Re: Apt-secure and upgrading to bullseye
As I have noted in my previous reply there are VARIOUS bugreports dealing with different aspects of this, so rehashing it all lumped together on d-d@ is not very productive and I would like to advice anyone seriously interested in this to contribute to the relevant one instead. And the rest can be happy as they were asking for "testing" and they got to test something and the gathered test results are now being worked on… On Wed, Jul 10, 2019 at 11:47:28PM -0400, The Wanderer wrote: > For myself, no, a shorter/simplified version of the release notes > probably wouldn't have made me more likely to read them. Clients producing these errors can optionally also print a pointer to the release notes btw, just in case that would nudge anyone to give them a read, it was just not used for now for buster. N: More information about this can be found online in the Release notes at: https://example.org/future > it using apt-get - since that's my preferred client, and the idea of > switching clients just for a single task like this strikes me as > intuitively wrong somehow. In fact, it's possible that I *did* do that; JFTR: apt and apt-get use the very same code for "update" via libapt. In fact all package managers in Debian do, be it aptitude, synaptics or your preferred software center [okay, there are exceptions, but if you happen to use one you will know that]. As such you can mix and match apt clients as much as you like. The difference is in the presentation: "apt" tries to be a little friendlier in interactive usage while "apt-get" sticks to 'what it always did' as much as it can without negative effects [= big bugs and security tend to be the only reason for it changing drastically]. As it is usual for apt clients there is an option for basically everything though. Setting the options listed by the following command for apt-get as well will make it behave as if it were apt: apt-config dump --no-empty Binary::apt Binary::apt::APT::Get::Update::InteractiveReleaseInfoChanges "1"; being responsible for the interactive question in update btw. APT is really not as much magic as people believe… (but I might be biased ) > different clients, earlier in this thread. IMO, if the release notes > need to document any of them, they should document all - or, if it's As an example, the current plan is to make the switch over for Suite changes automatic – if some preconditions are satisfied. The discussion about that isn't hard to find, but here you go: #931566. You are welcome to add any good ideas not already present (that hopefully shows also that this is a tiny bit more complex than it looks at first). Best regards David Kalnischkies signature.asc Description: PGP signature
Re: Apt-secure and upgrading to bullseye
On Mi, 10 iul 19, 23:47:28, The Wanderer wrote: > > The release notes might be a valid place to document this for people > upgrading from oldstable-buster to stable-bullseye after the release of > bullseye, or even (if this would be applicable) switching from stable to > testing-bullseye midway through the release cycle; In my understanding of the issue it only affects users that already have a source in their lists, but the source changes. It shouldn't have any impact on buster users that upgrade to bullseye *after* the release, because they are adding a new source. The biggest impact at bullseye's release will be on buster users, because buster will change from stable to oldstable. It might also have some impact to buster users upgrading to bullseye before the release, however, by then most package managers should be updated to deal with this correctly. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: Apt-secure and upgrading to bullseye
On 2019-07-10 at 15:03, Neil McGovern wrote: > On Wed, Jul 10, 2019 at 07:51:18PM +0100, Julian Gilbey wrote: >> But I realised later that this is going to bite all users when they >> come to upgrade from buster. Perhaps some aptitude and apt-get >> patches can go into a stable (buster) point release, so that fewer >> users are hurt by this in 2-3 years' time? It is quite a >> showstopper! > > Given the release notes tell people to use "apt update", I'd be > interested to know if there was any documentation you read or > followed during the upgrade. If you didn't use the release notes, is > there a reason why? Could a tl;dr version make you more likely to > read them? For myself, no, a shorter/simplified version of the release notes probably wouldn't have made me more likely to read them. I track testing by that name (and have done so for well over a decade), and dist-upgrade on at least a weekly basis, so I never actually upgrade to a new release; I just start pulling from the new testing when the old one moves out from under my feet to become stable. Since I'm not upgrading to a new release, but just sticking with testing as I've been doing all along, I wouldn't think to check release notes. That's especially true just after the release of a new stable; at that point, it's intuitively obvious that testing can't have release notes, because until new package versions migrate from unstable the new testing is *empty*. (Whether this intuition is accurate or not.) As Julian apparently did, I only found the solution for this by a Google search for the error message I was seeing - in my case, in what I recall as being a months-old bug report, since it it hadn't been brought up post-release on e.g. debian-user yet by then. The release notes might be a valid place to document this for people upgrading from oldstable-buster to stable-bullseye after the release of bullseye, or even (if this would be applicable) switching from stable to testing-bullseye midway through the release cycle; it's considerably more reasonable to expect people to think to check release notes before upgrading at those stages. But for people who are merely sticking with testing, after the buster release just as after previous releases, the release notes are IMO not an appropriate answer. Also: I would have tried to reject a "just use 'apt update'" solution, as you say the release notes propose, and kept searching for a way to do it using apt-get - since that's my preferred client, and the idea of switching clients just for a single task like this strikes me as intuitively wrong somehow. In fact, it's possible that I *did* do that; I remember skipping multiple search results which suggested only that solution, and it's even possible that the release notes were one of them. I'd have given in eventually if no "native" solution were to be found, but since in this case one *does* exist, IMO it's not appropriate to present only the solution which would require me to temporarily switch clients. David Kalnischkies presented three different solutions, suitable for different clients, earlier in this thread. IMO, if the release notes need to document any of them, they should document all - or, if it's considered more reasonable to restrict the release notes to discussing one single recommended client, there should be another document somewhere which lists not only all of these solutions but (for discoverability's sake) as many of the client-specific error messages as may be practical. (For those clients which don't present the solution themselves, of course.) -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: Apt-secure and upgrading to bullseye
On Wed, Jul 10, 2019 at 07:51:18PM +0100, Julian Gilbey wrote: > Thanks to everyone for suggestions; I discovered "apt update" through > a Google search. > I've submitted a patch against the release notes to explicitly mention this: https://salsa.debian.org/ddp-team/release-notes/merge_requests/50 > But I realised later that this is going to bite all users when they > come to upgrade from buster. Perhaps some aptitude and apt-get > patches can go into a stable (buster) point release, so that fewer > users are hurt by this in 2-3 years' time? It is quite a showstopper! > Given the release notes tell people to use "apt update", I'd be interested to know if there was any documentation you read or followed during the upgrade. If you didn't use the release notes, is there a reason why? Could a tl;dr version make you more likely to read them? Neil -- signature.asc Description: PGP signature
Re: Apt-secure and upgrading to bullseye
On Wed, Jul 10, 2019 at 02:30:24PM +0200, David Kalnischkies wrote: > Hi, > > On Wed, Jul 10, 2019 at 12:31:51PM +0100, Julian Gilbey wrote: > > Hooray, buster's released! Congrats to all! > > Indeed! ☺ > > > E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed > > its 'Codename' value from 'buster' to 'bullseye' > > N: This must be accepted explicitly before updates for this repository can > > be applied. See apt-secure(8) manpage for details. > > There are various reports about that against apt/aptitude, so I am not > feeling like adding lots of duplicated content now, but the gist is: > > Either use "apt update" (it will ask an interactive question) or > "apt-get update --allow-releaseinfo-change" (see apt-get manpage) or > [least preferred option] set the config option > Acquire::AllowReleaseInfoChange for basically any apt-based client. Thanks to everyone for suggestions; I discovered "apt update" through a Google search. But I realised later that this is going to bite all users when they come to upgrade from buster. Perhaps some aptitude and apt-get patches can go into a stable (buster) point release, so that fewer users are hurt by this in 2-3 years' time? It is quite a showstopper! Best wishes, Julian
Re: Apt-secure and upgrading to bullseye
Julian Gilbey writes: > On Wed, Jul 10, 2019 at 12:31:51PM +0100, Julian Gilbey wrote: >> Hooray, buster's released! Congrats to all! >> >> So I tried upgrading my machine to bullseye today, and >> aptitude/apt-get update don't like this, giving me errors such as: >> >> E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed >> its 'Codename' value from 'buster' to 'bullseye' >> N: This must be accepted explicitly before updates for this repository can >> be applied. See apt-secure(8) manpage for details. >> >> So I read apt-secure(8), which gives no indication of how to "accept >> this explicitly", and neither do any of the linked wiki pages. >> >> Any suggestions? >> >> (And obviously something needs changing so that people aren't stung >> when bullseye is released.) > > Ah, turns out it's a known bug with aptitude. The solution is to run > "apt update", which interactively asks what to do with these changes. If it's any comfort, I had the exact same problem. It would be nice if the warning either pointed to the apt-get(8) man page, where the solution can be found, or some hint was added to the apt-secure(8) man page. I found this section of the apt-secure(8) man page particularily unhelpful: Since version 1.5 the user must therefore explicitly confirm changes to signal that the user is sufficiently prepared e.g. for the new major release of the distribution shipped in the repository (as e.g. indicated by the codename). Those who cares which version this was added will read the changelog. Those reading the man page are more likely looking for instructions, not background info. Bjørn
