Your message dated Mon, 11 Mar 2024 13:14:44 +0100 with message-id <xogko5cer63vrye3wjiphy25wmtguwmpbdkg3bfrfozzmsamfo@tqpixnnaam6g> and subject line Re: Bug#1066028: apt upgrade /apt-key manual page inconsistency has caused the Debian Bug report #1066028, regarding apt upgrade /apt-key manual page inconsistency to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1066028: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066028 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt upgrade /apt-key manual page inconsistency
- From: Roger Wolff <R.E.Wolff@BitWizard.nl>
- Date: Mon, 11 Mar 2024 09:30:17 +0000
- Message-id: <[🔎] 171014941753.1406.12272406820181410304.reportbug@tanky>
Package: apt Version: 2.6.1 Severity: important Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? I'm installing a package. Instructions told me to run apt update When I did so, there was an error message. * What exactly did you do (or not do) that was effective (or ineffective)? I did NOT use the apt-key commandline. * What was the outcome of this action? I was told by apt update to see the apt-key manual page under DEPRICATED for information on how to proceed with this situation. I did so and was told to replace something I didn't type with something I don't need. As said before: I never used the apt-key commandline. I just got the message from apt update. * What outcome did you expect instead? I expected at least some clear information on how to proceed. Windows users apparently know that when you get an error message "Router didnot issue an IP addresss" that something entirely different is going on. I'm a stupid Linux user. I expect error messages to point me in the right direction. (i.e. "permission denied" when that's the case and not "directory doesn't exist or .. or ... (nothing about permissions). -- Package-specific info: -- apt-config dump -- APT ""; APT::Architecture "armhf"; APT::Build-Essential ""; APT::Build-Essential:: "build-essential"; APT::Install-Recommends "1"; APT::Install-Suggests "0"; APT::Sandbox ""; APT::Sandbox::User "_apt"; APT::NeverAutoRemove ""; APT::NeverAutoRemove:: "^firmware-linux.*"; APT::NeverAutoRemove:: "^linux-firmware$"; APT::NeverAutoRemove:: "^linux-image-[a-z0-9]*$"; APT::NeverAutoRemove:: "^linux-image-[a-z0-9]*-[a-z0-9]*$"; APT::VersionedKernelPackages ""; APT::VersionedKernelPackages:: "linux-.*"; APT::VersionedKernelPackages:: "kfreebsd-.*"; APT::VersionedKernelPackages:: "gnumach-.*"; APT::VersionedKernelPackages:: ".*-modules"; APT::VersionedKernelPackages:: ".*-kernel"; APT::Never-MarkAuto-Sections ""; APT::Never-MarkAuto-Sections:: "metapackages"; APT::Never-MarkAuto-Sections:: "tasks"; APT::Move-Autobit-Sections ""; APT::Move-Autobit-Sections:: "oldlibs"; APT::Architectures ""; APT::Architectures:: "armhf"; APT::Architectures:: "arm64"; APT::Compressor ""; APT::Compressor::. ""; APT::Compressor::.::Name "."; APT::Compressor::.::Extension ""; APT::Compressor::.::Binary ""; APT::Compressor::.::Cost "0"; APT::Compressor::zstd ""; APT::Compressor::zstd::Name "zstd"; APT::Compressor::zstd::Extension ".zst"; APT::Compressor::zstd::Binary "zstd"; APT::Compressor::zstd::Cost "60"; APT::Compressor::zstd::CompressArg ""; APT::Compressor::zstd::CompressArg:: "-19"; APT::Compressor::zstd::UncompressArg ""; APT::Compressor::zstd::UncompressArg:: "-d"; APT::Compressor::lz4 ""; APT::Compressor::lz4::Name "lz4"; APT::Compressor::lz4::Extension ".lz4"; APT::Compressor::lz4::Binary "false"; APT::Compressor::lz4::Cost "50"; APT::Compressor::gzip ""; APT::Compressor::gzip::Name "gzip"; APT::Compressor::gzip::Extension ".gz"; APT::Compressor::gzip::Binary "gzip"; APT::Compressor::gzip::Cost "100"; APT::Compressor::gzip::CompressArg ""; APT::Compressor::gzip::CompressArg:: "-6n"; APT::Compressor::gzip::UncompressArg ""; APT::Compressor::gzip::UncompressArg:: "-d"; APT::Compressor::xz ""; APT::Compressor::xz::Name "xz"; APT::Compressor::xz::Extension ".xz"; APT::Compressor::xz::Binary "xz"; APT::Compressor::xz::Cost "200"; APT::Compressor::xz::CompressArg ""; APT::Compressor::xz::CompressArg:: "-6"; APT::Compressor::xz::UncompressArg ""; APT::Compressor::xz::UncompressArg:: "-d"; APT::Compressor::bzip2 ""; APT::Compressor::bzip2::Name "bzip2"; APT::Compressor::bzip2::Extension ".bz2"; APT::Compressor::bzip2::Binary "bzip2"; APT::Compressor::bzip2::Cost "300"; APT::Compressor::bzip2::CompressArg ""; APT::Compressor::bzip2::CompressArg:: "-6"; APT::Compressor::bzip2::UncompressArg ""; APT::Compressor::bzip2::UncompressArg:: "-d"; APT::Compressor::lzma ""; APT::Compressor::lzma::Name "lzma"; APT::Compressor::lzma::Extension ".lzma"; APT::Compressor::lzma::Binary "xz"; APT::Compressor::lzma::Cost "400"; APT::Compressor::lzma::CompressArg ""; APT::Compressor::lzma::CompressArg:: "--format=lzma"; APT::Compressor::lzma::CompressArg:: "-6"; APT::Compressor::lzma::UncompressArg ""; APT::Compressor::lzma::UncompressArg:: "--format=lzma"; APT::Compressor::lzma::UncompressArg:: "-d"; Dir "/"; Dir::State "var/lib/apt"; Dir::State::lists "lists/"; Dir::State::cdroms "cdroms.list"; Dir::State::extended_states "extended_states"; Dir::State::status "/var/lib/dpkg/status"; Dir::Cache "var/cache/apt"; Dir::Cache::archives "archives/"; Dir::Cache::srcpkgcache "srcpkgcache.bin"; Dir::Cache::pkgcache "pkgcache.bin"; Dir::Etc "etc/apt"; Dir::Etc::sourcelist "sources.list"; Dir::Etc::sourceparts "sources.list.d"; Dir::Etc::main "apt.conf"; Dir::Etc::netrc "auth.conf"; Dir::Etc::netrcparts "auth.conf.d"; Dir::Etc::parts "apt.conf.d"; Dir::Etc::preferences "preferences"; Dir::Etc::preferencesparts "preferences.d"; Dir::Etc::trusted "trusted.gpg"; Dir::Etc::trustedparts "trusted.gpg.d"; Dir::Etc::apt-listchanges-main "listchanges.conf"; Dir::Etc::apt-listchanges-parts "listchanges.conf.d"; Dir::Bin ""; Dir::Bin::methods "/usr/lib/apt/methods"; Dir::Bin::solvers ""; Dir::Bin::solvers:: "/usr/lib/apt/solvers"; Dir::Bin::planners ""; Dir::Bin::planners:: "/usr/lib/apt/planners"; Dir::Bin::dpkg "/usr/bin/dpkg"; Dir::Bin::gzip "/bin/gzip"; Dir::Bin::bzip2 "/bin/bzip2"; Dir::Bin::xz "/usr/bin/xz"; Dir::Bin::lz4 "/usr/bin/lz4"; Dir::Bin::zstd "/usr/bin/zstd"; Dir::Bin::lzma "/usr/bin/xz"; Dir::Media ""; Dir::Media::MountPath "/media/apt"; Dir::Log "var/log/apt"; Dir::Log::Terminal "term.log"; Dir::Log::History "history.log"; Dir::Log::Planner "eipp.log.xz"; Dir::Ignore-Files-Silently ""; Dir::Ignore-Files-Silently:: "~$"; Dir::Ignore-Files-Silently:: "\.disabled$"; Dir::Ignore-Files-Silently:: "\.bak$"; Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$"; Dir::Ignore-Files-Silently:: "\.ucf-[a-z]+$"; Dir::Ignore-Files-Silently:: "\.save$"; Dir::Ignore-Files-Silently:: "\.orig$"; Dir::Ignore-Files-Silently:: "\.distUpgrade$"; Acquire ""; Acquire::AllowInsecureRepositories "0"; Acquire::AllowWeakRepositories "0"; Acquire::AllowDowngradeToInsecureRepositories "0"; Acquire::cdrom ""; Acquire::cdrom::mount "/media/cdrom/"; Acquire::IndexTargets ""; Acquire::IndexTargets::deb ""; Acquire::IndexTargets::deb::Packages ""; Acquire::IndexTargets::deb::Packages::MetaKey "$(COMPONENT)/binary-$(ARCHITECTURE)/Packages"; Acquire::IndexTargets::deb::Packages::flatMetaKey "Packages"; Acquire::IndexTargets::deb::Packages::ShortDescription "Packages"; Acquire::IndexTargets::deb::Packages::Description "$(RELEASE)/$(COMPONENT) $(ARCHITECTURE) Packages"; Acquire::IndexTargets::deb::Packages::flatDescription "$(RELEASE) Packages"; Acquire::IndexTargets::deb::Packages::Optional "0"; Acquire::IndexTargets::deb::Translations ""; Acquire::IndexTargets::deb::Translations::MetaKey "$(COMPONENT)/i18n/Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::flatMetaKey "$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::ShortDescription "Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::Description "$(RELEASE)/$(COMPONENT) Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::flatDescription "$(RELEASE) Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb-src ""; Acquire::IndexTargets::deb-src::Sources ""; Acquire::IndexTargets::deb-src::Sources::MetaKey "$(COMPONENT)/source/Sources"; Acquire::IndexTargets::deb-src::Sources::flatMetaKey "Sources"; Acquire::IndexTargets::deb-src::Sources::ShortDescription "Sources"; Acquire::IndexTargets::deb-src::Sources::Description "$(RELEASE)/$(COMPONENT) Sources"; Acquire::IndexTargets::deb-src::Sources::flatDescription "$(RELEASE) Sources"; Acquire::IndexTargets::deb-src::Sources::Optional "0"; Acquire::Changelogs ""; Acquire::Changelogs::URI ""; Acquire::Changelogs::URI::Origin ""; Acquire::Changelogs::URI::Origin::Debian "https://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog"; Acquire::Changelogs::URI::Origin::Ubuntu "https://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog"; Acquire::Changelogs::AlwaysOnline ""; Acquire::Changelogs::AlwaysOnline::Origin ""; Acquire::Changelogs::AlwaysOnline::Origin::Ubuntu "1"; Acquire::PDiffs "0"; Acquire::Languages ""; Acquire::Languages:: "en"; Acquire::Languages:: "none"; Acquire::CompressionTypes ""; Acquire::CompressionTypes::xz "xz"; Acquire::CompressionTypes::bz2 "bzip2"; Acquire::CompressionTypes::lzma "lzma"; Acquire::CompressionTypes::gz "gzip"; Acquire::CompressionTypes::lz4 "lz4"; Acquire::CompressionTypes::zst "zstd"; DPkg ""; DPkg::Path "/usr/sbin:/usr/bin:/sbin:/bin"; DPkg::Pre-Install-Pkgs ""; DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -lt 10"; DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true"; DPkg::Tools ""; DPkg::Tools::Options ""; DPkg::Tools::Options::/usr/bin/apt-listchanges ""; DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2"; DPkg::Tools::Options::/usr/bin/apt-listchanges::InfoFD "20"; Binary "apt-config"; Binary::apt ""; Binary::apt::APT ""; Binary::apt::APT::Color "1"; Binary::apt::APT::Cache ""; Binary::apt::APT::Cache::Show ""; Binary::apt::APT::Cache::Show::Version "2"; Binary::apt::APT::Cache::AllVersions "0"; Binary::apt::APT::Cache::ShowVirtuals "1"; Binary::apt::APT::Cache::Search ""; Binary::apt::APT::Cache::Search::Version "2"; Binary::apt::APT::Cache::ShowDependencyType "1"; Binary::apt::APT::Cache::ShowVersion "1"; Binary::apt::APT::Get ""; Binary::apt::APT::Get::Upgrade-Allow-New "1"; Binary::apt::APT::Get::Update ""; Binary::apt::APT::Get::Update::InteractiveReleaseInfoChanges "1"; Binary::apt::APT::Cmd ""; Binary::apt::APT::Cmd::Show-Update-Stats "1"; Binary::apt::APT::Cmd::Pattern-Only "1"; Binary::apt::APT::Keep-Downloaded-Packages "0"; Binary::apt::DPkg ""; Binary::apt::DPkg::Progress-Fancy "1"; Binary::apt::DPkg::Lock ""; Binary::apt::DPkg::Lock::Timeout "-1"; CommandLine ""; CommandLine::AsString "apt-config dump"; -- (no /etc/apt/preferences present) -- -- (no /etc/apt/preferences.d/* present) -- -- /etc/apt/sources.list -- deb [ arch=armhf ] http://raspbian.raspberrypi.com/raspbian/ bookworm main contrib non-free rpi # Uncomment line below then 'apt-get update' to enable 'apt-get source' #deb-src http://raspbian.raspberrypi.com/raspbian/ bookworm main contrib non-free rpi -- /etc/apt/sources.list.d/raspi.list -- deb http://archive.raspberrypi.com/debian/ bookworm main # Uncomment line below then 'apt-get update' to enable 'apt-get source' #deb-src http://archive.raspberrypi.com/debian/ bookworm main -- System Information: Distributor ID: Raspbian Description: Raspbian GNU/Linux 12 (bookworm) Release: 12 Codename: bookworm Architecture: armv6l Kernel: Linux 6.1.0-rpi7-rpi-v6 (UP) Kernel taint flags: TAINT_CRAP Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages apt depends on: ii adduser 3.134 ii gpgv 2.2.40-1.1 ii libapt-pkg6.0 2.6.1 ii libc6 2.36-9+rpt2+deb12u3 ii libgcc-s1 12.2.0-14+rpi1 ii libgnutls30 3.7.9-2 ii libseccomp2 2.5.4-1+rpi1+b1 ii libstdc++6 12.2.0-14+rpi1 ii libsystemd0 252.17-1~deb12u1+rpi1 ii raspbian-archive-keyring 20120528.2 Versions of packages apt recommends: ii ca-certificates 20230311 Versions of packages apt suggests: pn apt-doc <none> pn aptitude | synaptic | wajig <none> ii dpkg-dev 1.21.22+rpi1 ii gnupg 2.2.40-1.1 pn powermgmt-base <none> -- no debconf information
--- End Message ---
--- Begin Message ---
- To: Roger Wolff <R.E.Wolff@bitwizard.nl>, 1066028-done@bugs.debian.org
