On Thu, 6 Feb 2025 08:54:28 -0500 Frank McCormick <debianl...@videotron.ca> wrote:
> On 2/6/25 8:20 AM, Charles Curley wrote: > > On Thu, 6 Feb 2025 07:53:07 +0000 > > Andy Smith <a...@strugglers.net> wrote: > > > >> Having said that, I am not sure how the complaint could be > >> addressed since from what I understand you are basically asking > >> for otherwise valid but commented-out sources.list lines to be > >> converted into inactive deb822 files, which seems like a big > >> request. > > > > Another option would be to retain all comments, and let the user > > manually convert commented out entries. Simple, easy to do, and > > only a little obnoxious for the user. > > > > And for those who are wondering, this is going on in trixie. > > > > I did this recently. Seemed to go well except that now when I > update I get > this : > > All packages are up to date. > Notice: Missing Signed-By in the sources.list(5) entry for > 'http://deb.debian.org/debian' > Notice: Missing Signed-By in the sources.list(5) entry for > 'https://repo.vivaldi.com/stable/deb' > > There is no suggestion as to what to do when this happens. > The quick fix in sources.list for debian is to add signed-by into existing lines after deb or deb-src: deb \ [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian/ \ <software categories> The long-term fix is a file standard.sources root:root 644 in /etc/sources.list.d containing: Types: deb URIs: https://deb.debian.org/debian/ Suites: unstable Components: main contrib non-free non-free-firmware Enabled: yes Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg plus a stanza for any other active debian lines in the existing sources.list. When an update is run, you will be warned of double source descriptions. Then you know the new file is OK and can move/rename /etc/sources.list. All should be well. You can add other repositories here but it is better to give them their own sources.list.d/xxxx.sources files e.g. opera-stable.sources, dmo.sources (deb-multimedia.org). Note that some upgrades may place/maintain .list files in sources.list.d, as was formerly customary. This will again cause the double source error, the new file should be checked and if necessary any changes ported into the .sources file, then the .list file moved or renamed. If renamed, apt will find it and be rude about it but ignore it. Non-debian .list files may not contain any signing information, so it may be necessary to track down the signing key. There will be one in your filesystem somewhere, e.g. the opera key is in /etc/apt/trusted.gpg.d and the dmo one with the debian ones in /usr/share/keyrings. Check the Vivaldi website either for the key location or there's probably a current key on the site, or if you're lucky it might be in with the debian keys. Yes, I did all this in sid about a week ago. -- Joe