Re: Apt-secure and upgrading to bullseye
On Wed, Jul 10, 2019 at 12:31:51PM +0100, Julian Gilbey wrote: > Hooray, buster's released! Congrats to all! > > So I tried upgrading my machine to bullseye today, and > aptitude/apt-get update don't like this, giving me errors such as: > > E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed its > 'Codename' value from 'buster' to 'bullseye' > N: This must be accepted explicitly before updates for this repository can be > applied. See apt-secure(8) manpage for details. > > So I read apt-secure(8), which gives no indication of how to "accept > this explicitly", and neither do any of the linked wiki pages. > > Any suggestions? > > (And obviously something needs changing so that people aren't stung > when bullseye is released.) Slightly different but ... https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879786 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929248 I guess it may be worth to try along: $ sudo apt-get --allow-releaseinfo-change update Osamu
Re: Apt-secure and upgrading to bullseye
Hello, Am 10.07.19 um 14:30 schrieb Julian Gilbey: > On Wed, Jul 10, 2019 at 12:31:51PM +0100, Julian Gilbey wrote: >> Hooray, buster's released! Congrats to all! >> >> So I tried upgrading my machine to bullseye today, and >> aptitude/apt-get update don't like this, giving me errors such as: >> >> E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed >> its 'Codename' value from 'buster' to 'bullseye' >> N: This must be accepted explicitly before updates for this repository can >> be applied. See apt-secure(8) manpage for details. >> >> So I read apt-secure(8), which gives no indication of how to "accept >> this explicitly", and neither do any of the linked wiki pages. >> >> Any suggestions? >> >> (And obviously something needs changing so that people aren't stung >> when bullseye is released.) > > Ah, turns out it's a known bug with aptitude. The solution is to run > "apt update", which interactively asks what to do with these changes. that is the reason, why I didn't have this problem. I use apt-get / apt all the time. > > Best wishes, > >Julian > Kind regards -- Mechtilde Stehmann ## Debian Developer ## PGP encryption welcome ## F0E3 7F3D C87A 4998 2899 39E7 F287 7BBA 141A AD7F signature.asc Description: OpenPGP digital signature
Re: Apt-secure and upgrading to bullseye
Hi, On Wed, Jul 10, 2019 at 12:31:51PM +0100, Julian Gilbey wrote: > Hooray, buster's released! Congrats to all! Indeed! ☺ > E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed its > 'Codename' value from 'buster' to 'bullseye' > N: This must be accepted explicitly before updates for this repository can be > applied. See apt-secure(8) manpage for details. There are various reports about that against apt/aptitude, so I am not feeling like adding lots of duplicated content now, but the gist is: Either use "apt update" (it will ask an interactive question) or "apt-get update --allow-releaseinfo-change" (see apt-get manpage) or [least preferred option] set the config option Acquire::AllowReleaseInfoChange for basically any apt-based client. Best regards David Kalnischkies signature.asc Description: PGP signature
Re: Apt-secure and upgrading to bullseye
On Wed, Jul 10, 2019 at 7:59 PM Julian Gilbey wrote: > So I read apt-secure(8), which gives no indication of how to "accept > this explicitly", and neither do any of the linked wiki pages. > > Any suggestions? There are two options: # apt update # apt-get --allow-releaseinfo-change update -- bye, pabs https://wiki.debian.org/PaulWise https://bonedaddy.net/pabs3/
Re: Apt-secure and upgrading to bullseye
On Wed, Jul 10, 2019 at 12:31:51PM +0100, Julian Gilbey wrote: > Hooray, buster's released! Congrats to all! > > So I tried upgrading my machine to bullseye today, and > aptitude/apt-get update don't like this, giving me errors such as: > > E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed its > 'Codename' value from 'buster' to 'bullseye' > N: This must be accepted explicitly before updates for this repository can be > applied. See apt-secure(8) manpage for details. > > So I read apt-secure(8), which gives no indication of how to "accept > this explicitly", and neither do any of the linked wiki pages. > > Any suggestions? > > (And obviously something needs changing so that people aren't stung > when bullseye is released.) Ah, turns out it's a known bug with aptitude. The solution is to run "apt update", which interactively asks what to do with these changes. Best wishes, Julian
Apt-secure and upgrading to bullseye
Hooray, buster's released! Congrats to all! So I tried upgrading my machine to bullseye today, and aptitude/apt-get update don't like this, giving me errors such as: E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed its 'Codename' value from 'buster' to 'bullseye' N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details. So I read apt-secure(8), which gives no indication of how to "accept this explicitly", and neither do any of the linked wiki pages. Any suggestions? (And obviously something needs changing so that people aren't stung when bullseye is released.) Best wishes, Julian