- Subject: Re: Bug#1066028: apt upgrade /apt-key manual page inconsistency
- From: David Kalnischkies <david@kalnischkies.de>
- Date: Mon, 11 Mar 2024 13:14:44 +0100
- Message-id: <xogko5cer63vrye3wjiphy25wmtguwmpbdkg3bfrfozzmsamfo@tqpixnnaam6g>
- In-reply-to: <[🔎] 171014941753.1406.12272406820181410304.reportbug@tanky>
- References: <[🔎] 171014941753.1406.12272406820181410304.reportbug@tanky>
On Mon, Mar 11, 2024 at 09:30:17AM +0000, Roger Wolff wrote: > * What led up to the situation? > > I'm installing a package. Instructions told me to run apt update > When I did so, there was an error message. What package, which instructions and what error message? Debian alone has 70.000+ packages, apt a couple hundred error messages and "instructions" is too dubious to even assign a ball park number… So, paraphrasing what you wrote later: how are you expecting that as an apt developer I apparently know all the details then you send a message without any. > * What exactly did you do (or not do) that was effective (or > ineffective)? > I did NOT use the apt-key commandline. So, I suppose the WARNING message you saw was about the "legacy trusted.gpg keyring" (no, that isn't the only possible choice)? And based on what you said before I presume you wanted to install some package from a third-party repository, which has some instructions you followed to effectively add their key and also told you to run "apt update" so that the data from that newly added repo is downloaded and used? I don't know the package nor the 3rd-party repo as you haven't told us, so I don't know what you did wrong based on properly wrong and/or outdated instructions, but that isn't my nor apts fault and henceforth not a bug. If anything its a feature reminding people they shouldn't blindly add old and/or crappy 3rd party repos. > * What was the outcome of this action? > I was told by apt update to see the apt-key manual page under DEPRICATED > for information on how to proceed with this situation. > > I did so and was told to replace something I didn't type with something > I don't need. As said before: I never used the apt-key commandline. I just > got the message from apt update. Stuff doesn't materialize out of thin air. If you insist on not having run apt-key, you will have run something similar, perhaps via those fun things like "wget -O- http://example.org/please-exploit-me | sudo bash". There are too many ways you could possibly end up here, but all those ways are wrong. They are either fragile or insecure, usually both. The manpage gives just one common example, but really it is the job of the "instructions" you followed to not lead you astray to begin with. > * What outcome did you expect instead? > > I expected at least some clear information on how to proceed. Well, how the "information to proceed" is spelled out changed over the years, but the underlying message remained the same in the last … 14+ years in which the general advice was not to use apt-key: If you use a repository that can't be bothered to provide you with issue free usage instructions, should you really be using that repository? Sadly, telling people that doesn't help anyone as people usually add such repos because they (FSVO) need the packages included, but it serves as a good reminder to all the people who see this message that apparently the repository was never tested by its creators and henceforth is equally well supported by them given you also naturally raised your issues here instead of talking to those creators… Anyhow, this report started out with insufficient details and even with guesstimated details added it remains an issue of a third-party that is unwilling to support its own users. I am therefore closing as not a bug (in/for Debian). You may disagree on the closure and reopen, but be prepared to provide a hell of a lot more details than you initially provided to make your case sound. Best regards David KalnischkiesAttachment: signature.asc
Description: PGP signature
--- End Message ---