Re: Issues with Bullseye

To: debian-user@lists.debian.org
Subject: Re: Issues with Bullseye
From: Eike Lantzsch ZP6CGE <zp6cge@gmx.net>
Date: Sun, 15 Aug 2021 06:09:15 -0400
Message-id: <[🔎] 2339966.FKX2DfBFpV@lxcl01>
Reply-to: zp6cge@gmx.net
In-reply-to: <[🔎] 4543452.GSNfLeufxt@protheus2>
References: <[🔎] 4543452.GSNfLeufxt@protheus2>

On Sonntag, 15. August 2021 05:36:54 -04 Hans wrote:

> Dear list,

> since the release of bullseye I got into two issues.

> 1. the pgp-key of the repo are no more valid.

> Is there a new one? How to get?

> 2. deb http://security.debian.org/ stable/updates main contrib

> non-free is not reachable.

> Is it down? How can it be fixed?

> Another thing besides this: I am wondering, why the debian

> documentation differs between http and https at the entries for the

> security and the normal packages. I would have been expected, that

> all entries are using https, and no more http. Any special reoson for

> it or is it just a forgotten change?

> Best regards

> Hans

Hi Hans!
Hope you are well

1) you need to copy the keys into /etc/apt/trusted.gpg.d
there is no apt-keyring package anymore

see here:

5.3.2.�Deprecated components for bullseye

With the next release of Debian 12 (codenamed bookworm) some features will be deprecated. Users will need to migrate to other alternatives to prevent trouble when updating to Debian 12.

This includes the following features:

The historical justifications for the filesystem layout with�/bin,�/sbin, and�/lib�directories separate from their equivalents under�/usr�no longer apply today; see the�Freedesktop.org summary. Debian bullseye will be the last Debian release that supports the non-merged-usr layout; for systems with a legacy layout that have been upgraded without a reinstall, the�usrmerge�package exists to do the conversion if desired.
bullseye is the final Debian release to ship�apt-key. Keys should be managed by dropping files into�/etc/apt/trusted.gpg.d�instead, in binary format as created by�gpg --export�with a�.gpg�extension, or ASCII armored with a�.asc�extension.

A replacement for�apt-key list�to manually investigate the keyring is planned, but work has not started yet.

2) see here:

Clint Adams: upgrayedd

Date:14.08.21 07:27

Mom,

When you upgrade to bullseye, you�need�to change your security source from

deb http://security.debian.org/ buster/updates main

deb http://security.debian.org/debian-security bullseye-security main

However, that will silently fail to work if you forget to update the file in�/etc/apt/preferences.d�to add something like this stanza:

Explanation: Debian security

Package: *

Pin: release o=Debian,n=bullseye-security

Pin-Priority: 990

Posted on 2021-08-14

Tags:�quanks

and here:

5.1.3.�Changed security archive layout

For bullseye, the security suite is now named�bullseye-security�instead of�codename/updates�and users should adapt their APT source-list files accordingly when upgrading.

The security line in your APT configuration may look like:

deb https://deb.debian.org/debian-security bullseye-security main contrib

If your APT configuration also involves pinning or�APT::Default-Release, it is likely to require adjustments as the codename of the security archive no longer matches that of the regular archive. An example of a working�APT::Default-Release�line for bullseye looks like:

APT::Default-Release "/^bullseye(|-security|-updates)$/";

which takes advantage of the undocumented feature of APT that it supports regular expressions (inside�/).

Cheers
Eike ZP6CGE

Reply to:

Follow-Ups:
- Re: Issues with Bullseye
  - From: Hans <hans.ullrich@loop.de>

References:
- Issues with Bullseye
  - From: Hans <hans.ullrich@loop.de>

Prev by Date: Issues with Bullseye
Next by Date: Re: Issues with Bullseye
Previous by thread: Issues with Bullseye
Next by thread: Re: Issues with Bullseye
Index(es):
- Date
- Thread