Gary L. Roach: > > Some of my most useful software is only available through Ubuntu PPA's . I > can no longer access PPA's since Debian changed their security policies. > When trying to access a PPA I get the following: > > The repository > 'http://ppa.launchpad.net/elmer-csc-ubuntu/elmer-csc-ppa/ubuntu hirsute > Release' does not have a Release file. > N: Updating from such a repository can't be done securely, and is therefore > disabled by default. > N: See apt-secure(8) manpage for repository creation and user configuration > details. > > > The man page alludes to a couple of different ways to bypass the system but > really sketchy about how to apply them. There is at least a half dozen files > that could be involved.
I do not find that confusing or sketchy: | You can force all APT clients to raise only warnings by setting the | configuration option Acquire::AllowInsecureRepositories to true. | Individual repositories can also be allowed to be insecure via the | sources.list(5) option allow-insecure=yes. You can set Acquire::AllowInsecureRepositories in, for example, /etc/apt/apt-conf.d/local. This is a standard apt configuration mechanism, see apt.conf(5). For individual repositories you are referred to sources.list(5) which mentions this format: | deb [ option1=value1 option2=value2 ] uri suite [component1] [component2] […] So you can just add allow-insecure=yes after the "deb" keyword (and the following whitespace) like so: deb [allow-insecure=yes] http://deb.debian.org/debian/ buster main Do you understand the implications of this? It basically means that apt will be unable to protect you from installing manipulated packages. Without a Release file, there is no crpytographic signature that could ensure that the packages you are installing contain what the PPA author intends them to contain. > Further, there is a note that basically says that > all of the methods will be discontinued in the future. This would > essentially preclude the use of Ubuntu PPA's. Using packages compiled for a different distribution is always a bad choice. I understand you are saying it is your only choice, but it is still bad and has a high chance of leading to problems. You might be better off using the targeted distribution instead. Not necessarily on bare metal, maybe a VM, a chroot or a container image serve your purposes better. J. -- There is no justice in road accidents. [Agree] [Disagree] <http://archive.slowlydownward.com/NODATA/data_enter2.html>
signature.asc
Description: PGP signature
