Sorry, I just discovered this bug report. I have been having this problem for years, and don't remember when it started. I have been using a workaround, but would like to find a better solution. I see the workaround I have been using is one of those Kingsley G. Morse tried but could not get to work.

The workaround is, after registering each CD-ROM using apt-cdrom,
modify the /etc/sources.list file. Edit it to add the "trusted" flag to
the entry for each CD-ROM. (In my case, I am using DVDs.) For example:
  deb [trusted=yes] cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official
    amd64 DVD Binary-2 20210327-10:39]/ buster contrib main
Then run "apt update". Which now works, although it generates an
annoying number of "ign:" messages.

Presumably it is okay to "trust" your CD-ROM set because you have
physical control of it, and thus are reasonably sure it has not been
tampered with. However, recently I happened to read the apt-secure man
page, which warns that some future release of apt will no longer honor
flags like "trust". That warning started me hunting for a better
solution. Haven't found it yet, but did find this bug report.

I can replicate the bug in a variety of situations, but below I give an
example of a particularly simple test case:

I am running Debian stable amd-64 with a fairly standard desktop
selection of packages. First I use my favorite Internet mirror to
update to the latest stable release 10.9. No problems. Then,
I download the first few DVD images of the same release. So far, these are reasonable actions for someone who doesn't always have good Internet. Next, register the DVDs using apt-cdrom, but for testing purposes, I only register one of them. I choose the second DVD of the set, because I happen to know the names of some packages it contains but I have not yet installed. Next, I disable the Internet repository, by editing /etc/sources.list to comment out its entry. Then run "apt update", which results in the following errors:

    Ign:1 cdrom://[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64
      DVD Binary-2 20210327-10:39] buster InRelease
    Err:2 cdrom://[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64
      DVD Binary-2 20210327-10:39] buster Release
    Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get
      update cannot be used to add new CD-ROMs
    Hit:3 http://security.debian.org/debian-security buster/updates
      InRelease
    Reading package lists... Done
    E: The repository 'cdrom://[Debian GNU/Linux 10.9.0 _Buster_ -
      Official amd64 DVD Binary-2 20210327-10:39] buster Release' does not
      have a Release file.
    N: Updating from such a repository can't be done securely,
      and is therefore disabled by default.
    N: See apt-secure(8) manpage for repository creation and user
      configuration details.

Next, I verify the DVD really was excluded from the update. I run "apt search" on some of its packages. As expected, "apt search" does not find them.

To test the workaround, I apply it as described above. After running
"apt update" I then run "apt search" for the same packages as before,
confirming apt now knows they exist. I then run "apt install" on one of
the packages on DVD #2, and confirm it installs okay.

Reply via email to