Your message dated Wed, 01 Jan 2025 22:04:23 +0000
with message-id <e1tt6pd-00d9cv...@fasolo.debian.org>
and subject line Bug#1091679: fixed in apt 2.9.21
has caused the Debian Bug report #1091679,
regarding apt: change of behaviour re. signed repos and .../trusted.gpg.d/
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1091679: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091679
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt
Version: 2.9.19
Severity: minor
Dear Maintainer,
There has been a change of behaviour regarding how the trusted.gpg.d directory
gets dealt with since 2.9.19 when a non-standard Dir is configured.
I have found a work-around, which is to set Dir::Etc::trustedparts to
"/etc/apt/trusted.gpg.d" in our local config. Perhaps we should always have been
setting that, but it seems that things worked without it pre-2.9.19 so I thought
you might like to know that something had changed, given that you've just
switched to Sequoia.
When building test versions of Debian-Installer with the "branch2repo" pipeline
that we use for building udebs on salsa, we create a repository using aptly
containing the udebs. Later in the pipeline, we add that repository to the
sources.list.udeb.local that is used within the D-I build process for collecting
the udebs that will go into the images.
We set APT_CONFIG to point at our local config, then use apt-get to do an
update, then download the udebs we need.
This is mostly done in a script called get-packages, with the bit that creates
the local config being here:
https://salsa.debian.org/installer-team/debian-installer/-/blob/20241227/build/util/get-packages?ref_type=tags#L83
This all worked until 2.9.19, at which point it stopped working in the case
where we're adding the local aptly URL.
You can see it failing here:
https://salsa.debian.org/philh/cdebconf/-/jobs/6829946#L3465
(the error is on line 3465)
for some reason, this only seems to be a problem when the local aptly repo is
specified -- the sources line in question can be seen here:
https://salsa.debian.org/philh/cdebconf/-/jobs/6829946#L3418
(on line 3418)
It occurs to me that the distinguishing feature may be that this is using https,
whereas the normal repo URL is http, and that this is using signed-by= in the
line, whereas the deb.debian.org lines are relying on installed keys somehow.
As mentioned at the outset, the problem can be fixed with this change to out
local configuration:
https://salsa.debian.org/philh/debian-installer/-/commit/10c77e7fe79d8349804126a7bd98305636f56984
but I'm left wondering why the change was needed, and whether the new behaviour
is intentional.
Cheers, Phil.
--- End Message ---
--- Begin Message ---
Source: apt
Source-Version: 2.9.21
Done: Julian Andres Klode <j...@debian.org>
We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1091...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julian Andres Klode <j...@debian.org> (supplier of updated apt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 01 Jan 2025 22:48:55 +0100
Source: apt
Architecture: source
Version: 2.9.21
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <de...@lists.debian.org>
Changed-By: Julian Andres Klode <j...@debian.org>
Closes: 1091351 1091679
Changes:
apt (2.9.21) unstable; urgency=medium
.
[ Simon McVittie ]
* sources.list(5): Suggest VENDOR.sources for new systems
.
[ Guillem Jover ]
* Remove non-US leftovers in code and documentation
* Remove obsolete references to ftp://ftp.debian.org
* Use deb.debian.org instead of ftp.debian.org URLs
.
[ Julian Andres Klode ]
* Extend v3 subkey expiry to 2026, owing to OBS use
* sqv: Avoid propagating errors between files (Closes: #1091679)
* http: seccomp: Allow reading directories (Closes: #1091351)
* test: Check "${METHODSDIR}/sqv" not "/usr/bin/sqv"
* Unfuzzy documentation translations
* Run update-po4a
Checksums-Sha1:
8393b47a5553b91e99561b301f10763269c40735 3181 apt_2.9.21.dsc
e4af8f89f93a187910fa8a9fc8d6a2289e2bea05 2393404 apt_2.9.21.tar.xz
67d7f435d7db2387624b38fe4f2fc2a4d9e65888 7640 apt_2.9.21_source.buildinfo
Checksums-Sha256:
423decf34fbf98b16008035f0e14dc49dcb08e3a61e8ff55ae493fc0163a964d 3181
apt_2.9.21.dsc
cac74e48f66e00f8c5f5bc67c439c3d551a07921a26dcd48234ad398bacd6e11 2393404
apt_2.9.21.tar.xz
adcc00050dc00176eb2c65829e0067faa8194d0606a87ae54907ca54b253bea2 7640
apt_2.9.21_source.buildinfo
Files:
3f6805df1385ba773728a1fbde216a1b 3181 admin required apt_2.9.21.dsc
da872aa82be570f732a5e2a9075891bc 2393404 admin required apt_2.9.21.tar.xz
37c799498c4759129abe256189ccf607 7640 admin required
apt_2.9.21_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJndbldCRBvpFjdHbA/cUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmf7I/eIkRwECNTH59/1jw83dFaBhOnY8oLnsc1TKA4X
QBYhBE+1iKhMLd55p0x3h2+kWN0dsD9xAADnrQ/+PqCQ0vpQYpvXGZM72HZ0aj92
HFVvL7N3O+68XVkyrY+tDSOyTcqtjPIu38Hq32lqUlvN9NsnyswONg5qpqrcRK/A
uHEDBDI0guchxq+/GiUQE+DE9NjPtSaXDmoozsbDOZP/355YoQejvLcrL3k0RcQn
AbTCyCuXblmguQemrk1WvSbQjuB6EgXcbE+/F+k6ptQxjyd2uAcZfKG72cDkA5Ea
RdQLwG0ETeV+tZZDO1JEkXL79vRhukvOuzpdOyYqKu74QHrk3ggf+Hl0s+0hT+nn
PgBEepFbVFzr/R/2mtpCMJgCjloIZXKyc6N+glgIgfJDigkz2G0vezsTw/eCuxWW
fZq08gZg9QluLJxu4BqQI8h+ZnGvPBGSoNOjnQxYJR6shtT1m7F9/FqEb+mLffQa
XdtSB/rzi/KifrP/Cof5cH3mnntwjQLL5mgN24bCMHWTHSNmEZxEkSu4EitoZAyg
jTqc9iVAujYk74HC+W/QK16bBFL5ZRbowH99o913QdHW8g8JQPTUxTOLwLX49Bs8
I1rQ7rHCl7TZtVWpQ16gE0qF49Z0x6HhfSnGDi7tuhOZPz1BwE9eHNtiTXmGV+sk
8wqkTnqAJMN8HPAXo5oqahoW5zH4S04T8GVjMAI3vAWmP+xb5zeBJNMsYkQAJv+0
uwW8UqK9CAPWd6iJY0c=
=UJh7
-----END PGP SIGNATURE-----
pgpjTJwpQRzEX.pgp
Description: PGP signature
--- End Message ---
