Bug#1035089: bookworm: gpgv must be installed for successful upgrades
Jonathan Wiltshire wrote:
> Attached patch adds a section in the upgrade guide to ensure gpgv is
> installed. Most users will have this if they have followed previous
> upgrade guidance not to skip releases. However, without it they will not
> be able to upgrade at all because the release signing key is not
> validated correctly.
A bit more explanation in the text would be helpful. Mind you, users
who have been disregarding standard procedure to the extent of doing
leapfrog dist-upgrades seem unlikely to be paying close attention to
the procedure recommended in the bullseye-to-bookworm release notes!
I gather this is an extra precautionary step *before* the upgrade, but
is this "in case you've somehow accidentally ended up with only gpgv1
by accident" or are we expecting there to be users who have insisted
on sticking with the familiar v1 UI or something? If there aren't,
it's hard to see why gpgv1 still exists, let alone still satisfying
apt's gpgv dependency even on bookworm... surely that has to be a bug?
If it isn't, it is at least confusing enough to need some explanation.
> + <section id="install-gpgv">
> + <title>Check gpgv is installed</title>
> + <para>
> + APT needs <command>gpgv</command> version 2 or greater to verify the keys used
> + to sign releases of &newreleasename;. Ensure it is installed with:
Maybe something like:
APT needs <command>gpgv</command> version 2 or greater to verify the keys used
to sign releases of &newreleasename;. Since gpgv1 technically satisfies the
dependency but is useful only in specialized circumstances, users may wish to
ensure the correct version is installed with:
> + </para>
> + <screen>
> +$ apt install gpgv
> + </screen>
> + </section>
Requires root, so make it:
# apt install gpgv
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Reply to: