apt warnings with HP SDR/MCP repo on Ubuntu

Question

I'm using the HP SDR system (MCP specifically) for Linux packages to manage the HP hardware RAID, iLo, etc. The kernel drivers for the hardware are upstream, so these are just management utilities.

http://downloads.linux.hp.com/SDR/

deb http://downloads.linux.hp.com/SDR/downloads/mcp/ precise current/non-free

Per the FAQ, you can add an apt key so the repo isn't from an unsigned source.

http://downloads.linux.hp.com/SDR/faq.html

wget http://downloads.linux.hp.com/SDR/downloads/mcp/GPG-KEY-mcp -O - | sudo apt-key add -
apt-key list
/etc/apt/trusted.gpg
--------------------
pub   1024D/437D05B5 2004-09-12
uid                  Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
sub   2048g/79164387 2004-09-12

pub   1024D/FBB75451 2004-12-30
uid                  Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>

pub   4096R/C0B21F32 2012-05-11
uid                  Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>

pub   4096R/EFE21092 2012-05-11
uid                  Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>

pub   1024D/2689B887 2005-03-11 [expires: 2015-03-09]
uid                  Hewlett-Packard Company (HP Codesigning Service)
sub   2048g/57E5E96D 2005-03-11 [expires: 2015-03-09]
sudo apt-get install hponcfg
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  hponcfg
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/44.0 kB of archives.
After this operation, 164 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  hponcfg
Install these packages without verification [y/N]?

Of course, I can override with -y, but I don't understand why it is saying that the packages can't be authenticated when I've added the proper repo GPG key to my keychain.

Can anyone explain this or how to fix it without telling apt to do something unwise every time?

I noticed that there is no /var/lib/apt/lists/ Release or Release.gpg entry on my system, but they exist in the repo. Perhaps this is the source of the problem?

score 3 · Answer 1 · answered Aug 04 '18 at 12:35

To everyone coming here in 2018. Some considerations.

HP has separated it's enterprise and home businesses in two companies. HP and HPE. So the url's have changed from downloads.linux.hp.com to downloads.linux.hpe.com
The add_repo script seems outdated. The instruction listed here seem more suitable.
The new method to install keys is listed here

So, as of August of 2018 the instructions to enable the apt HPE MCP repository in a Debian stretch are:

Create a /etc/apt/sources.list.d/mcp.list with the following contents:

deb http://downloads.linux.hpe.com/SDR/repo/mcp stretch/current non-free

Import the the HPE public keys

curl http://downloads.linux.hpe.com/SDR/hpPublicKey1024.pub | apt-key add -
curl http://downloads.linux.hpe.com/SDR/hpPublicKey2048.pub | apt-key add -
curl http://downloads.linux.hpe.com/SDR/hpPublicKey2048_key1.pub | apt-key add -
curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add -

apt update
apt install package

You can also browse the available packages for each available distro here. E.g for debian

score 2 · Accepted Answer · answered Jun 23 '14 at 22:40

Solution: I am a numbskull and should have used the add_repo.sh script provided by HP. I was converting my deb line from an old format provided by their legacy SDR system and failed to notice some format changes. The correct format for the deb line is:

deb http://downloads.linux.hp.com/SDR/repo/mcp/ubuntu/ precise/current non-free

If you use the incorrect version posted above, your Packages will download, but the Release file and corresponding gpg will not.

apt warnings with HP SDR/MCP repo on Ubuntu

2 Answers2