On Sonntag, 15. August 2021 05:36:54 -04 Hans wrote:
> Dear list,
>
> since the release of bullseye I got into two issues.
>
> 1. the pgp-key of the repo are no more valid.
>
> Is there a new one? How to get?
>
> 2.  deb http://security.debian.org/ stable/updates main contrib
> non-free is not reachable.
>
> Is it down? How can it be fixed?
>
> Another thing besides this: I am wondering, why the debian
> documentation differs between http and https at the entries for the
> security and the normal packages. I would have been expected, that
> all entries are using https, and no more http. Any special reoson for
> it or is it just a forgotten change?
>
> Best regards
>
> Hans
Hi Hans!
Hope you are well


1)  you need to copy the keys into /etc/apt/trusted.gpg.d
there is no apt-keyring package anymore

see here:

*5.3.2. Deprecated components for bullseye*
With the next release of Debian 12 (codenamed bookworm) some features will be
deprecated. Users will need to migrate to other alternatives to prevent trouble 
when
updating to Debian 12.
This includes the following features:
     *  The historical justifications for the filesystem layout with */bin*, 
*/sbin*, and */
lib* directories separate from their equivalents under */usr* no longer apply 
today; see
the Freedesktop.org summary[1]. Debian bullseye will be the last Debian release 
that
supports the non-merged-usr layout; for systems with a legacy layout that have 
been
upgraded without a reinstall, the *usrmerge* package exists to do the 
conversion if
desired.
     *  bullseye is the final Debian release to ship *apt-key*. Keys should be 
managed by
dropping files into */etc/apt/trusted.gpg.d* instead, in binary format as 
created by *gpg --
export* with a *.gpg* extension, or ASCII armored with a *.asc* extension.
A replacement for *apt-key list* to manually investigate the keyring is 
planned, but work
has not started yet.

2) see here:


*Clint Adams: upgrayedd[2]*
*Date:*14.08.21 07:27
--------------------
[3]
Mom,
When you upgrade to bullseye, you need[4] to change your security source from
deb http://security.debian.org/ buster/updates main
to
deb http://security.debian.org/debian-security bullseye-security main
However, that will silently fail to work if you forget to update the file in 
/etc/apt/
preferences.d to add something like this stanza:
Explanation: Debian security
Package: *
Pin: release o=Debian,n=bullseye-security
Pin-Priority: 990
Posted on 2021-08-14
Tags: quanks[5]

and here:

*5.1.3. Changed security archive layout*
For bullseye, the security suite is now named *bullseye-security* instead of 
*/codename//
updates* and users should adapt their APT source-list files accordingly when 
upgrading.
The security line in your APT configuration may look like:
deb https://deb.debian.org/debian-security bullseye-security main contrib
If your APT configuration also involves pinning or *APT::Default-Release*, it 
is likely to
require adjustments as the codename of the security archive no longer matches 
that of
the regular archive. An example of a working *APT::Default-Release* line for 
bullseye
looks like:
APT::Default-Release "/^bullseye(|-security|-updates)$/";
which takes advantage of the undocumented feature of APT that it supports 
regular
expressions (inside */*).
Cheers
Eike ZP6CGE

--------
[1] https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge
[2] https://xana.scru.org/posts/quanks/bullseye.html
[3] http://planet.debian.org/heads/clint.png
[4] 
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive
[5] https://xana.scru.org/tags/quanks.html

Reply via email to