Bug #85203 mysql-apt-config can't be installed when pgp.mit.edu is unavailable/unreachable
Submitted: 27 Feb 2017 11:29 Modified: 27 Feb 2017 11:43
Reporter: Geert Vanderkelen Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Package Repos Severity:S3 (Non-critical)
Version:0.8.2 OS:Debian (any)
Assigned to: Lars Tangvald CPU Architecture:Any

[27 Feb 2017 11:29] Geert Vanderkelen 
Description:
This is a follow-up of bug#85029.

When pgp.mit.edu is down or unavailable, it is not possible to install mysql-apt-config, even when we have loaded the key manually.

How to repeat:
1. gpg.mit.edu is not available (down or filtered on firewall, in my case it was simply unreachable for a short moment)

2. install mysql-apt-config:

# dpkg -i mysql-apt-config_0.8.2-1_all.deb
..
Warning: apt-key should not be used in scripts (called from postinst maintainerscript of the package mysql-apt-config)
Executing: /tmp/apt-key-gpghome.IlPBLjNkM0/gpg.1.sh --keyserver pgp.mit.edu --recv-keys 5072E1F5
gpg: keyserver receive failed: No data
Error: Failed to download GPG key. If you are behind a proxy you may need to pass your environment to sudo with -E
Aborting
dpkg: error processing package mysql-apt-config (--install):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 mysql-apt-config

# apt-key list
/etc/apt/trusted.gpg
--------------------
pub   dsa1024 2003-02-03 [SCA] [expires: 2019-02-17]
      A4A9 4068 76FC BD3C 4567  70C8 8C71 8D3B 5072 E1F5
uid           [ unknown] MySQL Release Engineering <mysql-build@oss.oracle.com>

3. Do it again, but suddenly pgp.mit.edu is available:

Executing: /tmp/apt-key-gpghome.Kgk8Vdl1Td/gpg.1.sh --keyserver pgp.mit.edu --recv-keys 5072E1F5
^Tgpg: key 8C718D3B5072E1F5: "MySQL Release Engineering <mysql-build@oss.oracle.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
GPG key imported.

Suggested fix:
Stop using apt-key in the mysql-apt-config package (see bug#85029 for other valid comments, and it actually says so when installing mysql-apt-config)

Key should be imported manually.

Workaround: just keep trying until pgp.mit.edu is available....
[27 Feb 2017 11:43] MySQL Verification Team 
Hello Geert,

Thank you for the report and feedback.

Thanks,
Umesh
[27 Feb 2017 13:24] Lars Tangvald 
Posted by developer:
 
Yes, the way it works currently was a bit rushed (see also https://bugs.mysql.com/bug.php?id=85133)

On the whole, mysql-apt-config is a bit weird. It really should be changed to do its work as a standalone program rather than during package installation.
[8 Mar 2017 7:41] Lars Tangvald 
Posted by developer:
 
0.8.3, released yesterday, drops the change to download the key, and goes back to bundling it, so you should no longer get the failure.
Keeping this open for the related issue; the config package shouldn't really do the repo setup when it's installed, since this causes policy issues such as the apt-key warning, and makes the impact of issues worse (download failure leading to broken apt).

A better way would be to just have the package include the script, which the user then runs manually. As far as I can tell, using debconf in normal scripts is acceptable, so this doesn't have to be a huge change.
[24 Jun 2019 14:10] Martin Mair 
This problem seems not really to be solved ... :-(

Setting up mysql-apt-config (0.8.13-1) ...
Warning: apt-key should not be used in scripts (called from postinst maintainerscript of the package mysql-apt-config)
OK

I use debian buster
[24 Jun 2019 14:15] Martin Mair 
apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 5072E1F5
Executing: /tmp/apt-key-gpghome.OcDnRqXqsq/gpg.1.sh --keyserver hkp://pgp.mit.edu:80 --recv-keys 5072E1F5
gpg: keyserver receive failed: No keyserver available

Rush hour leads to unavailable key server? In 2019 ???

Strange times ...