[EN] [Solved] How to migrate sources.list entries to deb822?

[micspabo]

After last Full-Upgrade I get warnings during 'apt update' like:

Code: [Select]

Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/extra'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/fixes'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://debian.mirror.iphh.net/debian'
Notice: Consider migrating all sources.list(5) entries to the deb822 .sources format
Notice: The deb822 .sources format supports both embedded as well as external OpenPGP keys
Notice: See apt-secure(7) for best practices in configuring repository signing.

Though I did find <https://repolib.readthedocs.io/en/latest/deb822-format.html>
the examples do not show Signed-By lines.

What are we expected to do in this case?

[micspabo]

I have been able to remove two lines.
As I do not use nala anymore, I disables one line from '/etc/apt/sources.list.d/nala-sources.list'.

I have been able to migrate the entry from '/etc/apt/sources.list.d/debian.list' by:

Code: [Select]

# nano /etc/apt/sources.list.d/debian.sources
  Types:      deb
  URIs:       https://deb.debian.org/debian/
  Suites:     unstable
  Components: main contrib non-free non-free-firmware
  Enabled:    yes
  Signed-By:  /usr/share/keyrings/debian-archive-keyring.gpg

After this:

Code: [Select]

# apt update
Hit:1 https://packages.siduction.org/extra unstable InRelease
Hit:2 https://packages.siduction.org/fixes unstable InRelease
Hit:3 https://deb.debian.org/debian unstable InRelease
All packages are up to date.   
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/extra'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/fixes'
Notice: Consider migrating all sources.list(5) entries to the deb822 .sources format
Notice: The deb822 .sources format supports both embedded as well as external OpenPGP keys
Notice: See apt-secure(7) for best practices in configuring repository signing.


Code: [Select]

# ls /usr/share/keyrings/
total 192K
-rw-r--r-- 1 root root 8,5K 2023-07-30 21:24 debian-archive-bookworm-automatic.gpg
-rw-r--r-- 1 root root 8,6K 2023-07-30 21:24 debian-archive-bookworm-security-automatic.gpg
-rw-r--r-- 1 root root  280 2023-07-30 21:24 debian-archive-bookworm-stable.gpg
-rw-r--r-- 1 root root 8,5K 2023-07-30 21:24 debian-archive-bullseye-automatic.gpg
-rw-r--r-- 1 root root 8,6K 2023-07-30 21:24 debian-archive-bullseye-security-automatic.gpg
-rw-r--r-- 1 root root 2,4K 2023-07-30 21:24 debian-archive-bullseye-stable.gpg
-rw-r--r-- 1 root root 8,0K 2023-07-30 21:24 debian-archive-buster-automatic.gpg
-rw-r--r-- 1 root root 8,0K 2023-07-30 21:24 debian-archive-buster-security-automatic.gpg
-rw-r--r-- 1 root root 2,3K 2023-07-30 21:24 debian-archive-buster-stable.gpg
-rw-r--r-- 1 root root  55K 2023-07-30 21:24 debian-archive-keyring.gpg
-rw-r--r-- 1 root root  53K 2023-07-30 21:24 debian-archive-removed-keys.gpg
lrwxrwxrwx 1 root root   58 2021-09-16 22:14 siduction-archive-keyring.gpg -> ../siduction-archive-keyring/siduction-archive-keyring.gpg


Code: [Select]

# ls /etc/apt/sources.list.d/*.list
-rw-r--r-- 1 root root  298 2024-02-24 18:11 /etc/apt/sources.list.d/dbgsym.list
-rw-r--r-- 1 root root  573 2025-01-21 20:14 /etc/apt/sources.list.d/debian.list
-rw-r--r-- 1 root root 3,0K 2024-03-24 21:37 /etc/apt/sources.list.d/extra.list
-rw-r--r-- 1 root root 3,1K 2024-03-24 21:38 /etc/apt/sources.list.d/fixes.list
-rw-r--r-- 1 root root  359 2025-01-21 20:23 /etc/apt/sources.list.d/nala-sources.list

If you have a fresh installation done using the iso from shine-on,
could you please check if extra.sources and fixes.sources do exist there?

[onepiece]

I also need help to fix an identical error. I routinely update my GIANTS install but started getting the below pasted error day before yesterday.
 Found some "help" by Googling...but I trust this SIDUCTION forum much more than Google answers.  Can anyone give me step by step instructions to get rid of these error messages?  Thank you in advance.

d@d-virtualbox:~$ sudo apt update
Hit:1 https://deb.debian.org/debian trixie InRelease
Hit:2 https://deb.debian.org/debian unstable InRelease                                     
Hit:3 https://brave-browser-apt-release.s3.brave.com stable InRelease                       
Hit:4 https://ftp.belnet.be/mirror/siduction/extra unstable InRelease                       
Hit:5 https://ftp.belnet.be/mirror/siduction/fixes unstable InRelease
All packages are up to date.   
Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://ftp.belnet.be/mirror/siduction/extra'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://ftp.belnet.be/mirror/siduction/fixes'
Notice: Consider migrating all sources.list(5) entries to the deb822 .sources format
Notice: The deb822 .sources format supports both embedded as well as external OpenPGP keys
Notice: See apt-secure(7) for best practices in configuring repository signing.
d@d-virtualbox:~$

[eriefisher]

You should be converting your soucres.list over repo.sources as shown above.

