1. 技术文章
  2. Travis Can't Find Debian Package in Custom Source Repo, Why?

Travis Can't Find Debian Package in Custom Source Repo, Why?

隐身守侯 提交于 2019-12-25 09:33:36

问题


The instructions here appear to be logical, i've tried both with, and without docker enabled:

https://docs.travis-ci.com/user/installing-dependencies/

Here is the log: 

Adding APT Sources (BETA)
$ export DEBIAN_FRONTEND=noninteractive
0.01s$ echo "deb https://dl.bintray.com/solvingj/public-deb unstable main" | sudo tee -a /etc/apt/sources.list > /dev/null
Installing APT Packages (BETA)
$ export DEBIAN_FRONTEND=noninteractive
3.03s$ sudo -E apt-get -yq update &>> ~/apt-get-update.log
0.30s$ sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install cmake go-bin-deb
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package go-bin-deb
apt-get.diagnostics
apt-get install failed
$ cat ~/apt-get-update.log
Ign:1 http://us-central1.gce.archive.ubuntu.com/ubuntu precise InRelease
Hit:2 http://us-central1.gce.archive.ubuntu.com/ubuntu precise-updates InRelease
Hit:3 http://us-central1.gce.archive.ubuntu.com/ubuntu precise-backports InRelease
Hit:4 http://us-central1.gce.archive.ubuntu.com/ubuntu precise Release
Ign:5 http://downloads-distro.mongodb.org/repo/debian-sysvinit dist InRelease
Get:6 http://downloads-distro.mongodb.org/repo/debian-sysvinit dist Release [2,040 B]
Get:7 http://downloads-distro.mongodb.org/repo/debian-sysvinit dist Release.gpg [490 B]
Hit:8 http://security.ubuntu.com/ubuntu precise-security InRelease
Hit:9 http://apt.postgresql.org/pub/repos/apt precise-pgdg InRelease
Hit:11 http://ppa.launchpad.net/chris-lea/redis-server/ubuntu precise InRelease
Get:12 http://downloads-distro.mongodb.org/repo/debian-sysvinit dist/10gen amd64 Packages [30.9 kB]
Ign:13 http://ppa.launchpad.net/couchdb/stable/ubuntu precise InRelease
Ign:14 http://ppa.launchpad.net/git-core/v1.8/ubuntu precise InRelease
Get:15 http://downloads-distro.mongodb.org/repo/debian-sysvinit dist/10gen i386 Packages [30.5 kB]
Hit:16 http://ppa.launchpad.net/pollinate/ppa/ubuntu precise InRelease
Ign:17 https://dl.bintray.com/solvingj/public-deb unstable InRelease
Hit:18 http://ppa.launchpad.net/travis-ci/zero-mq/ubuntu precise InRelease
Hit:19 http://ppa.launchpad.net/ubuntugis/ppa/ubuntu precise InRelease
Hit:20 http://ppa.launchpad.net/webupd8team/java/ubuntu precise InRelease
Hit:21 https://packagecloud.io/basho/riak/ubuntu precise InRelease
Hit:22 http://ppa.launchpad.net/couchdb/stable/ubuntu precise Release
Hit:24 https://packagecloud.io/computology/apt-backport/ubuntu precise InRelease
Hit:25 http://ppa.launchpad.net/git-core/v1.8/ubuntu precise Release
Get:27 https://dl.bintray.com/solvingj/public-deb unstable Release [2,673 B]
Ign:28 https://dl.bintray.com/solvingj/public-deb unstable Release.gpg
Get:29 https://dl.bintray.com/solvingj/public-deb unstable/main amd64 Packages [14 B]
Get:30 https://dl.bintray.com/solvingj/public-deb unstable/main i386 Packages [14 B]
Fetched 66.7 kB in 1s (38.0 kB/s)
Reading package lists...
W: http://us-central1.gce.archive.ubuntu.com/ubuntu/dists/precise-updates/InRelease: Signature by key 630239CC130E1A7FD81A27B140976EAF437D05B5 uses weak digest algorithm (SHA1)
W: http://us-central1.gce.archive.ubuntu.com/ubuntu/dists/precise-backports/InRelease: Signature by key 630239CC130E1A7FD81A27B140976EAF437D05B5 uses weak digest algorithm (SHA1)
W: http://us-central1.gce.archive.ubuntu.com/ubuntu/dists/precise/Release.gpg: Signature by key 630239CC130E1A7FD81A27B140976EAF437D05B5 uses weak digest algorithm (SHA1)
W: http://downloads-distro.mongodb.org/repo/debian-sysvinit/dists/dist/Release.gpg: Signature by key 492EAFE8CD016A07919F1D2B9ECBEC467F0CEB10 uses weak digest algorithm (SHA1)
W: http://security.ubuntu.com/ubuntu/dists/precise-security/InRelease: Signature by key 630239CC130E1A7FD81A27B140976EAF437D05B5 uses weak digest algorithm (SHA1)
W: http://ppa.launchpad.net/couchdb/stable/ubuntu/dists/precise/Release.gpg: Signature by key 15866BAFD9BCC4F3C1E0DFC7D69548E1C17EAB57 uses weak digest algorithm (SHA1)
W: http://ppa.launchpad.net/git-core/v1.8/ubuntu/dists/precise/Release.gpg: Signature by key E1DD270288B4E6030699E45FA1715D88E1DF1F24 uses weak digest algorithm (SHA1)
W: The repository 'https://dl.bintray.com/solvingj/public-deb unstable Release' is not signed.
The command "sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install cmake go-bin-deb" failed and exited with 100 during .

