On Sonntag, 15. August 2021 05:36:54 -04 Hans wrote: > Dear list, > > since the release of bullseye I got into two issues. > > 1. the pgp-key of the repo are no more valid. > > Is there a new one? How to get? > > 2. deb http://security.debian.org/ stable/updates main contrib > non-free is not reachable. > > Is it down? How can it be fixed? > > Another thing besides this: I am wondering, why the debian > documentation differs between http and https at the entries for the > security and the normal packages. I would have been expected, that > all entries are using https, and no more http. Any special reoson for > it or is it just a forgotten change? > > Best regards > > Hans Hi Hans! Hope you are well
1) you need to copy the keys into /etc/apt/trusted.gpg.d there is no apt-keyring package anymore see here: *5.3.2. Deprecated components for bullseye* With the next release of Debian 12 (codenamed bookworm) some features will be deprecated. Users will need to migrate to other alternatives to prevent trouble when updating to Debian 12. This includes the following features: * The historical justifications for the filesystem layout with */bin*, */sbin*, and */ lib* directories separate from their equivalents under */usr* no longer apply today; see the Freedesktop.org summary[1]. Debian bullseye will be the last Debian release that supports the non-merged-usr layout; for systems with a legacy layout that have been upgraded without a reinstall, the *usrmerge* package exists to do the conversion if desired. * bullseye is the final Debian release to ship *apt-key*. Keys should be managed by dropping files into */etc/apt/trusted.gpg.d* instead, in binary format as created by *gpg -- export* with a *.gpg* extension, or ASCII armored with a *.asc* extension. A replacement for *apt-key list* to manually investigate the keyring is planned, but work has not started yet. 2) see here: *Clint Adams: upgrayedd[2]* *Date:*14.08.21 07:27 -------------------- [3] Mom, When you upgrade to bullseye, you need[4] to change your security source from deb http://security.debian.org/ buster/updates main to deb http://security.debian.org/debian-security bullseye-security main However, that will silently fail to work if you forget to update the file in /etc/apt/ preferences.d to add something like this stanza: Explanation: Debian security Package: * Pin: release o=Debian,n=bullseye-security Pin-Priority: 990 Posted on 2021-08-14 Tags: quanks[5] and here: *5.1.3. Changed security archive layout* For bullseye, the security suite is now named *bullseye-security* instead of */codename// updates* and users should adapt their APT source-list files accordingly when upgrading. The security line in your APT configuration may look like: deb https://deb.debian.org/debian-security bullseye-security main contrib If your APT configuration also involves pinning or *APT::Default-Release*, it is likely to require adjustments as the codename of the security archive no longer matches that of the regular archive. An example of a working *APT::Default-Release* line for bullseye looks like: APT::Default-Release "/^bullseye(|-security|-updates)$/"; which takes advantage of the undocumented feature of APT that it supports regular expressions (inside */*). Cheers Eike ZP6CGE -------- [1] https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge [2] https://xana.scru.org/posts/quanks/bullseye.html [3] http://planet.debian.org/heads/clint.png [4] https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive [5] https://xana.scru.org/tags/quanks.html