Code: [Select]

Types:      deb
URIs:       https://deb.debian.org/debian/
Suites:     unstable
Components: main contrib non-free non-free-firmware
Enabled:    yes
Signed-By:  /usr/share/keyrings/debian-archive-keyring.gpg
This one would be named debian.sources.
You could also put the keyring path in line in the sources.list.

Code: [Select]

deb [signed-by=/path/to/keyring.gpg] http://blah.blah.........

[eriefisher]

For more info.

https://wiki.debian.org/SourcesList

[hendrikL]

For our /etc/apt/sources.list.d/extra.list and fixes.list,
You have to change <foo>.list to <foo>.sources.

Code: [Select]

mv extra.list extra.sources
mv fixes.list fixes.sources

open them with an editor of your choice, every step has to be done as root, and change them.

Code: [Select]

nano fixes.sources

Types: deb deb-src
URIs: https://<the.server.you.prefer.ltd>/fixes
Suites: unstable
Components: main
Enabled: yes
Signed-By: /usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg

and for extra.sources

Code: [Select]

Types: deb deb-src
URIs: https://<the.server.you.prefer.ltd>/extra
Suites: unstable
Components: main
Enabled: yes
Signed-By: /usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg


[charlyheinz]

Dos anyone know how synaptic can handle source- entries in deb822- format. Do I have to change settings in Synaptic so that it is possible to use this *.sources files in Synaptic?

On the other hand actually it seems there is no need to change the entries in sourcelist.d right now because apt will proceed any updates with the old *.list files up to now. I've tested the old *.list on a second PC. All I've got was the warning about missing keys for the repo.
For sure the new *.sources files are working nice especially with the possibility to name the keys in that files.

Please give me a hint if I am on a wrong way.

[devil]

After doing the changes in

Code: [Select]

/etc/apt/sources.list.d an

Code: [Select]

apt update should do the trick.

[charlyheinz]

When I've changed the entries to *.sources in system.d for me it is not possible to manage the sources in synaptic anymore. I just like to overview upgrades in synaptic before I proceed an upgrade / update using apt / apt-get.

[eriefisher]

In system.d? I just checked Synaptic, It doesn't display the new format but it does read them.

[hendrikL]

When I've changed the entries to *.sources in system.d for me it is not possible to manage the sources in synaptic anymore. I just like to overview upgrades in synaptic before I proceed an upgrade / update using apt / apt-get.

Why in system.d? How .....
I hope you mean /etc/apt/sources.list.d/.

Please give us the output of:

Code: [Select]

ls /etc/apt/sources.list.d/

and

Code: [Select]

cat /etc/apt/sources.list.d/debian.sources

[charlyheinz]

No sorry. Not in system.d. Bullschitt.
In /etc/apt/sources.list.d/.
May be I am a little bit in panic 'cause of the political occurences? WaF.

[ruebe99]

Had some issues with "signed-by" in sources.list. Don't know if someone already found that little skript at github:
 
https://gist.github.com/maxhq/7dadf55064aaadc4d9e5993f89fad7b0

It solved the signed-by things in all *list files.
cheers,
ruebe99

[onepiece]

Hello Folks,
Onepiece here.  I made Reply #2 on this tread.
I have an understanding of the theory of what needs to be done to fix this, but I'm still very, very  confused about the actual steps needed to remedy.  There are some highly experienced and highly technical answers in this thread, but I'm hoping someone can "dumb it down" for me to do the fix.  Here is my understanding...please correct me where I'm off track.

The old way of managing “Signed by” is using the standard file that was created during the initial installation.  This now outdated file is called:  /etc/apt/sources.list. 
This file should be DELETED and REPLACED by the new deb822 format-compliant file titled:   /etc/apt/sources.list.d/debian.sources

The contents of the new file, /etc/apt/sources.list.d/debian.sources should contain a short paragraph for EACH of the Notices that indicate a Signed by problem.  In my case these Notices are:

          Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian
          Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/fixes'

So, I should create a new /etc/apt/sources.list.d/debian.sources file that contains these two paragraphs:

Types:      deb
 URIs:       https://deb.debian.org/debian/
 Suites:     unstable
 Components: main contrib non-free non-free-firmware
 Enabled:    yes
 Signed-By:  /usr/share/keyrings/debian-archive-keyring.gpg


Types:      deb
 URIs:       https://packages.siduction.org/fixes
 Suites:     unstable
 Components: main contrib non-free non-free-firmware
 Enabled:    yes
 Signed-By:  /usr/share/keyrings/debian-archive-keyring.gpg

Did I get this right?   Please dumb down any replies so that even a cave man can understand.  Thank you.
.
.

[micspabo]

Please compare extra.sources and fixes.sources from @hendrikL, especially the lines with "Components:"!
He only puts "main" into that line.

I do expect that its enough if "non-free" and "non-free-firmware" are placed in "debian.sources".

Code: [Select]

# inxi -r | grep -v "No active apt repos in:"
Repos:
  Active apt repos in: /etc/apt/sources.list.d/debian.sources
    1: deb https://deb.debian.org/debian/ unstable main contrib non-free non-free-firmware
  Active apt repos in: /etc/apt/sources.list.d/extra.sources
    1: deb https://packages.siduction.org/extra unstable main
  Active apt repos in: /etc/apt/sources.list.d/fixes.sources
    1: deb https://packages.siduction.org/fixes unstable main

@hendrikL: Thanks a lot.