Your message dated Sat, 22 Jul 2023 22:36:41 +0200 with message-id <20230722203641.qrr5rauoi3dutq5b@crossbow> and subject line Re: Bug#1041732: "N: Missing Signed-By in the sources.list(5) entry for 'http://deb.debian.org/debian'" has caused the Debian Bug report #1041732, regarding "N: Missing Signed-By in the sources.list(5) entry for 'http://deb.debian.org/debian'" to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1041732: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041732 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: "N: Missing Signed-By in the sources.list(5) entry for 'http://deb.debian.org/debian'"
- From: Jörn Heissler <debbugs2023-07@wulf.eu.org>
- Date: Sat, 22 Jul 2023 18:58:45 +0200
- Message-id: <[🔎] 169004512558.1067093.13380889301189885061.reportbug@carrot.tutnicht.de>
Package: apt Version: 2.7.2 Severity: minor X-Debbugs-Cc: debbugs2023-07@wulf.eu.org Hello, since updating to apt-2.7.2 I'm getting a notice on "apt update": # apt update Hit:1 http://deb.debian.org/debian sid InRelease Hit:2 http://deb.debian.org/debian experimental InRelease Reading package lists... Done Building dependency tree... Done Reading state information... Done All packages are up to date. N: Missing Signed-By in the sources.list(5) entry for 'http://deb.debian.org/debian' N: Missing Signed-By in the sources.list(5) entry for 'http://deb.debian.org/debian' My /etc/apt/sources.list.d/debian.sources contains: Types: deb deb-src URIs: http://deb.debian.org/debian/ Suites: sid experimental Components: main contrib non-free non-free-firmware The Changelog contains an entry: * update: Add notice about missing Signed-By in deb822 sources" I tried "Signed-By: /etc/apt/trusted.gpg.d/*" but that doesn't work. What is the correct value? Thanks! -- Package-specific info: -- apt-config dump -- APT ""; APT::Architecture "amd64"; APT::Build-Essential ""; APT::Build-Essential:: "build-essential"; APT::Install-Recommends "0"; APT::Install-Suggests "0"; APT::Sandbox ""; APT::Sandbox::User "_apt"; APT::Authentication ""; APT::Authentication::TrustCDROM "true"; APT::NeverAutoRemove ""; APT::NeverAutoRemove:: "^firmware-linux.*"; APT::NeverAutoRemove:: "^linux-firmware$"; APT::NeverAutoRemove:: "^linux-image-[a-z0-9]*$"; APT::NeverAutoRemove:: "^linux-image-[a-z0-9]*-[a-z0-9]*$"; APT::VersionedKernelPackages ""; APT::VersionedKernelPackages:: "linux-.*"; APT::VersionedKernelPackages:: "kfreebsd-.*"; APT::VersionedKernelPackages:: "gnumach-.*"; APT::VersionedKernelPackages:: ".*-modules"; APT::VersionedKernelPackages:: ".*-kernel"; APT::Never-MarkAuto-Sections ""; APT::Never-MarkAuto-Sections:: "metapackages"; APT::Never-MarkAuto-Sections:: "tasks"; APT::Move-Autobit-Sections ""; APT::Move-Autobit-Sections:: "oldlibs"; APT::Update ""; APT::Update::Post-Invoke-Success ""; APT::Update::Post-Invoke-Success:: "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"; APT::Update::Post-Invoke ""; APT::Update::Post-Invoke:: "[ ! -x /usr/bin/debtags ] || debtags update || true"; APT::Architectures ""; APT::Architectures:: "amd64"; APT::Architectures:: "i386"; APT::Compressor ""; APT::Compressor::. ""; APT::Compressor::.::Name "."; APT::Compressor::.::Extension ""; APT::Compressor::.::Binary ""; APT::Compressor::.::Cost "0"; APT::Compressor::zstd ""; APT::Compressor::zstd::Name "zstd"; APT::Compressor::zstd::Extension ".zst"; APT::Compressor::zstd::Binary "zstd"; APT::Compressor::zstd::Cost "60"; APT::Compressor::zstd::CompressArg ""; APT::Compressor::zstd::CompressArg:: "-19"; APT::Compressor::zstd::UncompressArg ""; APT::Compressor::zstd::UncompressArg:: "-d"; APT::Compressor::lz4 ""; APT::Compressor::lz4::Name "lz4"; APT::Compressor::lz4::Extension ".lz4"; APT::Compressor::lz4::Binary "lz4"; APT::Compressor::lz4::Cost "50"; APT::Compressor::lz4::CompressArg ""; APT::Compressor::lz4::CompressArg:: "-1"; APT::Compressor::lz4::UncompressArg ""; APT::Compressor::lz4::UncompressArg:: "-d"; APT::Compressor::gzip ""; APT::Compressor::gzip::Name "gzip"; APT::Compressor::gzip::Extension ".gz"; APT::Compressor::gzip::Binary "gzip"; APT::Compressor::gzip::Cost "100"; APT::Compressor::gzip::CompressArg ""; APT::Compressor::gzip::CompressArg:: "-6n"; APT::Compressor::gzip::UncompressArg ""; APT::Compressor::gzip::UncompressArg:: "-d"; APT::Compressor::xz ""; APT::Compressor::xz::Name "xz"; APT::Compressor::xz::Extension ".xz"; APT::Compressor::xz::Binary "xz"; APT::Compressor::xz::Cost "200"; APT::Compressor::xz::CompressArg ""; APT::Compressor::xz::CompressArg:: "-6"; APT::Compressor::xz::UncompressArg ""; APT::Compressor::xz::UncompressArg:: "-d"; APT::Compressor::bzip2 ""; APT::Compressor::bzip2::Name "bzip2"; APT::Compressor::bzip2::Extension ".bz2"; APT::Compressor::bzip2::Binary "bzip2"; APT::Compressor::bzip2::Cost "300"; APT::Compressor::bzip2::CompressArg ""; APT::Compressor::bzip2::CompressArg:: "-6"; APT::Compressor::bzip2::UncompressArg ""; APT::Compressor::bzip2::UncompressArg:: "-d"; APT::Compressor::lzma ""; APT::Compressor::lzma::Name "lzma"; APT::Compressor::lzma::Extension ".lzma"; APT::Compressor::lzma::Binary "xz"; APT::Compressor::lzma::Cost "400"; APT::Compressor::lzma::CompressArg ""; APT::Compressor::lzma::CompressArg:: "--format=lzma"; APT::Compressor::lzma::CompressArg:: "-6"; APT::Compressor::lzma::UncompressArg ""; APT::Compressor::lzma::UncompressArg:: "--format=lzma"; APT::Compressor::lzma::UncompressArg:: "-d"; Dir "/"; Dir::State "var/lib/apt"; Dir::State::lists "lists/"; Dir::State::cdroms "cdroms.list"; Dir::State::extended_states "extended_states"; Dir::State::status "/var/lib/dpkg/status"; Dir::Cache "var/cache/apt"; Dir::Cache::archives "archives/"; Dir::Cache::srcpkgcache "srcpkgcache.bin"; Dir::Cache::pkgcache "pkgcache.bin"; Dir::Etc "etc/apt"; Dir::Etc::sourcelist "sources.list"; Dir::Etc::sourceparts "sources.list.d"; Dir::Etc::main "apt.conf"; Dir::Etc::netrc "auth.conf"; Dir::Etc::netrcparts "auth.conf.d"; Dir::Etc::parts "apt.conf.d"; Dir::Etc::preferences "preferences"; Dir::Etc::preferencesparts "preferences.d"; Dir::Etc::trusted "trusted.gpg"; Dir::Etc::trustedparts "trusted.gpg.d"; Dir::Etc::apt-listchanges-main "listchanges.conf"; Dir::Etc::apt-listchanges-parts "listchanges.conf.d"; Dir::Bin ""; Dir::Bin::methods "/usr/lib/apt/methods"; Dir::Bin::solvers ""; Dir::Bin::solvers:: "/usr/lib/apt/solvers"; Dir::Bin::planners ""; Dir::Bin::planners:: "/usr/lib/apt/planners"; Dir::Bin::dpkg "/usr/bin/dpkg"; Dir::Bin::gzip "/bin/gzip"; Dir::Bin::bzip2 "/bin/bzip2"; Dir::Bin::xz "/usr/bin/xz"; Dir::Bin::lz4 "/usr/bin/lz4"; Dir::Bin::zstd "/usr/bin/zstd"; Dir::Bin::lzma "/usr/bin/xz"; Dir::Media ""; Dir::Media::MountPath "/media/apt"; Dir::Log "var/log/apt"; Dir::Log::Terminal "term.log"; Dir::Log::History "history.log"; Dir::Log::Planner "eipp.log.xz"; Dir::Ignore-Files-Silently ""; Dir::Ignore-Files-Silently:: "~$"; Dir::Ignore-Files-Silently:: "\.disabled$"; Dir::Ignore-Files-Silently:: "\.bak$"; Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$"; Dir::Ignore-Files-Silently:: "\.ucf-[a-z]+$"; Dir::Ignore-Files-Silently:: "\.save$"; Dir::Ignore-Files-Silently:: "\.orig$"; Dir::Ignore-Files-Silently:: "\.distUpgrade$"; Acquire ""; Acquire::AllowInsecureRepositories "0"; Acquire::AllowWeakRepositories "0"; Acquire::AllowDowngradeToInsecureRepositories "0"; Acquire::cdrom ""; Acquire::cdrom::mount "/media/cdrom/"; Acquire::IndexTargets ""; Acquire::IndexTargets::deb ""; Acquire::IndexTargets::deb::Packages ""; Acquire::IndexTargets::deb::Packages::MetaKey "$(COMPONENT)/binary-$(ARCHITECTURE)/Packages"; Acquire::IndexTargets::deb::Packages::flatMetaKey "Packages"; Acquire::IndexTargets::deb::Packages::ShortDescription "Packages"; Acquire::IndexTargets::deb::Packages::Description "$(RELEASE)/$(COMPONENT) $(ARCHITECTURE) Packages"; Acquire::IndexTargets::deb::Packages::flatDescription "$(RELEASE) Packages"; Acquire::IndexTargets::deb::Packages::Optional "0"; Acquire::IndexTargets::deb::Translations ""; Acquire::IndexTargets::deb::Translations::MetaKey "$(COMPONENT)/i18n/Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::flatMetaKey "$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::ShortDescription "Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::Description "$(RELEASE)/$(COMPONENT) Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::flatDescription "$(RELEASE) Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb-src ""; Acquire::IndexTargets::deb-src::Sources ""; Acquire::IndexTargets::deb-src::Sources::MetaKey "$(COMPONENT)/source/Sources"; Acquire::IndexTargets::deb-src::Sources::flatMetaKey "Sources"; Acquire::IndexTargets::deb-src::Sources::ShortDescription "Sources"; Acquire::IndexTargets::deb-src::Sources::Description "$(RELEASE)/$(COMPONENT) Sources"; Acquire::IndexTargets::deb-src::Sources::flatDescription "$(RELEASE) Sources"; Acquire::IndexTargets::deb-src::Sources::Optional "0"; Acquire::Changelogs ""; Acquire::Changelogs::URI ""; Acquire::Changelogs::URI::Origin ""; Acquire::Changelogs::URI::Origin::Debian "https://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog"; Acquire::Changelogs::URI::Origin::Ubuntu "https://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog"; Acquire::Changelogs::AlwaysOnline ""; Acquire::Changelogs::AlwaysOnline::Origin ""; Acquire::Changelogs::AlwaysOnline::Origin::Ubuntu "1"; Acquire::Snapshots ""; Acquire::Snapshots::URI ""; Acquire::Snapshots::URI::Origin ""; Acquire::Snapshots::URI::Origin::Debian "https://snapshot.debian.org/archive/debian/@SNAPSHOTID@/"; Acquire::Snapshots::URI::Origin::Ubuntu "https://snapshot.ubuntu.com/ubuntu/@SNAPSHOTID@/"; Acquire::Snapshots::URI::Override ""; Acquire::Snapshots::URI::Override::Label ""; Acquire::Snapshots::URI::Override::Label::Debian-Security "https://snapshot.debian.org/archive/debian-security/@SNAPSHOTID@/"; Acquire::Snapshots::URI::Host ""; Acquire::Snapshots::URI::Host::archive.ubuntu.com "https://snapshot.ubuntu.com/@PATH@/@SNAPSHOTID@/"; Acquire::Snapshots::URI::Host::deb.debian.org "https://snapshot.debian.org/archive/@PATH@/@SNAPSHOTID@/"; Acquire::Snapshots::URI::Host::.archive.ubuntu.com "https://snapshot.ubuntu.com/@PATH@/@SNAPSHOTID@/"; Acquire::Snapshots::URI::Host::security.ubuntu.com "https://snapshot.ubuntu.com/@PATH@/@SNAPSHOTID@/"; Acquire::Snapshots::URI::Host::ppa.launchpadcontent.net "https://snapshot.ppa.launchpadcontent.net/@PATH@/@SNAPSHOTID@/"; Acquire::Snapshots::URI::Host::ppa.launchpad.net "https://snapshot.ppa.launchpadcontent.net/@PATH@/@SNAPSHOTID@/"; Acquire::Languages ""; Acquire::Languages:: "en"; Acquire::Languages:: "none"; Acquire::CompressionTypes ""; Acquire::CompressionTypes::xz "xz"; Acquire::CompressionTypes::bz2 "bzip2"; Acquire::CompressionTypes::lzma "lzma"; Acquire::CompressionTypes::gz "gzip"; Acquire::CompressionTypes::lz4 "lz4"; Acquire::CompressionTypes::zst "zstd"; DPkg ""; DPkg::Path "/usr/sbin:/usr/bin:/sbin:/bin"; DPkg::Pre-Install-Pkgs ""; DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -lt 10"; DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true"; DPkg::Tools ""; DPkg::Tools::Options ""; DPkg::Tools::Options::/usr/bin/apt-listchanges ""; DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2"; DPkg::Tools::Options::/usr/bin/apt-listchanges::InfoFD "20"; DPkg::Post-Invoke ""; DPkg::Post-Invoke:: "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"; Binary "apt-config"; Binary::apt ""; Binary::apt::APT ""; Binary::apt::APT::Color "1"; Binary::apt::APT::Cache ""; Binary::apt::APT::Cache::Show ""; Binary::apt::APT::Cache::Show::Version "2"; Binary::apt::APT::Cache::AllVersions "0"; Binary::apt::APT::Cache::ShowVirtuals "1"; Binary::apt::APT::Cache::Search ""; Binary::apt::APT::Cache::Search::Version "2"; Binary::apt::APT::Cache::ShowDependencyType "1"; Binary::apt::APT::Cache::ShowVersion "1"; Binary::apt::APT::Get ""; Binary::apt::APT::Get::Upgrade-Allow-New "1"; Binary::apt::APT::Get::Update ""; Binary::apt::APT::Get::Update::InteractiveReleaseInfoChanges "1"; Binary::apt::APT::Cmd ""; Binary::apt::APT::Cmd::Show-Update-Stats "1"; Binary::apt::APT::Cmd::Pattern-Only "1"; Binary::apt::APT::Keep-Downloaded-Packages "0"; Binary::apt::DPkg ""; Binary::apt::DPkg::Progress-Fancy "1"; Binary::apt::DPkg::Lock ""; Binary::apt::DPkg::Lock::Timeout "-1"; CommandLine ""; CommandLine::AsString "apt-config dump"; -- (no /etc/apt/preferences present) -- -- (no /etc/apt/preferences.d/* present) -- -- (no /etc/apt/sources.list present) -- -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-5-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apt depends on: ii adduser 3.137 ii base-passwd 3.6.1 ii debian-archive-keyring 2023.3 ii gpgv 2.2.40-1.1 ii gpgv1 1.4.23-1.1+b1 ii libapt-pkg6.0 2.7.2 ii libc6 2.37-6 ii libgcc-s1 13.1.0-9 ii libgnutls30 3.7.9-2 ii libseccomp2 2.5.4-1+b3 ii libstdc++6 13.1.0-9 ii libsystemd0 254~rc2-3 Versions of packages apt recommends: ii ca-certificates 20230311 Versions of packages apt suggests: ii apt-doc 2.7.2 ii aptitude 0.8.13-5 ii dpkg-dev 1.21.22 ii gnupg 2.2.40-1.1 ii gnupg1 1.4.23-1.1+b1 ii powermgmt-base 1.37 ii synaptic 0.91.3 -- no debconf information
--- End Message ---
--- Begin Message ---
- To: 1041732-done@bugs.debian.org
- Cc: Jörn Heissler <debbugs2023-07@wulf.eu.org>
- Subject: Re: Bug#1041732: "N: Missing Signed-By in the sources.list(5) entry for 'http://deb.debian.org/debian'"
- From: David Kalnischkies <david@kalnischkies.de>
- Date: Sat, 22 Jul 2023 22:36:41 +0200
- Message-id: <20230722203641.qrr5rauoi3dutq5b@crossbow>
- In-reply-to: <[🔎] 169004512558.1067093.13380889301189885061.reportbug@carrot.tutnicht.de>
- References: <[🔎] 169004512558.1067093.13380889301189885061.reportbug@carrot.tutnicht.de>
Hi, On Sat, Jul 22, 2023 at 06:58:45PM +0200, Jörn Heissler wrote: > N: Missing Signed-By in the sources.list(5) entry for 'http://deb.debian.org/debian' […] > I tried "Signed-By: /etc/apt/trusted.gpg.d/*" but that doesn't work. > What is the correct value? Have you looked at the manpage sources.list this notice points to? | […] [Signed-By] is specified as a list of absolute paths to keyring | files […] That goes on to define it further with alternatives and such, but in short, for any Debian entry the best choice might be: Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg There are a range of possible alternatives depending mainly on your paranoia level, but that should be the most maintenance free one for now accomplishing the main goal of the exercise: Ensuring that a Debian entry can not be signed by a random key from a third-party repo you also happen to trust (or did at some point, but forgot to remove the key alongside the sources entry). As that isn't really a bug but a support question, closing. Best regards David KalnischkiesAttachment: signature.asc
Description: PGP signature
--- End Message ---