2.91s$ sudo apt-get update -qq
473W: http://ppa.launchpad.net/couchdb/stable/ubuntu/dists/trusty/Release.gpg: Signature by key 15866BAFD9BCC4F3C1E0DFC7D69548E1C17EAB57 uses weak digest algorithm (SHA1)
474W: GPG error: https://packagecloud.io/github/git-lfs/ubuntu trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6B05F25D762E3157
475W: The repository 'https://packagecloud.io/github/git-lfs/ubuntu trusty InRelease' is not signed.
476W: There is no public key available for the following key IDs:
4776B05F25D762E3157
478E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/main/binary-amd64/Packages.gz Hash Sum mismatch
479E: Some index files failed to download. They have been ignored, or old ones used instead.
480The command "sudo apt-get update -qq" failed and exited with 100 during .
I switched to the apt: ... packages: ... syntax and it went away, but this contradicts Travis-CI’s own documentation about using apt-get. They should set up some internal alerts when these things start to fail so the images can be patched by engineers on priority. For example, a single code-less project which simply installs a non-standard dependency would catch this, if Travis-CI would add it to their checks.
Dependency resolution is quite early and thus rudimentary in the build process; should rarely fail, but this thread suggests it’s not uncommon, which is bad for Travis-CI platform adoption.
Example commit, which fixed this for official Ubuntu packages: