Your message dated Fri, 12 Jul 2019 09:07:45 +0000 with message-id <E1hlrWr-0004ac-G0@fasolo.debian.org> and subject line Bug#851774: fixed in apt-setup 1:0.151 has caused the Debian Bug report #851774, regarding Stop using apt-key add to add keys in generators/60local to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 851774: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851774 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: "submit@bugs.debian.org" <submit@bugs.debian.org>
- Subject: Stop using apt-key add to add keys in generators/60local
- From: Marga Manterola <marga@google.com>
- Date: Wed, 18 Jan 2017 16:43:41 +0000
- Message-id: <CAM+PWT0Yx4YK63J=84zA2dvhXwjGROxC72AhEE=7uGnOs+mbcg@mail.gmail.com>
Package: apt-setupVersion: 1:0.123Severity: seriousFor a long time it's been possible to preseed a local repository that has it's own keyring. However, with the latest changes related to gpg dependencies getting dropped in apt, this is no longer possible.I'm setting severity as serious as adviced by Julien Cristau on IRC. With the current state of things, in order to install a local repository with a keyring the user needs to somehow create a script that will put the keyring in place before 60local runs, and not preseed the keyring at all. If the keyring is preseeded, *the whole installation will fail* because apt-key add fails which causes 60local to fail, which causes the install base system step to fail.This is the offending code:This is using the deprecated apt-key add functionality. From the apt-key manpage:COMMANDSadd filename(...)Note: Instead of using this command a keyring should be placed directly in the /etc/apt/trusted.gpg.d/ directory with a descriptive name and either "gpg" or "asc" as file extension.So, the right thing to do is to copy the file to the right path instead of calling apt-key add with it.This was fixed in pbuilder back in September:pbuilder (0.226.1) unstable; urgency=medium[ James Clarke ]* modules: add_additional_aptkeyrings:Copy keyrings to /etc/apt/trusted.gpg.d instead of using apt-key.We can no longer rely on being able to use apt-key in a minimal chroot,because gnupg has been demoted to a Recommends in apt. Instead, thekeyrings can be copied directly into /etc/apt/trusted.gpg.d.Moreover, `apt-key` usage has been discuraged over the past years.This means that using the APTKEYRINGS option of pbuilder won't actuallywork with chroots older than squeeze (APT version 0.7.25.1)--Regards,Marga--Cheers,Marga
--- End Message ---
--- Begin Message ---
- To: 851774-close@bugs.debian.org
- Subject: Bug#851774: fixed in apt-setup 1:0.151
- From: Cyril Brulebois <kibi@debian.org>
- Date: Fri, 12 Jul 2019 09:07:45 +0000
- Message-id: <E1hlrWr-0004ac-G0@fasolo.debian.org>
Source: apt-setup Source-Version: 1:0.151 We believe that the bug you reported is fixed in the latest version of apt-setup, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 851774@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cyril Brulebois <kibi@debian.org> (supplier of updated apt-setup package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 12 Jul 2019 10:49:08 +0200 Source: apt-setup Binary: apt-setup-udeb apt-mirror-setup apt-cdrom-setup Architecture: source Version: 1:0.151 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team <debian-boot@lists.debian.org> Changed-By: Cyril Brulebois <kibi@debian.org> Description: apt-cdrom-setup - set up a CD in sources.list (udeb) apt-mirror-setup - set up a mirror in sources.list (udeb) apt-setup-udeb - Configure apt (udeb) Closes: 851774 928931 Changes: apt-setup (1:0.151) unstable; urgency=medium . [ Moritz Mühlenhoff ] * When preseeding a local repository via apt-setup/localX/repository, the repository key for Secure Apt needs to be configured with apt-setup/localX/key. This key used to be set up with apt-key, but its use is deprecated and apt's former dependency on gnupg has been demoted to a Suggests, rendering apt-key non-functional in d-i. Apply a patch by Lars Kollstedt (thanks!) which adds the repository key(s) to /etc/apt/trusted.gpg.d, following the approach used by pbuilder (Closes: #851774, #928931): - .asc suffix if the key file seems to be armoured ASCII (i.e. it contains a “-----BEGIN PGP PUBLIC KEY BLOCK-----” line); - .gpg suffix otherwise. Please note that only “GPG key public ring” are supported by APT, newer “keybox database” format isn't at the moment. . [ Updated translations ] * Arabic (ar.po) by ButterflyOfFire * Hindi (hi.po) by KushagraKarira * Croatian (hr.po) by gogogogi Checksums-Sha1: 873d1cbdecb6870bd2a9922ccf60e41da93674d3 1794 apt-setup_0.151.dsc 02c3ff88efefae0e470a350b774b1c2f5b27517f 253924 apt-setup_0.151.tar.xz a5f3d244a31942f8ca10e52e04fa6b03adce2434 5839 apt-setup_0.151_source.buildinfo Checksums-Sha256: 3b46043bff00cbe098df1c81552c60126cf2636e855617525382bd4e28f45bf1 1794 apt-setup_0.151.dsc b46dc2864f1e3dd8a33fe01cd7043194d63c0c0a16de6f3a50a4fc6c012ea27a 253924 apt-setup_0.151.tar.xz d2901e65a37588e04a3b9af7d4e36f54051cb9571ea210eff4182fc47a345696 5839 apt-setup_0.151_source.buildinfo Files: 06ee12122f2f78859bac3c6e2eab6049 1794 debian-installer optional apt-setup_0.151.dsc 50f45f0e22a5fa6ff6ad9df458bb4aef 253924 debian-installer optional apt-setup_0.151.tar.xz 648f9238ad307a2d8c70fa7183cd2f59 5839 debian-installer optional apt-setup_0.151_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAl0oSbQACgkQ/5FK8MKz VSBdTxAAgoKjtZDDCXSeLnUcNF855JrNGM8/WTJK7n68nXZ1fn3zcmfDW/wZwape WfBfYvgN9sMWp8nfRbC0JwmcGNq2KVOKtIpiatdcelzQysvgtD3EsDdAJ+WlZ3eX P8RrzICcYqA1O0gamHkexNm8Rhn7Zae1n8TUZAFfhrK+T/8+Nag0W822r9bTAVmU mrLvdH1YEYA6DViK09xdpm4VxToPlKlTU3jkt4ZpmHWJUE3zRSwIZ359FRt8IYrN FcqkGDrXmD0imi/IJXWhJA0A3rdw5s9ac92ffa4LDE8RnTR+7RArZO+R4/6omqwP 2gLEE42sqrfSrxArHgMN3iZrljlxb0auiGcWQYEIOmo47SCcLz9a/W8YYzYFGsKz d/gVIrbF7djJBB/rm0ut7WHMU5RzCtQ1zz4M3kTmcFPsVZCWyPEtHqtxT75Gbv/m OwSxX0qstdW1lSjFInLEQzaYqTaemzd8PfPt6u65IUI37arkjLZKzzYMGPuLIED1 EtEFQDGchYsGMhMLx7fGdc3EmuYmuMlpUguC6r6OT4DafZz/taNSBM1SelpTFwT2 Rp2nA2+snF4VWaf+3+6/sKNt7vpR3DxpCQzDOjsmdM9UvbQPTwobtkduY0KFMcjm O9af1sykq6WguT00jesDSTIs60Dhaz1ZsTJvEBbCg91U2MRxZMI= =jyxv -----END PGP SIGNATURE-----
--- End Message ---