Here is the start of my travis.yml file: 

sudo: required
language: cpp
compiler:
- gcc
os:
- linux
addons:
  apt:
    sources:
    - sourceline: deb https://dl.bintray.com/solvingj/public-deb unstable main
    packages:
    - cmake
    - go-bin-deb

You can visit the custom repo, add it to a debian machine, and find the package without issue:

https://bintray.com/solvingj/public-deb

root@debian:/home/myprofile/go-github-release-test# apt-get clean
root@debian:/home/myprofile/go-github-release-test# more /etc/apt/sources.list
deb https://dl.bintray.com/solvingj/public-deb unstable main

root@debian:/home/myprofile/go-github-release-test# apt-get install go-bin-deb
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  go-bin-deb
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,074 kB of archives.
After this operation, 3,072 B of additional disk space will be used.
Get:1 https://mh-cbon.github.io/go-bin-deb/apt/public/ all/contrib go-bin-deb i386 0.0.18 [1,074 kB]
Fetched 1,074 kB in 1s (865 kB/s)
Selecting previously unselected package go-bin-deb.
(Reading database ... 36957 files and directories currently installed.)
Preparing to unpack .../go-bin-deb_0.0.18_i386.deb ...
Unpacking go-bin-deb (0.0.18) ...
Setting up go-bin-deb (0.0.18) ...
root@debian:/home/myprofile/go-github-release-test#

回答1:


The problem was that the repository only contained the 32 bit version of the package. My successful tests were on a 32 bit OS. My failing tests were on Travis and Windows Subsystem for Linux, both of which are 64 bit. Once I uploaded the 64 bit build to the debian repository, it found the package.




回答2:


Well, the warning is pretty clear:

W: The repository 'https://dl.bintray.com/solvingj/public-deb unstable Release' is not signed.

apt does gpg-verification of each package, in order to make it hard for attackers to replace packages by malicious versions.

Therefore, you should sign the repository, so apt can validate the package authenticity.

An insecure, dangerous and generally bad alternative is to add the --allow-unauthenticated flag:

   --allow-unauthenticated
       Ignore if packages can't be authenticated and don't prompt about it. This can be useful while working with
       local repositories, but is a huge security risk if data authenticity isn't ensured in another way by the user
       itself. The usage of the Trusted option for sources.list(5) entries should usually be preferred over this
       global override. Configuration Item: APT::Get::AllowUnauthenticated.

Don't use it. You have been warned! Instead sign your repository.



来源:https://stackoverflow.com/questions/44807022/travis-cant-find-debian-package-in-custom-source-repo-why

标签
Ubuntu
debian
travis-ci
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!