Re: Problems with apt in a clean stretch install.
Firstly, thanks to all of those who have participated in this thread.
I have some follow up comments and responses. This is a long reply, so the
executive summary is that I managed to solve the issues on all my Stretch
systems. There is a main issue and some kindred issues that manifest under
different circumstances. The main issue is that the /etc/apt/trusted.gpg
file seems to be problematic and once *removed* (rather than just made
readable) the problems are resolved.
One quasi-significant secondary issue is that the installation DVD doesn't
seem to be accepted as a valid source, but no big deal I guess.
Now for the full details.
I have managed to solve, I think, the problem on 2 physical laptops and 2
virtual machines.
I think I was getting side tracked by multiple different apt-get errors and
different output on different machines.
On one (Dell) laptop I had to:
1. Delete /etc/apt/trusted.gpg
2. Purge /var/lib/apt/lists [I was seeing symlinking errors with that
path in the apt-get output]
3. Change sources.list to the default described here:
https://wiki.debian.org/SourcesList
(On that laptop I am using contrib and non-free for Ethernet and Wifi).
On the VM where I ran into this issue initially, and where I was going well
out of my comfort zone trying to "fix" stuff, I had to:
1. Delete /etc/apt/trusted.gpg
2. Restore /etc/apr/trusted.gpd.d [which I had blown away somehow during
previous attempts at solving the issue]
[apt-key list was returning an empty list which I realized was due
to my heavy handedness there]
3. Change sources.list to the default described here:
https://wiki.debian.org/SourcesList
(On that VM I am NOT using contrib and non-free).
[EDIT: Now I realize that the problems with my local mirror might only be
present when contrib and non-free are included].
On a different (Compaq) laptop (where I have LVM/encryption) I had never ran
Synaptic and so didn't need to do anything other than remove the install DVD
from /etc/apt/sources.list, and it seems that I also edited sources.list to
that described here:
https://wiki.debian.org/SourcesList
(On that laptop I am using contrib and non-free for Wifi only).
On the second VM, where I had also never run Synaptic, 'sudo apt-get update'
results in the following issues off the bat.
W: The repository 'cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official
amd64 DVD Binary-1 20170617-13:08] stretch Release' does not have a Release
file.
N: Data from such a repository can't be authenticated and is therefore
potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration
details.
E: Failed to fetch cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official
amd64 DVD Binary-1 20170617-13:08]/dists/stretch/main/binary-amd64/Packages
Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update
cannot be used to add new CD-ROMs
E: Some index files failed to download. They have been ignored, or old ones
used instead.
If I edit /etc/apt/sources.list to comment the second line for the DVD (one
duplicate commented line exists already) then 'sudo apt-get update' runs
without error, even when using the original local mirror repositories.
[EDIT: I think the local mirror works because I am not using contrib and
non-free on the VMs].
debianuser@masterdebian964:~$ sudo apt-get update
Ign:1 http://ftp.iinet.net.au/debian/debian stretch InRelease
Hit:2 http://ftp.iinet.net.au/debian/debian stretch-updates InRelease
Hit:3 http://ftp.iinet.net.au/debian/debian stretch Release
Hit:5 http://security.debian.org/debian-security stretch/updates InRelease
Reading package lists... Done
I'm not sure what the issue with the DVD is. I don't recall such an issue in
Jessie, but it's not a deal breaker.
Now if on this second VM I run Synaptic (or software-properties-gtk) and
edit the repository sources, running 'sudo apt-get update' results in:
Hit:1 http://security.debian.org/debian-security stretch/updates InRelease
Ign:2 http://ftp.iinet.net.au/debian/debian stretch InRelease
Hit:3 http://ftp.iinet.net.au/debian/debian stretch-updates InRelease
Hit:4 http://ftp.iinet.net.au/debian/debian stretch Release
Reading package lists... Done
W:
http://security.debian.org/debian-security/dists/stretch/updates/InRelease:
The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is
not readable by user '_apt' executing apt-key.
W: http://ftp.iinet.net.au/debian/debian/dists/stretch-updates/InRelease:
The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is
not readable by user '_apt' executing apt-key.
W: http://ftp.iinet.net.au/debian/debian/dists/stretch/Release.gpg: The
key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is not
readable by user '_apt' executing apt-key.
If I delete /etc/apt/trusted.gpg the issue is resolved and furthermore, if I
re-edit my sources list using software-properties-gtk *again* the
/etc/apt/trusted.gpg file is no longer re-created. It only seems to get
created the first time through.
I'm not sure why this VM has no issues with public keys (like at least two
of the other machines had); could be that on those machines I tried first
editing the permissions on /etc/apt/trusted.gpg as opposed to just deleting
it. This is consistent with Jason Wittlin-Cohen's post where he says the
presence of the file stops the trusted.gpg.d directory from being
interrogated.
FYI, for all of these 4 systems I used the same installation media:
debian-9.0.0-amd64-DVD-1.iso
So for me the problem appears to be the *presence* of /etc/apt/trusted.gpg
which has been echoed by others. The other symptoms that I have run into
seem to be due to making /etc/apt/trusted.gpg read-only (rather than just
nuking it) and potentially other messing around I have done with respect to
trying to import keys.
There also seems to be a minor issue with my local mirror and contrib and
non-free sources, plus the DVD as a source issue.
So now on to some direct answers to close the loop on a few things.
Michael Lange wrote:
>> 4. sudo apt-get update
>> [generated errors]
>> Err:16 http://ftp.iinet.net.au/debian/debian
>> stretch/updates/non-free Sources 404 Not Found
> ^^^^
>Shouldn't this be stretch-updates?
>Not sure how this is related to the problem you described in the first
place, though.
Possibly a typo on my part; for that final e-mail I typed the errors by
hand. I can see how that might screw people up so won?t do it in future.
That said, I see that the security repositories use the following substring
'/ stretch/updates' and I think that's where it's coming from. There seems
to be an issue when I use my local mirror for that particular repository
(when contrib and non-free are included), but no issue when I use the main
one. I may dig around and try to find a better repository for my use.
Fungi4All wrote:
> And this for the OP:
> 1 But if there is such a basic problem with installation what is
> so different that the rest of the new stretch installers did not
> face?
>
That's a good question. I'm not 100% sure what the problem with the
installer is in your minds? Do you mean whatever causes the problem that
occurs when /etc/apt/trusted.gpg is *present*?
> 2 What filesystem did you use while partitioning?
>
Being a novice I didn't make any changes from the defaults (did the guided
partitioning with everything in one** partition), except on one laptop,
where I used LVM/encryption, but with no partitioning differences other than
those created by using LVM.
**I note that even though the installer says "one" partition, it still seems
to create a separate swap partition (I read, I think that on some distros
the swap partition is now optional; it can be a file instead). So the file
system is (for 3/4 of the systems):
/dev/sda1 bootable Ext4 341GB
/dev/sda2 extended 2.1GB
/dev/sda5 swap 2.1GB
> 3 Is there any kind of raid?
No raid on any of the systems.
> 4 Is autoupdate/unattended-update enabled? And is there a log of it?
Only if it was enabled by default. "System Upgrade" in Synaptic is set to
"Smart Upgrade" if that's what you are talking about. I don't know what this
is and after yesterday haven't got enough time to research what this is and
where/how to find logs for now. Let me know if a proper answer to this
question is important, and I will dig into it further.
Kind Regards,
Wayne.
Reply to: