[Solved] How to migrate sources.list entries to deb822?

micspabo · 2025/01/21, 19:46:18

After last Full-Upgrade I get warnings during 'apt update' like:


Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/extra'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/fixes'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://debian.mirror.iphh.net/debian'
Notice: Consider migrating all sources.list(5) entries to the deb822 .sources format
Notice: The deb822 .sources format supports both embedded as well as external OpenPGP keys
Notice: See apt-secure(7) for best practices in configuring repository signing.

Though I did find <https://repolib.readthedocs.io/en/latest/deb822-format.html>
the examples do not show Signed-By lines.

What are we expected to do in this case?

micspabo · 2025/01/21, 20:45:00

I have been able to remove two lines.
As I do not use nala anymore, I disables one line from '/etc/apt/sources.list.d/nala-sources.list'.

I have been able to migrate the entry from '/etc/apt/sources.list.d/debian.list' by:

Code Select


# nano /etc/apt/sources.list.d/debian.sources
  Types:      deb
  URIs:       https://deb.debian.org/debian/
  Suites:     unstable
  Components: main contrib non-free non-free-firmware
  Enabled:    yes
  Signed-By:  /usr/share/keyrings/debian-archive-keyring.gpg

After this:

Code Select


# apt update
Hit:1 https://packages.siduction.org/extra unstable InRelease
Hit:2 https://packages.siduction.org/fixes unstable InRelease
Hit:3 https://deb.debian.org/debian unstable InRelease
All packages are up to date.    
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/extra'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/fixes'
Notice: Consider migrating all sources.list(5) entries to the deb822 .sources format
Notice: The deb822 .sources format supports both embedded as well as external OpenPGP keys
Notice: See apt-secure(7) for best practices in configuring repository signing.

Code Select


# ls /usr/share/keyrings/
total 192K
-rw-r--r-- 1 root root 8,5K 2023-07-30 21:24 debian-archive-bookworm-automatic.gpg
-rw-r--r-- 1 root root 8,6K 2023-07-30 21:24 debian-archive-bookworm-security-automatic.gpg
-rw-r--r-- 1 root root  280 2023-07-30 21:24 debian-archive-bookworm-stable.gpg
-rw-r--r-- 1 root root 8,5K 2023-07-30 21:24 debian-archive-bullseye-automatic.gpg
-rw-r--r-- 1 root root 8,6K 2023-07-30 21:24 debian-archive-bullseye-security-automatic.gpg
-rw-r--r-- 1 root root 2,4K 2023-07-30 21:24 debian-archive-bullseye-stable.gpg
-rw-r--r-- 1 root root 8,0K 2023-07-30 21:24 debian-archive-buster-automatic.gpg
-rw-r--r-- 1 root root 8,0K 2023-07-30 21:24 debian-archive-buster-security-automatic.gpg
-rw-r--r-- 1 root root 2,3K 2023-07-30 21:24 debian-archive-buster-stable.gpg
-rw-r--r-- 1 root root  55K 2023-07-30 21:24 debian-archive-keyring.gpg
-rw-r--r-- 1 root root  53K 2023-07-30 21:24 debian-archive-removed-keys.gpg
lrwxrwxrwx 1 root root   58 2021-09-16 22:14 siduction-archive-keyring.gpg -> ../siduction-archive-keyring/siduction-archive-keyring.gpg

Code Select


# ls /etc/apt/sources.list.d/*.list
-rw-r--r-- 1 root root  298 2024-02-24 18:11 /etc/apt/sources.list.d/dbgsym.list
-rw-r--r-- 1 root root  573 2025-01-21 20:14 /etc/apt/sources.list.d/debian.list
-rw-r--r-- 1 root root 3,0K 2024-03-24 21:37 /etc/apt/sources.list.d/extra.list
-rw-r--r-- 1 root root 3,1K 2024-03-24 21:38 /etc/apt/sources.list.d/fixes.list
-rw-r--r-- 1 root root  359 2025-01-21 20:23 /etc/apt/sources.list.d/nala-sources.list

If you have a fresh installation done using the iso from shine-on,
could you please check if extra.sources and fixes.sources do exist there?

onepiece · 2025/01/22, 23:02:05

I also need help to fix an identical error. I routinely update my GIANTS install but started getting the below pasted error day before yesterday.
Found some "help" by Googling...but I trust this SIDUCTION forum much more than Google answers. Can anyone give me step by step instructions to get rid of these error messages? Thank you in advance.

d@d-virtualbox:~$ sudo apt update
Hit:1 https://deb.debian.org/debian trixie InRelease
Hit:2 https://deb.debian.org/debian unstable InRelease
Hit:3 https://brave-browser-apt-release.s3.brave.com stable InRelease
Hit:4 https://ftp.belnet.be/mirror/siduction/extra unstable InRelease
Hit:5 https://ftp.belnet.be/mirror/siduction/fixes unstable InRelease
All packages are up to date.
Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://ftp.belnet.be/mirror/siduction/extra'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://ftp.belnet.be/mirror/siduction/fixes'
Notice: Consider migrating all sources.list(5) entries to the deb822 .sources format
Notice: The deb822 .sources format supports both embedded as well as external OpenPGP keys
Notice: See apt-secure(7) for best practices in configuring repository signing.
d@d-virtualbox:~$

eriefisher · 2025/01/23, 00:09:18

You should be converting your soucres.list over repo.sources as shown above.

Code Select

Types:      deb
URIs:       https://deb.debian.org/debian/
Suites:     unstable
Components: main contrib non-free non-free-firmware
Enabled:    yes
Signed-By:  /usr/share/keyrings/debian-archive-keyring.gpg

This one would be named debian.sources.
You could also put the keyring path in line in the sources.list.

Code Select

deb [signed-by=/path/to/keyring.gpg] http://blah.blah.........

eriefisher · 2025/01/23, 00:45:04

For more info.

https://wiki.debian.org/SourcesList

hendrikL · 2025/01/23, 09:50:46

For our /etc/apt/sources.list.d/extra.list and fixes.list,
You have to change <foo>.list to <foo>.sources.

Code Select


mv extra.list extra.sources
mv fixes.list fixes.sources

open them with an editor of your choice, every step has to be done as root, and change them.

Code Select


nano fixes.sources

Types: deb deb-src
URIs: https://<the.server.you.prefer.ltd>/fixes
Suites: unstable
Components: main
Enabled: yes
Signed-By: /usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg

and for extra.sources

Code Select


Types: deb deb-src
URIs: https://<the.server.you.prefer.ltd>/extra
Suites: unstable
Components: main
Enabled: yes
Signed-By: /usr/share/siduction-archive-keyring/siduction-archive-keyring.gpg

charlyheinz · 2025/01/23, 14:07:58

Dos anyone know how synaptic can handle source- entries in deb822- format. Do I have to change settings in Synaptic so that it is possible to use this *.sources files in Synaptic?

On the other hand actually it seems there is no need to change the entries in sourcelist.d right now because apt will proceed any updates with the old *.list files up to now. I've tested the old *.list on a second PC. All I've got was the warning about missing keys for the repo.
For sure the new *.sources files are working nice especially with the possibility to name the keys in that files.

Please give me a hint if I am on a wrong way.

devil · 2025/01/23, 14:59:28

After doing the changes in

Code Select

/etc/apt/sources.list.d an

Code Select

apt update should do the trick.

charlyheinz · 2025/01/23, 15:18:49

When I've changed the entries to *.sources in system.d for me it is not possible to manage the sources in synaptic anymore. I just like to overview upgrades in synaptic before I proceed an upgrade / update using apt / apt-get.

eriefisher · 2025/01/23, 15:31:50

In system.d? I just checked Synaptic, It doesn't display the new format but it does read them.

hendrikL · 2025/01/23, 15:36:08

Quote from: charlyheinz on 2025/01/23, 15:18:49
When I've changed the entries to *.sources in system.d for me it is not possible to manage the sources in synaptic anymore. I just like to overview upgrades in synaptic before I proceed an upgrade / update using apt / apt-get.

Why in system.d? How .....
I hope you mean /etc/apt/sources.list.d/.

Please give us the output of:

Code Select


ls /etc/apt/sources.list.d/

and

Code Select

cat /etc/apt/sources.list.d/debian.sources

charlyheinz · 2025/01/23, 17:45:02

No sorry. Not in system.d. Bullschitt.
In /etc/apt/sources.list.d/.
May be I am a little bit in panic 'cause of the political occurences? WaF.

ruebe99 · 2025/01/23, 18:33:57

Had some issues with "signed-by" in sources.list. Don't know if someone already found that little skript at github:

https://gist.github.com/maxhq/7dadf55064aaadc4d9e5993f89fad7b0

It solved the signed-by things in all *list files.
cheers,
ruebe99

onepiece · 2025/01/23, 20:38:00

Hello Folks,
Onepiece here. I made Reply #2 on this tread.
I have an understanding of the theory of what needs to be done to fix this, but I'm still very, very confused about the actual steps needed to remedy. There are some highly experienced and highly technical answers in this thread, but I'm hoping someone can "dumb it down" for me to do the fix. Here is my understanding...please correct me where I'm off track.

The old way of managing "Signed by" is using the standard file that was created during the initial installation. This now outdated file is called: /etc/apt/sources.list.
This file should be DELETED and REPLACED by the new deb822 format-compliant file titled: /etc/apt/sources.list.d/debian.sources

The contents of the new file, /etc/apt/sources.list.d/debian.sources should contain a short paragraph for EACH of the Notices that indicate a Signed by problem. In my case these Notices are:

Notice: Missing Signed-By in the sources.list(5) entry for 'https://deb.debian.org/debian
Notice: Missing Signed-By in the sources.list(5) entry for 'https://packages.siduction.org/fixes'

So, I should create a new /etc/apt/sources.list.d/debian.sources file that contains these two paragraphs:

Types: deb
URIs: https://deb.debian.org/debian/
Suites: unstable
Components: main contrib non-free non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: https://packages.siduction.org/fixes
Suites: unstable
Components: main contrib non-free non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Did I get this right? Please dumb down any replies so that even a cave man can understand. Thank you.
.
.

micspabo · 2025/01/23, 20:56:51

Please compare extra.sources and fixes.sources from @hendrikL, especially the lines with "Components:"!
He only puts "main" into that line.

I do expect that its enough if "non-free" and "non-free-firmware" are placed in "debian.sources".

Code Select


# inxi -r | grep -v "No active apt repos in:"
Repos:
  Active apt repos in: /etc/apt/sources.list.d/debian.sources
    1: deb https://deb.debian.org/debian/ unstable main contrib non-free non-free-firmware
  Active apt repos in: /etc/apt/sources.list.d/extra.sources
    1: deb https://packages.siduction.org/extra unstable main
  Active apt repos in: /etc/apt/sources.list.d/fixes.sources
    1: deb https://packages.siduction.org/fixes unstable main

@hendrikL: Thanks a lot.