/cron.d/cron-apt file. There you must define at what time it will be performed, using crontab format. For example:

# Every night at 1 o'clock
0 1 * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt

Then you have to set some variables in the /etc/cron-apt/config fild, according to your needs. For instance, I changed the package manager from apt-get to aptitude, the mail address, and how often I will be warned:

# APTCOMMAND=/usr/bin/apt-get
APTCOMMAND=/usr/bin/aptitude
# APTCOMMAND

Check out the whole file if you want to change any behavior, or just let it has it comes.

Actions

By default cron-apt is set to download the package list and then download the updates. In the /etc/cron-apt/action.d/0-update you will find this:

update -o quiet=2

And the /etc/cron-apt/action.d/3-download file has this:

dist-upgrade -d -y -o APT::Get::Show-Upgraded=true

You can change this values according to your needs, for instance for an unattended upgrade. You can also use the examples provided by the packages in the /usr/share/doc/cron-apt/examples/ directory.

, ,

No Comments

Brightness of Lenovo S10-3 (GMA 3150 video) on Linux

Brightness lcd

The new netbook architecture comes with a Intel GMA 3150 graphic card, which it’s not supported completely by the kernel because it doesn’t show any information in the /sys/class/backlight directory. This means you won’t be able to adjust your LCD brightness with the function keys (ACPI), or use any plugin for that matter, or set the brightness with third-party applications such as laptop-mode-tools.

I did a research on Internet and I found a solution to the brightness adjustment problem, which consist in setting the value to the PCI device on the bus directly, as shown here:

setpci -s 00:02.0 f4.b=55

Where 00:02.0 is the PCI id on the bus,  and  55 is a hexadecimal value between 0 and FF, which modifies the display’s brightness.

In order to konw which device id to write on,  you can query the PCI bus:

mundungus:~# lspci
00:00.0 Host bridge: Intel Corporation N10 Family DMI Bridge
00:02.0 VGA compatible controller: Intel Corporation N10 Family Integrated Graphics Controller
00:02.1 Display controller: Intel Corporation N10 Family Integrated Graphics Controller
00:1b.0 Audio device: Intel Corporation N10/ICH 7 Family High Definition Audio Controller (rev 02)
00:1c.0 PCI bridge: Intel Corporation N10/ICH 7 Family PCI Express Port 1 (rev 02)

As you cans see the device id for the graphic card on the PCI bus is 00:02.0.

Setting  laptop-mode-tools

Commonly laptop-mode-tools writes on a file into the /sys/class/backlight directory,  as I wrote in previous post, but in this case you have to put the following into the /etc/laptop-mode/conf.d/lcd-brightness.conf file:

BATT_BRIGHTNESS_COMMAND="setpci -s 00:02.0 f4.b=55"
LM_AC_BRIGHTNESS_COMMAND="setpci -s 00:02.0 f4.b=77"
NOLM_AC_BRIGHTNESS_COMMAND="setpci -s 00:02.0 f4.b=77"
BRIGHTNESS_OUTPUT="/dev/null"

Notice you have to set the variable BRIGHTNESS_OUTPUT withe the value /dev/null, otherwise it won’t run properly.

References

, ,

8 Comments

Partitions on Lenovo IdeaPad S10-3

Lenovo IdeaPad S10-3 original partitions

I sold my Lenovo IdeaPad S10 to upgrade it to a Lenovo IdeaPad S10-3. As it happened with my sister’s S10-2 netbook, the partitions scheme looks like the ones shown above: A small partition (I assume to boot Windows), a 100 GB partition for Windows 7, another partition with 30 GB for backups, and 150 GB of rescue and driver for Windows.

Because my disk is mine, I decided to erase the two last partitions (I backup-ed  its content first) and change the size of Windows 7 partition in order to make room for two Linux (Debian and Ubuntu), another partition for 1 GB of swap, and the remaining for /home, as is shown in the following picture:

Lenovo S10-3 new partitions

Collateral damage

The only side effect is that some applications supplied by Lenovo, like the OneKey Recovey, won’t work properly because the partitions had been deleted.  The solutions is to make the rescue disks before erase those partitions, or live with those partitions but resizing them to make room (this what’s I did on my sister’s netbook, a Lenovo S10-2).

Warning

Before resizing the Windows partition you better defragment the disk. You should also check that Windows 7 boots properly after resizing the partition, if not you can recovery it by using one of those partitions provided by Lenovo. I did the mistake of erasing them, so I had to borrow a Windows 7 recovery disk, because I  didn’t want to wait for a recovery disc shipped from USA.

, ,

30 Comments

Ubuntu Software Center on Debian

Interfaz del Software Center

Interfaz del Software Center

Some people yelled: what the heck is doing Debian by including Ubuntu Software Center in its repositories? The true is, like it or not, this package is available with the name Software Center, and I have to admit it’s an option for installing software, even more easier than Synaptic does. But it’s not only a graphical interface for installing packages, sol let’s install it and see what else it has to offer.

Installing Software Center

In a terminal you can type the following:

aptitude install software-center

This will install Software Center and its compounds.

Software Center

In order to use Software Center, which is depicted in the above image, you must got to Applications > System > Software Center:

Software center - menu

From there you can search, instal and uninstall applications in the system as you would do from a terminal or graphically in Synaptic, but in a really easy way.

Update Manager

The Update Manager notifies users about new updates, the same way Ubuntu does.

Software center - notification

This can be really useful for helping out forgetful people to keep their system up to date (from example if they use Debian testing).

Update manager

Software Sources

You can also set the system’s repositories from the Software Sources utility. In my case I have some internal repositories with apt-cacher in my local network, which appear in the Third-Party Software Tab:

Software sources

This application in the end just modifies the /etc/apt/sources.list file or the files in the /etc/apt/sources.list.d folder.

Compatibility with aptitude

My big concern was if this application would integrate with aptitude, I mean, if it were capable of uninstall unused dependency packages of a particular application. So far I’ve tested and it appears so!!

, ,

7 Comments