Sorry, I just discovered this bug report. I have been having this problem
for years, and don't remember when it started. I have been using a
workaround, but would like to find a better solution. I see the
workaround I have been using is one of those Kingsley G. Morse tried
but could not get to work.
The workaround is, after registering each CD-ROM using apt-cdrom,
modify the /etc/sources.list file. Edit it to add the "trusted" flag to
the entry for each CD-ROM. (In my case, I am using DVDs.) For example:
deb [trusted=yes] cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official
amd64 DVD Binary-2 20210327-10:39]/ buster contrib main
Then run "apt update". Which now works, although it generates an
annoying number of "ign:" messages.
Presumably it is okay to "trust" your CD-ROM set because you have
physical control of it, and thus are reasonably sure it has not been
tampered with. However, recently I happened to read the apt-secure man
page, which warns that some future release of apt will no longer honor
flags like "trust". That warning started me hunting for a better
solution. Haven't found it yet, but did find this bug report.
I can replicate the bug in a variety of situations, but below I give an
example of a particularly simple test case:
I am running Debian stable amd-64 with a fairly standard desktop
selection of packages. First I use my favorite Internet mirror to
update to the latest stable release 10.9. No problems. Then,
I download the first few DVD images of the same release. So far,
these are reasonable actions for someone who doesn't always have good
Internet. Next, register the DVDs using apt-cdrom, but for testing
purposes, I only register one of them. I choose the second DVD of the set,
because I happen to know the names of some packages it contains but I have
not yet installed. Next, I disable the Internet repository, by editing
/etc/sources.list to comment out its entry. Then run "apt update", which
results in the following errors:
Ign:1 cdrom://[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64
DVD Binary-2 20210327-10:39] buster InRelease
Err:2 cdrom://[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64
DVD Binary-2 20210327-10:39] buster Release
Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get
update cannot be used to add new CD-ROMs
Hit:3 http://security.debian.org/debian-security buster/updates
InRelease
Reading package lists... Done
E: The repository 'cdrom://[Debian GNU/Linux 10.9.0 _Buster_ -
Official amd64 DVD Binary-2 20210327-10:39] buster Release' does not
have a Release file.
N: Updating from such a repository can't be done securely,
and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
configuration details.
Next, I verify the DVD really was excluded from the update. I run "apt
search" on some of its packages. As expected, "apt search" does not find
them.
To test the workaround, I apply it as described above. After running
"apt update" I then run "apt search" for the same packages as before,
confirming apt now knows they exist. I then run "apt install" on one of
the packages on DVD #2, and confirm it installs okay.
