On Sonntag, 15. August 2021 05:36:54 -04 Hans wrote:
> Dear list,
>
> since the release of bullseye I got into two issues.
>
> 1. the pgp-key of the repo are no more valid.
>
> Is there a new one? How to get?
>
> 2. deb http://security.debian.org/ stable/updates main contrib
> non-free is not reachable.
>
> Is it down? How can it be fixed?
>
> Another thing besides this: I am wondering, why the debian
> documentation differs between http and https at the entries for the
> security and the normal packages. I would have been expected, that
> all entries are using https, and no more http. Any special reoson for
> it or is it just a forgotten change?
>
> Best regards
>
> Hans
Hi Hans!
Hope you are well
1) you need to copy the keys into /etc/apt/trusted.gpg.d
there is no apt-keyring package anymore
see here:
*5.3.2. Deprecated components for bullseye*
With the next release of Debian 12 (codenamed bookworm) some features will be
deprecated. Users will need to migrate to other alternatives to prevent trouble
when
updating to Debian 12.
This includes the following features:
* The historical justifications for the filesystem layout with */bin*,
*/sbin*, and */
lib* directories separate from their equivalents under */usr* no longer apply
today; see
the Freedesktop.org summary[1]. Debian bullseye will be the last Debian release
that
supports the non-merged-usr layout; for systems with a legacy layout that have
been
upgraded without a reinstall, the *usrmerge* package exists to do the
conversion if
desired.
* bullseye is the final Debian release to ship *apt-key*. Keys should be
managed by
dropping files into */etc/apt/trusted.gpg.d* instead, in binary format as
created by *gpg --
export* with a *.gpg* extension, or ASCII armored with a *.asc* extension.
A replacement for *apt-key list* to manually investigate the keyring is
planned, but work
has not started yet.
2) see here:
*Clint Adams: upgrayedd[2]*
*Date:*14.08.21 07:27
--------------------
[3]
Mom,
When you upgrade to bullseye, you need[4] to change your security source from
deb http://security.debian.org/ buster/updates main
to
deb http://security.debian.org/debian-security bullseye-security main
However, that will silently fail to work if you forget to update the file in
/etc/apt/
preferences.d to add something like this stanza:
Explanation: Debian security
Package: *
Pin: release o=Debian,n=bullseye-security
Pin-Priority: 990
Posted on 2021-08-14
Tags: quanks[5]
and here:
*5.1.3. Changed security archive layout*
For bullseye, the security suite is now named *bullseye-security* instead of
*/codename//
updates* and users should adapt their APT source-list files accordingly when
upgrading.
The security line in your APT configuration may look like:
deb https://deb.debian.org/debian-security bullseye-security main contrib
If your APT configuration also involves pinning or *APT::Default-Release*, it
is likely to
require adjustments as the codename of the security archive no longer matches
that of
the regular archive. An example of a working *APT::Default-Release* line for
bullseye
looks like:
APT::Default-Release "/^bullseye(|-security|-updates)$/";
which takes advantage of the undocumented feature of APT that it supports
regular
expressions (inside */*).
Cheers
Eike ZP6CGE
--------
[1] https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge
[2] https://xana.scru.org/posts/quanks/bullseye.html
[3] http://planet.debian.org/heads/clint.png
[4]
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive
[5] https://xana.scru.org/tags/quanks.html
