Verbose error log : "failed to read deb file" and "Invalid archive signature" #377
Description
I have seen the following error log with the option --verbose : failed to read deb file /var/lib/apt/lists/auxfiles/_etc_apt_mirrors_debian-security.list (E:Invalid archive signature)
Is this fixable or should I avoid this kind of sources.list configuration with mirrors ?
I assume that this log is non-blocking for the program to work, am I correct ?
Details :
Context
The error log is seen for example after running the commands :
apt clean
unattended-upgrades --dry-run --debug -v
If I run a second time unattended-upgrades without doing an apt clean the error log does not appear.
Setup
Debian 12.9 with the following debian pkg :
- unattended-upgrades/stable,now 2.9.1+nmu3 all [installed]
- apt-listchanges/stable,now 3.24 all [installed]
- apt-transport-https/stable,now 2.6.1 all [installed]
- apt-utils/stable,now 2.6.1 amd64 [installed]
- apt/stable,now 2.6.1 amd64 [installed]
- libapt-pkg6.0/stable,now 2.6.1 amd64 [installed]
- python-apt-common/stable,now 2.6.0 all [installed,automatic]
- python3-apt/stable,now 2.6.0 amd64 [installed,automatic]
- python3/stable,now 3.11.2-1+b1 amd64 [installed,automatic]
- linux-image-6.1.0-31-cloud-amd64/stable-security,now 6.1.128-1 amd64 [installed,automatic]
I have a sources.list conf file using mirrors :
- /etc/apt/sources.list.d/debian.sources
Types: deb deb-src
URIs: mirror+file:///etc/apt/mirrors/debian.list
Suites: bookworm bookworm-updates bookworm-backports
Components: main
Types: deb deb-src
URIs: mirror+file:///etc/apt/mirrors/debian-security.list
Suites: bookworm-security
Components: main
- /etc/apt/mirrors/debian.list
https://deb.debian.org/debian
- /etc/apt/mirrors/debian-security.list
https://deb.debian.org/debian-security
This particular configuration produces symbolic links in auxfiles :
ls -ahl /var/lib/apt/lists/auxfiles/
drwxr-xr-x 2 _apt root 4.0K Feb 18 16:47 .
drwxr-xr-x 4 root root 4.0K Feb 18 16:47 ..
lrwxrwxrwx 1 root root 37 Feb 18 16:47 _etc_apt_mirrors_debian-security.list -> /etc/apt/mirrors/debian-security.list
lrwxrwxrwx 1 root root 28 Feb 18 16:47 _etc_apt_mirrors_debian.list -> /etc/apt/mirrors/debian.list
Debug logs
Thoses symbolic links are detected by apt_pkg fetcher and marked as untrusted since DescURI is not a trusted uri but a path to another file containing the real DestUri.
Which produce the following error log message :
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 0 FileSize: 39 DestFile:'/var/lib/apt/lists/auxfiles/_etc_apt_mirrors_debian-security.list' DescURI: 'file:/etc/apt/mirrors/debian-security.list' ID:1 ErrorText: ''>
%s is blacklisted because it is not trusted
failed to read deb file /var/lib/apt/lists/auxfiles/_etc_apt_mirrors_debian-security.list (E:Invalid archive signature)
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 0 FileSize: 39 DestFile:'/var/lib/apt/lists/auxfiles/_etc_apt_mirrors_debian-security.list' DescURI: 'file:/etc/apt/mirrors/debian-security.list' ID:1 ErrorText: ''> is not a .deb file
Packages blacklist due to conffile prompts: ['/var/lib/apt/lists/auxfiles/$']
Code
I assume this is in relation with the following code line 2475 :
if not item.is_trusted and not apt_pkg.config.find_b(
"APT::Get::AllowUnauthenticated", False):
logging.debug("%s is blacklisted because it is not trusted")
pkg_name = pkgname_from_deb(item.destfile)
if not is_pkgname_in_blacklist(pkg_name, cache.blacklist):
conffile_blacklist.append("%s$" % re.escape(pkg_name))