After last Full-Upgrade I get warnings during 'apt update' like:
Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/extra'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/fixes'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://debian.mirror.iphh.net/debian'
Notice: Consider migrating all sources.list(5) entries to the deb822 .sources format
Notice: The deb822 .sources format supports both embedded as well as external OpenPGP keys
Notice: See apt-secure(7) for best practices in configuring repository signing.
Though I did find <https://repolib.readthedocs.io/en/latest/deb822-format.html>
the examples do not show Signed-By lines.
What are we expected to do in this case?
I have been able to remove two lines.
As I do not use nala anymore, I disables one line from '/etc/apt/sources.list.d/nala-sources.list'.
I have been able to migrate the entry from '/etc/apt/sources.list.d/debian.list' by:
# nano /etc/apt/sources.list.d/debian.sources
Types: deb
URIs: https://deb.debian.org/debian/
Suites: unstable
Components: main contrib non-free non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
After this:
# apt update
Hit:1 https://packages.siduction.org/extra unstable InRelease
Hit:2 https://packages.siduction.org/fixes unstable InRelease
Hit:3 https://deb.debian.org/debian unstable InRelease
All packages are up to date.
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/extra'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/fixes'
Notice: Consider migrating all sources.list(5) entries to the deb822 .sources format
Notice: The deb822 .sources format supports both embedded as well as external OpenPGP keys
Notice: See apt-secure(7) for best practices in configuring repository signing.
# ls /usr/share/keyrings/
total 192K
-rw-r--r-- 1 root root 8,5K 2023-07-30 21:24 debian-archive-bookworm-automatic.gpg
-rw-r--r-- 1 root root 8,6K 2023-07-30 21:24 debian-archive-bookworm-security-automatic.gpg
-rw-r--r-- 1 root root 280 2023-07-30 21:24 debian-archive-bookworm-stable.gpg
-rw-r--r-- 1 root root 8,5K 2023-07-30 21:24 debian-archive-bullseye-automatic.gpg
-rw-r--r-- 1 root root 8,6K 2023-07-30 21:24 debian-archive-bullseye-security-automatic.gpg
-rw-r--r-- 1 root root 2,4K 2023-07-30 21:24 debian-archive-bullseye-stable.gpg
-rw-r--r-- 1 root root 8,0K 2023-07-30 21:24 debian-archive-buster-automatic.gpg
-rw-r--r-- 1 root root 8,0K 2023-07-30 21:24 debian-archive-buster-security-automatic.gpg
-rw-r--r-- 1 root root 2,3K 2023-07-30 21:24 debian-archive-buster-stable.gpg
-rw-r--r-- 1 root root 55K 2023-07-30 21:24 debian-archive-keyring.gpg
-rw-r--r-- 1 root root 53K 2023-07-30 21:24 debian-archive-removed-keys.gpg
lrwxrwxrwx 1 root root 58 2021-09-16 22:14 siduction-archive-keyring.gpg -> ../siduction-archive-keyring/siduction-archive-keyring.gpg
# ls /etc/apt/sources.list.d/*.list
-rw-r--r-- 1 root root 298 2024-02-24 18:11 /etc/apt/sources.list.d/dbgsym.list
-rw-r--r-- 1 root root 573 2025-01-21 20:14 /etc/apt/sources.list.d/debian.list
-rw-r--r-- 1 root root 3,0K 2024-03-24 21:37 /etc/apt/sources.list.d/extra.list
-rw-r--r-- 1 root root 3,1K 2024-03-24 21:38 /etc/apt/sources.list.d/fixes.list
-rw-r--r-- 1 root root 359 2025-01-21 20:23 /etc/apt/sources.list.d/nala-sources.list
If you have a fresh installation done using the iso from shine-on,
could you please check if extra.sources and fixes.sources do exist there?
I also need help to fix an identical error. I routinely update my GIANTS install but started getting the below pasted error day before yesterday.
Found some "help" by Googling...but I trust this SIDUCTION forum much more than Google answers. Can anyone give me step by step instructions to get rid of these error messages? Thank you in advance.
d@d-virtualbox:~$ sudo apt update
Hit:1 https://deb.debian.org/debian trixie InRelease
Hit:2 https://deb.debian.org/debian unstable InRelease
Hit:3 https://brave-browser-apt-release.s3.brave.com stable InRelease
Hit:4 https://ftp.belnet.be/mirror/siduction/extra unstable InRelease
Hit:5 https://ftp.belnet.be/mirror/siduction/fixes unstable InRelease
All packages are up to date.
Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://ftp.belnet.be/mirror/siduction/extra'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://ftp.belnet.be/mirror/siduction/fixes'
Notice: Consider migrating all sources.list(5) entries to the deb822 .sources format
Notice: The deb822 .sources format supports both embedded as well as external OpenPGP keys
Notice: See apt-secure(7) for best practices in configuring repository signing.
d@d-virtualbox:~$
You should be converting your soucres.list over repo.sources as shown above.
Types: deb
URIs: https://deb.debian.org/debian/
Suites: unstable
Components: main contrib non-free non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
This one would be named debian.sources.
You could also put the keyring path in line in the sources.list.
deb [signed-by=/path/to/keyring.gpg] http://blah.blah.........
For more info.
https://wiki.debian.org/SourcesList
For our /etc/apt/sources.list.d/extra.list and fixes.list,
You have to change <foo>.list to <foo>.sources.
mv extra.list extra.sources
mv fixes.list fixes.sources
open them with an editor of your choice, every step has to be done as root, and change them.
nano fixes.sources
Types: deb deb-src
URIs: https://<the.server.you.prefer.ltd>/fixes
Suites: unstable
Components: main
Enabled: yes
Signed-By: /usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg
and for extra.sources
Types: deb deb-src
URIs: https://<the.server.you.prefer.ltd>/extra
Suites: unstable
Components: main
Enabled: yes
Signed-By: /usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg
Dos anyone know how synaptic can handle source- entries in deb822- format. Do I have to change settings in Synaptic so that it is possible to use this *.sources files in Synaptic?
On the other hand actually it seems there is no need to change the entries in sourcelist.d right now because apt will proceed any updates with the old *.list files up to now. I've tested the old *.list on a second PC. All I've got was the warning about missing keys for the repo.
For sure the new *.sources files are working nice especially with the possibility to name the keys in that files.
Please give me a hint if I am on a wrong way.
After doing the changes in /etc/apt/sources.list.d an apt update should do the trick.
When I've changed the entries to *.sources in system.d for me it is not possible to manage the sources in synaptic anymore. I just like to overview upgrades in synaptic before I proceed an upgrade / update using apt / apt-get.
In system.d? I just checked Synaptic, It doesn't display the new format but it does read them.
Quote from: charlyheinz on 2025/01/23, 15:18:49
When I've changed the entries to *.sources in system.d for me it is not possible to manage the sources in synaptic anymore. I just like to overview upgrades in synaptic before I proceed an upgrade / update using apt / apt-get.
Why in system.d? How .....
I hope you mean /etc/apt/sources.list.d/.
Please give us the output of:
ls /etc/apt/sources.list.d/
and
cat /etc/apt/sources.list.d/debian.sources
No sorry. Not in system.d. Bullschitt.
In /etc/apt/sources.list.d/.
May be I am a little bit in panic 'cause of the political occurences? WaF.
Had some issues with "signed-by" in sources.list. Don't know if someone already found that little skript at github:
https://gist.github.com/maxhq/7dadf55064aaadc4d9e5993f89fad7b0
It solved the signed-by things in all *list files.
cheers,
ruebe99
Hello Folks,
Onepiece here. I made Reply #2 on this tread.
I have an understanding of the theory of what needs to be done to fix this, but I'm still very, very confused about the actual steps needed to remedy. There are some highly experienced and highly technical answers in this thread, but I'm hoping someone can "dumb it down" for me to do the fix. Here is my understanding...please correct me where I'm off track.
The old way of managing "Signed by" is using the standard file that was created during the initial installation. This now outdated file is called: /etc/apt/sources.list.
This file should be DELETED and REPLACED by the new deb822 format-compliant file titled: /etc/apt/sources.list.d/debian.sources
The contents of the new file, /etc/apt/sources.list.d/debian.sources should contain a short paragraph for EACH of the Notices that indicate a Signed by problem. In my case these Notices are:
Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/fixes'
So, I should create a new /etc/apt/sources.list.d/debian.sources file that contains these two paragraphs:
Types: deb
URIs: https://deb.debian.org/debian/
Suites: unstable
Components: main contrib non-free non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb
URIs: https://packages.siduction.org/fixes
Suites: unstable
Components: main contrib non-free non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Did I get this right? Please dumb down any replies so that even a cave man can understand. Thank you.
.
.
Please compare extra.sources and fixes.sources from @hendrikL, especially the lines with "Components:"!
He only puts "main" into that line.
I do expect that its enough if "non-free" and "non-free-firmware" are placed in "debian.sources".
# inxi -r | grep -v "No active apt repos in:"
Repos:
Active apt repos in: /etc/apt/sources.list.d/debian.sources
1: deb https://deb.debian.org/debian/ unstable main contrib non-free non-free-firmware
Active apt repos in: /etc/apt/sources.list.d/extra.sources
1: deb https://packages.siduction.org/extra unstable main
Active apt repos in: /etc/apt/sources.list.d/fixes.sources
1: deb https://packages.siduction.org/fixes unstable main
@hendrikL: Thanks a lot.
Quote from: onepiece on 2025/01/23, 20:38:00
Hello Folks,
Onepiece here. I made Reply #2 on this tread.
I have an understanding of the theory of what needs to be done to fix this, but I'm still very, very confused about the actual steps needed to remedy. There are some highly experienced and highly technical answers in this thread, but I'm hoping someone can "dumb it down" for me to do the fix. Here is my understanding...please correct me where I'm off track.
The old way of managing "Signed by" is using the standard file that was created during the initial installation. This now outdated file is called: /etc/apt/sources.list.
This file should be DELETED and REPLACED by the new deb822 format-compliant file titled: /etc/apt/sources.list.d/debian.sources
The contents of the new file, /etc/apt/sources.list.d/debian.sources should contain a short paragraph for EACH of the Notices that indicate a Signed by problem. In my case these Notices are:
Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/fixes'
So, I should create a new /etc/apt/sources.list.d/debian.sources file that contains these two paragraphs:
Types: deb
URIs: https://deb.debian.org/debian/
Suites: unstable
Components: main contrib non-free non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb
URIs: https://packages.siduction.org/fixes
Suites: unstable
Components: main contrib non-free non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Did I get this right? Please dumb down any replies so that even a cave man can understand. Thank you.
.
.
If you run apt update it will tell you if and what the problem is should you make a mistake creating the .sources file. The information is the same as the .list file. just the format has changed.
Please, take a look to the signed-by line.
And for the record, debian and siduction a two different things.
So you need a debian sources and a fixes. sources and a extra sources,
no idea were to find your probs. I get on that machine
inxi -r | grep -v "No active apt repos in:"
Repos:
Active apt repos in: /etc/apt/sources.list.d/aptosid.list
1: deb [signed-by=/usr/share/aptosid-archive-keyring/aptosid-archive-keyring.gpg] http://aptosid.com/debian/ sid main fix.main
Active apt repos in: /etc/apt/sources.list.d/archive_uri-http_www_deb-multimedia_org-trixie.list
1: deb [signed-by=/etc/apt/trusted.gpg.d/deb-multimedia-keyring.gpg] http://www.deb-multimedia.org/ testing non-free main
Active apt repos in: /etc/apt/sources.list.d/backports.list
1: deb [signed-by=/usr/share/keyrings/backports-archive-keyring.gpg] http://deb.debian.org/debian/ trixie-backports main contrib
Active apt repos in: /etc/apt/sources.list.d/codecs.list
1: deb [signed-by=/usr/share/keyrings/codecs-archive-keyring.gpg] http://ftp.debian.org/debian/ bullseye-backports main non-free
2: deb [signed-by=/usr/share/keyrings/codecs-archive-keyring.gpg] http://ftp.debian.org/debian/ bookworm-backports main non-free
Active apt repos in: /etc/apt/sources.list.d/debian.list
1: deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://httpredir.debian.org/debian/ sid main contrib non-free non-free-firmware
2: deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://httpredir.debian.org/debian/ testing main contrib non-free non-free-firmware
3: deb-src [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://httpredir.debian.org/debian/ sid main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/extra.list
1: deb [signed-by=/usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg] https://packages.siduction.org/extra unstable main contrib non-free non-free-firmware
Active apt repos in: /etc/apt/sources.list.d/fixes.list
1: deb [signed-by=/usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg] https://packages.siduction.org/fixes unstable main contrib non-free non-free-firmware
Active apt repos in: /etc/apt/sources.list.d/google-chrome.list
1: deb [arch=amd64 signed-by=/usr/share/keyrings/google-chrome-archive-keyring.gpg] http://dl.google.com/linux/chrome/deb/ stable main
Active apt repos in: /etc/apt/sources.list.d/openproject.list
1: deb [signed-by=/usr/share/keyrings/openproject-archive-keyring.gpg] https://dl.packager.io/srv/deb/opf/openproject/stable/12/debian/ 10 main
Active apt repos in: /etc/apt/sources.list.d/signal-xenial.list
1: deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt/ xenial main
Active apt repos in: /etc/apt/sources.list.d/sublime-text.list
1: deb [signed-by=/usr/share/keyrings/sublime-text-archive-keyring.gpg] https://download.sublimetext.com/ apt/stable/
Active apt repos in: /etc/apt/sources.list.d/winehq.list
1: deb [signed-by=/usr/share/keyrings/winehq-archive-keyring.gpg] https://dl.winehq.org/wine-builds/debian/ bullseye main
sorry, but everything works fine for my tiny little installation.
what contradicts the
https://gist.github.com/maxhq/7dadf55064aaadc4d9e5993f89fad7b0
( migrate-apt-keys.sh )
ruebe99
Guess its been [Solved] for everybody but me... :(
I still dont get how all these pieces are supposed to fit.
I'll crawl back into my cave till I do a future Siduction re-install.
At that time hope the details on this deb822 format conversion are automatically carried out at install time.
Best to all.
@ruebe66, but I think <foo>.list files will be replaced by <foo>.sources, sooner than later.
And for that reason, I think we should go the right way because in a not so far future you have to change it again.
Do not misunderstand me, it is ok how you solved it, it is right and it will work for a while, but think about it.
And keep in mind, with the deb.822 format you can insert a key directly in the <foo>.sources file, there is more power than in the <one-liner>.list file.
Quote from: onepiece on 2025/01/23, 22:05:44
Guess its been [Solved] for everybody but me... :(
I still dont get how all these pieces are supposed to fit.
I'll crawl back into my cave till I do a future Siduction re-install.
At that time hope the details on this deb822 format conversion are automatically carried out at install time.
Best to all.
There is no reason to give up.
(Raffi is still searching for that "One Pice" and didn't gave up)
Quote from: hendrikL on 2025/01/23, 09:50:46
For our /etc/apt/sources.list.d/extra.list and fixes.list,
You have to change <foo>.list to <foo>.sources.
mv extra.list extra.sources
mv fixes.list fixes.sources
open them with an editor of your choice, every step has to be done as root, and change them.
nano fixes.sources
Types: deb deb-src
URIs: https://<the.server.you.prefer.ltd>/fixes
Suites: unstable
Components: main
Enabled: yes
Signed-By: /usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg
and for extra.sources
Types: deb deb-src
URIs: https://<the.server.you.prefer.ltd>/extra
Suites: unstable
Components: main
Enabled: yes
Signed-By: /usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg
and the debian.sources should contain
Types: deb deb-src
URIs: https://deb.debian.org/debian
Suites: unstable
Components: main contrib non-free non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Create this files and insert with copy and paste.
EN
A small script for siduction users.
It backup the directory /etc/apt/sources.list.d to /etc/apt/sources.list.d-old.
It then converts the existing files into the new deb822 format.
The Signed-By: line only contains an entry for debian or siduction.
For other sources, the user must make the entry themselves.
Tested on a "shine on ..." and a "wintersky" installation.
Save the script with any name in /usr/local/bin/ and make it executable.
Then run it.
DE
Ein kleines Skript für siduction User.
Es sichert das Verzeichnis /etc/apt/sources.list.d nach /etc/apt/sources.list.d-old.
Anschließend wandelt es die vorhandenen Dateien in das neue Format deb822 um.
Die Signed-By: Zeile erhält nur für debian oder siduction einen Eintrag.
Bei anderen Quellen muss der User den Eintrag selbst vornehmen.
Getestet auf einer "shine on ..." und einer "wintersky" Installation.
Das Skript mit beliebigen Namen in /usr/local/bin/ speichern und ausführbar machen.
Dann ausführen.
#!/usr/bin/bash
datei=""
zeile=""
quelle="/etc/apt/sources.list.d/"
###################
### Begin funktions
transform () {
zeile=$(sed 's! \+! !g' <<<$zeile)
aktiv=""
if grep -q "^#" <<<$zeile; then
aktiv="no"
werte=($(sed 's!^# \?!!' <<<$zeile))
else
aktiv="yes"
werte=($(cat <<<$zeile))
fi
# Signature file for debian and siduction only.
# Others remain empty.
if $(grep -q debian <<<${werte[1]}); then
signatur="/usr/share/keyrings/debian-archive-keyring.gpg"
elif $(grep -q siduction <<<${werte[1]}); then
signatur="/usr/share/keyrings/siduction-archive-keyring.gpg"
else
signatur=""
fi
echo "Types: ${werte[0]}" >> "$quelle"$(basename -s list "$datei")sources
echo "URIs: ${werte[1]}" >> "$quelle"$(basename -s list "$datei")sources
echo "Suites: ${werte[2]}" >> "$quelle"$(basename -s list "$datei")sources
echo "Components: ${werte[@]:3}" >> "$quelle"$(basename -s list "$datei")sources
echo "Enabled: $aktiv" >> "$quelle"$(basename -s list "$datei")sources
echo "Signed-By: $signatur" >> "$quelle"$(basename -s list "$datei")sources
echo "" >> "$quelle"$(basename -s list "$datei")sources
}
### End funktions
#################
# Backup the sources list folder.
mkdir /etc/apt/sources.list.d-old 2>/dev/null
cp -a /etc/apt/sources.list.d/* /etc/apt/sources.list.d-old/
for datei in $(ls "$quelle"); do
while read zeile; do
if [ "X$zeile" = "X" ]; then
echo "" >> "$quelle"$(basename -s list "$datei")sources
else
if $(grep -q "^#\? *deb[ -]\(src \)\?" <<<"$zeile"); then
transform
else
echo "$zeile" >> "$quelle"$(basename -s list "$datei")sources
fi
fi
done <<< $(cat "$quelle$datei")
rm "$quelle$datei"
done
exit 0
I agree to the spirit of future - but messages like "read man page apt-secure (7)" are not really transparent/useful for me. or did you try it even once?
my standard reply might be "why the hack I have probs only with debian" - I'm running several machines at home and in fact sid based since decades, And I agree again: security first! - innovation second.
Just fyi : I swapped for reasons given for all important things to opensuse (tumbleweed) - name it production system. and I have no win installation for given reasons. so I am always badly surprised about "enhancement" causing nothing but trouble and weak information all around.
thanks to all the hints and knowledge I can find here, but nevertheless I am looking for solutions.
Quote from: ruebe99 on 2025/01/23, 22:37:00
thanks to all the hints and knowledge I can find here, but nevertheless I am looking for solutions.
The solution has been posted several times. I'm not sure what the issue still is? convert debian.list to debian.sources in the format posted several times here. As well as any other repos you may have. There is also a link to the Debian wiki explaining how and why that I posted earlier.
Sorry people, but I do not understand your problems. Both versions .list and .sources work. It is just that apt tries to enforce putting a signed-by entry into the .list "one-liner" file and a Signed-By into the .sources now. Soon it could even insist on it.
Both(!) versions need the full path to the keyring or signature file! [That is a shortcoming, because the filename should suffice and the /usr/share/keyrings and the /etc/keyrings directories, suggested as places for the signature files, should be searched by default for the filenames. As were the "trusted" entries and directories before. But as of today they are not. A pity, making for uneccessary long entries.] And even for Siduction and its .gpg file /usr/share/keyrings is sufficient, as there is a symlink to the actual location there.
By the way, as much as I like the "822"-format, it is actually the older format, dating back to at least "Ham", the "one-liner" being the newer one. So you are actually suggesting to switch from the newer to the older format ;D.
And you may even mix and mingle entries in the one or other form and both will be used by apt (simultaneously). Just put them into the matching directory and give them the according filename extension.
There is nothing new here, just the introduction of "signed" recently, now nagged about, and may be required later on.
Quote from: onepiece on 2025/01/23, 22:05:44
Guess its been [Solved] for everybody but me... :(
I still dont get how all these pieces are supposed to fit.
Just try one step after the other. Count the lines with "Notice:" from "apt update" first.
Then create a debian.sources as in Reply #1 and disable the lines in debian.list.
Execute "apt update" again and count the amount of "Notice:" lines again.
After that read Reply #5 and try that too.
Quote from: ruebe99 on 2025/01/23, 18:33:57
Had some issues with "signed-by" in sources.list. Don't know if someone already found that little skript at github:
https://gist.github.com/maxhq/7dadf55064aaadc4d9e5993f89fad7b0
It solved the signed-by things in all *list files.
cheers,
ruebe99
Yeah! I used another variation of the script that is in github and it worked like a charm... Although, it still uses the *list extension format. Here is what a did:
;; migrating apt-keys in /etc/apt/sources.list.d
;; cd /tmp
;; git clone https://github.com/kstr0k/migrate-apt-keys.git
;; cd migrate-apt-keys
;; sudo ./migrate-apt-keys /usr/share/keyrings/ /etc/apt/sources.list.d/*.list
Here are examples for the .list format:
One for Siduction, one for Sid:
- deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] https://ftp.halifax.rwth-aachen.de/debian unstable main contrib non-free-firmware non-free
- deb [signed-by=/usr/share/keyrings/siduction-archive-keyring.gpg] https://packages.siduction.org/extra unstable main contrib non-free-firmware non-free
Quote from: ro_sid on 2025/01/24, 12:20:22
Here are examples for the .list format:
One for Siduction, one for Sid:
- deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] https://ftp.halifax.rwth-aachen.de/debian unstable main contrib non-free-firmware non-free
- deb [signed-by=/usr/share/keyrings/siduction-archive-keyring.gpg] https://packages.siduction.org/extra unstable main contrib non-free-firmware non-free
Yes this format works, as it has for some time now. I think, however, that eventually everything will be switched over to the debian.sources format. This is just a guess but I'm sure they didn't come up with something new for no reason other than a second option. I'm putting my money on the debian.sources format.
Quote from: eriefisher on 2025/01/24, 12:58:03
[...]
Yes this format works, as it has for some time now. I think, however, that eventually everything will be switched over to the debian.sources format. This is just a guess but I'm sure they didn't come up with something new for no reason other than a second option. I'm putting my money on the debian.sources format.
I have no problem with these intentions, as deb822 is a very fine format. But it is not(!) new. See my posting above.
(Relatively) New is just the now recommended and later may be required signing of each repository with (just) its own key.
[I believe I went just the other way around some twenty years ago :)]
Hello
I made the modificatons as described from @hendrikl in reply #20. Then apt update and every thing is o.k. No error messages, no errors.
Thanks
DiBe
the scholle1 script (reply#21) did the work for me fast and elegant. Nice one!
thank you @scholle1
toga
Entries can be converted with the help of <https://arty.name/deb822.html> too.
One of the advantages of deb822 is that instead of linking the key you can add the key itself. See examples at https://linuxnews.de/debian-setzt-deb822-fuer-die-quellenliste-um/
Why don't they just choose one format, you now have the existing system which I would think most Debian users are still using, the new system as described in this thread which has two options and now a fourth system as described in your article. It must be confusing for third party vendors.
Problem:
Was mache ich mit list-files wie
deb [signed-by=/usr/share/keyrings/wire-app-keyring.gpg] https://wire-app.wire.com/linux/debian stable main
oder
deb [signed-by=/usr/share/keyrings/enpass-linux-keyring.gpg] https://apt.enpass.io/ stable main
Ich kann diese natürlich mit einem Editor entsprechend anpassen aber was trage ich bei Suites ein? stable funktioniert ebenso wenig wie unstable.
@scholle1:
Das Script funktioniert mit den o. a. list files nicht, das Script macht daraus
Types: deb
URIs: [signed-by=/usr/share/keyrings/wire-app-keyring.gpg]
Suites: https://wire-app.wire.com/linux/debian
Components: stable main
Enabled: yes
Signed-By:
Warum jetzt überhaupt etwas ändern?
Das .list-Format ist genau so gut und ich würde den jetzigen Hype, der hier gerade ausgebrochen ist erst einmal aussitzen. Entstanden ist er wohl, weil jemand gar kein "signed-by" eingetragen hatte und so eine Nachricht erhielt, die ihn auf das deb822 ".sources" Format aufmerksam gemacht hatte. Woraus dann wohl die "Mär" eines (brand-)neuen ;) Formats entstand.
Ach ja, und den Key direkt eintragen. Ja, möglich, aber wo ist der Vorteil? Und dann viel Spaß beim Eintragen eines gesamten Keyrings.
Laßt die apt 3.0 Entwickler ihren Akt erst einmal vernünftig auf die Reihe bekommen. Augenblicklich sehe ich da nur die für mich falsche Tendenz, wieder etwas aufzwingen zu wollen, statt kompatibel zu bleiben.
[Vergleichbares: Die FHS (file system hierarchy) Änderungen, us(e)r-Merge, Gnome nicht mehr ohne Funktionsverlust ohne systemd, systemd selber, dabei KISS wegwerfen, grub-Ablösungsversuche und sicherlich noch andere Dinge mehr.]
Edit: Typo verbessert.
Quote from: harley-peter on 2025/01/25, 13:28:13
Was mache ich mit list-files wie
deb [signed-by=/usr/share/keyrings/wire-app-keyring.gpg] https://wire-app.wire.com/linux/debian stable main
Mit etwas Handarbeit würde ich es so versuchen:
Types: deb
URIs: https://wire-app.wire.com/linux/debian
Suites: stable
Components: main
Enabled: yes
Signed-By: /usr/share/keyrings/wire-app-keyring.gpg
@micspabo
Wie schon im Beitrag erwähnt funktioniert weder der Eintrag stable noch unstable bei Suites.
Quote from: harley-peter on 2025/01/25, 14:06:37
@micspabo
Wie schon im Beitrag erwähnt funktioniert weder der Eintrag stable noch unstable bei Suites.
@harley-peter
Die URi ist mir fremd, sieht für mich aber nicht nach einem Repository aus, wenn ich sie ansteuer...
$ wget https://wire-app.wire.com/linux/debian
--2025-01-25 14:22:36-- https://wire-app.wire.com/linux/debian
Resolving wire-app.wire.com (wire-app.wire.com)... 52.85.92.120, 52.85.92.78, 52.85.92.41, ...
Connecting to wire-app.wire.com (wire-app.wire.com)|52.85.92.120|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2025-01-25 14:22:36 ERROR 403: Forbidden.
Quote from: harley-peter on 2025/01/25, 14:06:37
@micspabo
Wie schon im Beitrag erwähnt funktioniert weder der Eintrag stable noch unstable bei Suites.
Mozilla nightly has similar list file I tried various options to convert to sources format but none worked but list file works fine with no error
Quote from: titan on 2025/01/25, 14:36:28
Quote from: harley-peter on 2025/01/25, 14:06:37
@micspabo
Wie schon im Beitrag erwähnt funktioniert weder der Eintrag stable noch unstable bei Suites.
Mozilla nightly has similar list file I tried various options to convert to sources format but none worked but list file works fine with no error
Can you post the file?
@harley-peter, hm, also hier testweise
# cat /etc/apt/sources.list.d/wire-app.sources
Types: deb
URIs: https://wire-app.wire.com/linux/debian
Suites: stable
Components: main
Enabled: yes
Signed-By: /usr/share/keyrings/wire-app-keyring.gpg
# apt update
Holen:1 https://wire-app.wire.com/linux/debian stable InRelease [4.145 B]
Holen:2 https://wire-app.wire.com/linux/debian stable/main amd64 Packages [573 B]
Holen:3 https://wire-app.wire.com/linux/debian stable amd64 Contents (deb) [629 B]
# apt install -s wire-desktop
Installing:
wire-desktop
Installing dependencies:
libayatana-appindicator3-1 libayatana-ido3-0.4-0 libayatana-indicator3-7 libdbusmenu-glib4 libdbusmenu-gtk3-4 libnotify-bin
Summary:
Upgrading: 0, Installing: 7, Removing: 0, Not Upgrading: 252
Inst libayatana-ido3-0.4-0 (0.10.4-1 Debian:unstable [amd64])
Inst libayatana-indicator3-7 (0.9.4-1+b1 Debian:unstable [amd64])
Inst libdbusmenu-glib4 (18.10.20180917~bzr492+repack1-4 Debian:unstable [amd64])
Inst libdbusmenu-gtk3-4 (18.10.20180917~bzr492+repack1-4 Debian:unstable [amd64])
Inst libayatana-appindicator3-1 (0.5.93+really-2 Debian:unstable [amd64])
Inst libnotify-bin (0.8.3-1+b2 Debian:unstable [amd64])
Inst wire-desktop (3.39.3653-3653 Wire Desktop:stable [amd64])
Conf libayatana-ido3-0.4-0 (0.10.4-1 Debian:unstable [amd64])
Conf libayatana-indicator3-7 (0.9.4-1+b1 Debian:unstable [amd64])
Conf libdbusmenu-glib4 (18.10.20180917~bzr492+repack1-4 Debian:unstable [amd64])
Conf libdbusmenu-gtk3-4 (18.10.20180917~bzr492+repack1-4 Debian:unstable [amd64])
Conf libayatana-appindicator3-1 (0.5.93+really-2 Debian:unstable [amd64])
Conf libnotify-bin (0.8.3-1+b2 Debian:unstable [amd64])
Conf wire-desktop (3.39.3653-3653 Wire Desktop:stable [amd64])
Wie ist die genaue Fehlermeldung bei Dir? ("Funktioniert nicht..." ;) )
Quote from: harley-peter on 2025/01/25, 13:28:13
@scholle1:
Das Script funktioniert mit den o. a. list files nicht, das Script macht daraus
Types: deb
URIs: [signed-by=/usr/share/keyrings/wire-app-keyring.gpg]
Suites: https://wire-app.wire.com/linux/debian
Components: stable main
Enabled: yes
Signed-By:
Das Skript ist für mehrere Jahre alte, per DU auf dem aktuellen Stand gehaltene,
und für frische Installatioen gedacht. So ist der Begleittext auch formuliert.
Es kann und will nicht die manuell getätigten Änderungen der Benutzer abfangen
und auch nicht zusätzlich eingetragene Repos.
Wer an diesen Dateien händisch werkelt, sollte genau wissen was und warum er es
macht, und welche Auswirkungen seine Aktion hat.
Here is the Mozilla list entry if you would like a try at converting it to sources
deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main
I have had a few tries without success
Quote from: titan on 2025/01/25, 17:41:31
Here is the Mozilla list entry if you would like a try at converting it to sources
deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main
I have had a few tries without success
I wonder if it's the .asc key rather than a gpg key that's causing the problem. What was the error message? Maybe "could not find key.gpg"?
The error says it can't parse the repro but it works fine as a list file.
maybe the key should be in trusted.gpg.d like all the others may try tomorrow when I get a minute.
Quote from: titan on 2025/01/25, 18:56:48
The error says it can't parse the repro but it works fine as a list file.
maybe the key should be in trusted.gpg.d like all the others may try tomorrow when I get a minute.
I don't think the location is an issue as long as the path is correct. If I just click on the link I get a 404 error.
@der_bud:
Habe meinen Fehler gefunden, ich hatte in der Zeile Components den Eintrag "stable main" und nicht nur main. stable gelöscht und es funktiojniert. :)
Danke für den Hinweis.
Muss ich für testing und experimental eigene "Blöcke" (weiß kein treffenderes Wort) anlegen oder kann man hinter "suites:" (ist ja Mehrzahl) alle drei eintragen, also
suites: testing unstable experimental
???
Quote from: michaa7 on 2025/01/27, 00:49:15
Muss ich für testing und experimental eigene "Blöcke" (weiß kein treffenderes Wort) anlegen oder kann man hinter "suites:" (ist ja Mehrzahl) alle drei eintragen, also
suites: testing unstable experimental
???
Yes, as long as the key and the URI are the same!
Ja, solange der Schlüssel und die URL die selben sind!
Danke, thanks ...
Debian hat gerade nachgelegt und bietet mit dem Befehl sudo apt modernize-sources eine automatische Konvertierung von .lists auf .sources inklusive dem Signed-By Eintrag, wo möglich. Die alten .list Einträge werden als .list.bak gespeichert. Eine Simulation ist möglich, um zu sehen, was gemacht werden würde. Sowohl die Simulation als auch die Umwandlung selbst funktionierte auf einem Rechner mit 13 noch nicht umgestellten Quelleinträgen ohne Probleme. Es wäre schön gewesen, wenn das von Anfang an so gewesen wäre.
Debian has just improved and offers an automatic conversion from .lists to .sources including the Signed-By entry, where possible, with the command sudo apt modernize-sources. The old .list entries are saved as .list.bak . A simulation is possible to see what would be done. Both the simulation and the conversion itself worked flawlessly on a computer with 13 source entries that had not yet been converted. It would have been nice if that had been the case from the start.
This is fantastic news for inexperienced Siduction users (like me) who are trying to keep their nose above water. Big thanks to those who made this fix. Loving Siduction even more.
Encouraging - to the degree possible - those who control Debian / Siduction development put The horse before the cart when update/upgrade issues like this crop up in the future.
The credit in this case goes to Debian. Still, they could have done this from the start and not a week after throwing this at users without any comment or help
I thought suites were limited to the Debian definitions stable,testing,unstable and experiential but obviously not as the Mozilla repro now looks like this
Types: deb
URIs: https://packages.mozilla.org/apt/
Suites: mozilla
Components: main
Signed-By: /etc/apt/keyrings/packages.mozilla.org.asc
Quote from: devil on 2025/01/29, 08:33:52
Debian hat gerade nachgelegt und bietet mit dem Befehl sudo apt modernize-sources eine automatische Konvertierung von .lists auf .sources inklusive dem Signed-By Eintrag, wo möglich.
Dazu gibt es auch einen Artikel bei LinuxNews.
Debian vereinfacht Umstellung auf deb822
<https://linuxnews.de/debian-vereinfacht-umstellung-auf-deb822/>
...und was trägt man by Vivaldi bei signed-by ein?
Kann mir da jemand helfen. In /usr/share/keyrings/ ist kein Vivaldi Schlüssel
Keiner weiß, wo du die abgelegt hast. Schau halt mal in /etc/apt/trusted.gpg.d oder /etc/apt/keyrings
Danke für den Hinweis.
In trusted.gpg.d hatte ich bereits Schlüssel für Vivaldi gefunden. Allerdings gleich 4 Stück:
ls -la /etc/apt/trusted.gpg.d
insgesamt 112
drwxr-xr-x 2 root root 4096 24. Jan 08:24 .
drwxr-xr-x 11 root root 4096 30. Jan 08:21 ..
-rw-r--r-- 1 root root 11861 30. Jul 2023 debian-archive-bookworm-automatic.asc
-rw-r--r-- 1 root root 11873 30. Jul 2023 debian-archive-bookworm-security-automatic.asc
-rw-r--r-- 1 root root 461 30. Jul 2023 debian-archive-bookworm-stable.asc
-rw-r--r-- 1 root root 11861 30. Jul 2023 debian-archive-bullseye-automatic.asc
-rw-r--r-- 1 root root 11873 30. Jul 2023 debian-archive-bullseye-security-automatic.asc
-rw-r--r-- 1 root root 3403 30. Jul 2023 debian-archive-bullseye-stable.asc
-rw-r--r-- 1 root root 11093 30. Jul 2023 debian-archive-buster-automatic.asc
-rw-r--r-- 1 root root 11105 30. Jul 2023 debian-archive-buster-security-automatic.asc
-rw-r--r-- 1 root root 1704 30. Jul 2023 debian-archive-buster-stable.asc
lrwxrwxrwx 1 root root 66 16. Sep 2021 siduction-archive-keyring.gpg -> /usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg
-rw-r--r-- 1 root root 2285 24. Jan 08:24 vivaldi-16BD9233.gpg
-rw-r--r-- 1 root root 2285 13. Jan 06:25 vivaldi-33EAAB8E.gpg
-rw-r--r-- 1 root root 2285 11. Jan 2024 vivaldi-4218647E.gpg
-rw-r--r-- 1 root root 2285 24. Jan 08:24 vivaldi-74C35BC8.gpg
Wenn ich mir einen der zwei neusten Schlüssel nehme und eintrage dann kommt das hier:
Aktualisierung für 5 Pakete verfügbar. Führen Sie »apt list --upgradable« aus, um sie anzuzeigen.
Warning: Während der Überprüfung der Signatur trat ein Fehler auf. Das Depot wurde nicht aktualisiert und die vorherigen Indexdateien werden verwendet. GPG-Fehler: https://repo.vivaldi.com/stable/deb stable Release: Sub-process /usr/bin/sqv returned an error code (1), error message is: Missing key C2A2445B0EC3B396BD526E31F739AAC074C35BC8, which is needed to verify signature.
Notice: Das Laden der konfigurierten Datei »main/binary-i386/Packages« wird übersprungen, da das Depot »https://repo.radeon.com/rocm/apt/6.3.1 noble InRelease« die Architektur »i386« nicht unterstützt.
Warning: Fehlschlag beim Holen von https://repo.vivaldi.com/stable/deb/dists/stable/Release.gpg Sub-process /usr/bin/sqv returned an error code (1), error message is: Missing key C2A2445B0EC3B396BD526E31F739AAC074C35BC8, which is needed to verify signature.
Warning: Einige Indexdateien konnten nicht heruntergeladen werden. Sie wurden ignoriert oder alte an ihrer Stelle benutzt.
So hab nun mal Vivaldi gepurged und die verbliebenen Vivaldi Schlüssel in /etc/apt/trusted.gpg.d händisch gelöscht. Anschließend Vivaldi wieder installiert. Es werden in /etc/apt/trusted.gpg.d zwei Schlüssel angelegt. Diese habe ich nun beide in vivaldi.sources eingetragen. Sieht dann so aus:
Types: deb
URIs: https://repo.vivaldi.com/stable/deb/
Suites: stable
Components: main
Signed-By: /etc/apt/trusted.gpg.d/vivaldi-16BD9233.gpg
Signed-By: /etc/apt/trusted.gpg.d/vivaldi-74C35BC8.gpg
So sieht das dann beim Aktualisieren aus.
OK:1 http://ftp.uni-stuttgart.de/siduction/extra unstable InRelease
OK:2 http://ftp.uni-stuttgart.de/siduction/fixes unstable InRelease
OK:3 https://repo.radeon.com/amdgpu/6.3.1/ubuntu noble InRelease
OK:4 https://deb.debian.org/debian unstable InRelease
Ign:5 https://repo.vivaldi.com/stable/deb stable InRelease
Holen:6 https://repo.vivaldi.com/stable/deb stable Release [3.840 B]
OK:7 https://repo.steampowered.com/steam stable InRelease
OK:8 https://repo.radeon.com/rocm/apt/6.3.1 noble InRelease
Holen:9 https://repo.vivaldi.com/stable/deb stable Release.gpg [833 B]
Holen:10 https://repo.vivaldi.com/stable/deb stable/main amd64 Packages [1.544 B]
Holen:11 https://repo.vivaldi.com/stable/deb stable/main amd64 Contents (deb) [13,4 kB]
Es wurden 15,8 kB in 0 s geholt (57,1 kB/s).
Aktualisierung für 36 Pakete verfügbar. Führen Sie »apt list --upgradable« aus, um sie anzuzeigen.
Notice: Das Laden der konfigurierten Datei »main/binary-i386/Packages« wird übersprungen, da das Depot »https://repo.radeon.com/rocm/apt/6.3.1 noble InRelease« die Architektur »i386« nicht unterstützt.
Notice: Das Laden der konfigurierten Datei »main/binary-i386/Packages« wird übersprungen, da das Depot »https://repo.vivaldi.com/stable/deb stable InRelease« die Architektur »i386« nicht unterstützt.
Ich nehme an die Hinweise auf die 386 Pakete kann ich getrost ignorieren. Somit sollte das nun wieder passen.
QuoteIch nehme an die Hinweise auf die 386 Pakete kann ich getrost ignorieren.
Mal halt
Architectures: amd64noch mit in das File.
Jau, vielen Dank!
So sieht's dann auch wieder ein bisserl ordentlicher aus.
(Das ist zugegebenermaßen ein Crossposting mit dem debianforum.de; aber es gehört ja eigentlich hierhin. Sorry)
Ist es denn egal welches der beiden Verzeichnisse (s.u.) man nutzt? /etc/apt/keyrings/ oder /usr/share/keyrings/
(Mal davon abgesehen dass siduction-archive-keyring.gpg nach dem Verschieben nicht mehr funktioniert. Das ist irgendwie keine normale Datei und wird im mc als @siduction-archive-keyring.gpg angezeigt, nach dem Verschieben als !siduction-archive-keyring.gpg)
Siehe:
QuoteThe proper solution is explained in that Linux Uprising article and on the Debian Wiki: Store the key in /etc/apt/keyrings/ (or /usr/share/keyrings/ if keys are managed by a package), and then reference the key in the apt source list.
https://stackoverflow.com/questions/68992799/warning-apt-key-is-deprecated-manage-keyring-files-in-trusted-gpg-d-instead
I converted all my repros to the new format back in January and all has worked OK until a few days ago when I now get error
Notice: Missing Signed-By in the sources.list(5) entry for 'https://ftp.belnet.be/mirror/siduction/extra'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://ftp.belnet.be/mirror/siduction/fixes'
But the signed by correctly points to the key in
/usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg
Has something changed as this has been working fine for two months
Please show us the source file.
[Types: deb deb-src
URIs: https://ftp.belnet.be/mirror/siduction/extra
Suites: unstable
Components: main
Enabled: yes
Signed-By: /usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg
and
ls -l /usr/share/siduction-archive-keyring/
?
[ <-Types:
That slash before Types is wrong!?
I have the same thing since yesterday:
Hinweis: Fehlendes Signed-By im Eintrag sources.list(5) für »https://ftp.belnet.be/mirror/siduction/extra«
Hinweis: Fehlendes Signed-By im Eintrag sources.list(5) für »https://ftp.belnet.be/mirror/siduction/fixes«
Hinweis: Fehlendes Signed-By im Eintrag sources.list(5) für »https://deb.opera.com/opera-stable«
Hinweis: Fehlendes Signed-By im Eintrag sources.list(5) für »https://repo.vivaldi.com/stable/deb«
Something must've changed, bit I have not found out, what.
Hi
I don't use belnet or opera repos, only vivaldi. It's one for stable, one for snapshot.
https://repo.vivaldi.com/archive/deb
https://repo.vivaldi.com/stable/deb
Both working without any error message.
Quote from: hendrikL on 2025/03/22, 14:52:04
and
ls -l /usr/share/siduction-archive-keyring/
?
ls -l /usr/share/siduction-archive-keyring/
total 8
-rw-r--r-- 1 root root 3204 Sep 16 2021 45C45076.asc
-rw-r--r-- 1 root root 2307 Sep 16 2021 siduction-archive-keyring.gpg
The [ is just the forum code bracket it is not in the file
Quote from: titan on 2025/03/22, 09:26:48
...
But the signed by correctly points to the key in
/usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg
...
correctly? sure?
Here the full path is:
Signed-By: /usr/share/keyrings/siduction-archive-keyring.gpg
Well it points to where the key actually is
Ok, but do you still have a sources.list file (as opposed to the sources.list.d)
I don't.
By default
/usr/share/keyrings/siduction-archive-keyring.gpg
is a link to
/usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg
For me inside "/usr/share/keyrings/" all "debian-xxx.gpg" are the file itself, not a link.
@titan, @devil:
Do you use .list or .sources files?
Or are both present?
The output of titan shows deb822 format (.sources). The error message refers to sources.list.
Maybe the name should refer to the folder?
Only .sources no .list files As I said in first post this has been working OK since January just started to get the error messages a couple of days ago.
and if you fetch the key again from belnet with
apt install --reinstall --allow-unauthenticated siduction-archiv-keyring
I don't know if the name of the keyring is right, I typing from my phone, so check it.
I reinstalled the keys no change, still the error, I also ran the
apt modernize-sources
still no change
and when you change the mirror?
Quote from: hendrikL on 2025/03/23, 09:55:52
and when you change the mirror?
Thanks, It looks like it was the belnet repro, I changed to Stuttgart and the error has gone