You are not logged in.

#1 2021-02-16 06:00:19

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,331
Website

BunsenLabs Beryllium experimental packages are available

Most of the BunsenLabs Lithium packages have now been migrated to Beryllium, to run on Debian Bullseye.
The source code is available in the 'beryllium' branches of our GitHub repositories:
https://github.com/BunsenLabs
The packages are available here:
https://kelaino.bunsenlabs.org/~johnraff/debian
These are preliminary migrations - while they are enough to get a usable system, they will see further changes, in particular to the graphics stack, before the official BunsenLabs Beryllium release, which will in any case be after the official Debian Bullseye release.

There is a detailed guide to setting up an experimental Beryllium system here:
https://forums.bunsenlabs.org/viewtopic.php?id=7356

Please post any feedback there.
Thanks!


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Online

#2 2021-10-17 14:42:12

rbh
Moderator
From: Sweden/Vasterbotten/Rusfors
Registered: 2016-08-11
Posts: 1,244

Re: BunsenLabs Beryllium experimental packages are available

Got error when updating:

Err:18 http://Kelaino.bunsenlabs.org/~johnraff/debian beryllium InRelease
  The following signatures were invalid: EXPKEYSIG 8FFD2CE993071671 John Crawley <john@bunsenlabs.org>
Reading package lists... Done
W: GPG error: http://Kelaino.bunsenlabs.org/~johnraff/debian beryllium InRelease: The following signatures were invalid: EXPKEYSIG 8FFD2CE993071671 John Crawley <john@bunsenlabs.org>
E: The repository 'http://Kelaino.bunsenlabs.org/~johnraff/debian beryllium InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

No error against pkg.bunsenlabs.org (beryllium).


// Regards rbh

Please read before requesting help: Guide to getting help,
Introduction to the Bunsenlabs Lithium Desktop and other help topics under "Help Resources" on the BunsenLabs menu

Online

#3 2021-10-18 08:49:13

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,331
Website

Re: BunsenLabs Beryllium experimental packages are available

^Many thanks rbh! I had let my signing key expire again! roll

Now extended the key (for two years) and uploaded the new public key to the BL kelaino server, and to some public keyservers.

I'm afraid Beryllium users will need to download the signing key again:

wget https://kelaino.bunsenlabs.org/~johnraff/bunsen-dev.asc -O bunsen-dev.asc
sudo cp bunsen-dev.asc /etc/apt/trusted.gpg.d

If that doesn't fix the issue, please report back. smile

Last edited by johnraff (2021-10-19 03:52:16)


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Online

#4 2021-10-18 09:03:46

hhh
Meep!
Registered: 2015-09-17
Posts: 12,320
Website

Re: BunsenLabs Beryllium experimental packages are available

Ah, that explains it...

https://forums.bunsenlabs.org/viewtopic … 44#p118044

~ 
❯ wget https://kelaino.bunsenlabs.org/~johnraff/bunsen-dev.asc
--2021-10-18 05:02:34--  https://kelaino.bunsenlabs.org/~johnraff/bunsen-dev.asc
Resolving kelaino.bunsenlabs.org (kelaino.bunsenlabs.org)... 2a01:4f8:c17:2c09::2, 78.47.156.207
Connecting to kelaino.bunsenlabs.org (kelaino.bunsenlabs.org)|2a01:4f8:c17:2c09::2|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6860 (6.7K) [application/pgp-keys]
Saving to: ‘bunsen-dev.asc’

bunsen-dev.asc      100%[===================>]   6.70K  --.-KB/s    in 0s      

2021-10-18 05:02:35 (108 MB/s) - ‘bunsen-dev.asc’ saved [6860/6860]


~ 
❯ sudo cp bunsen-dev.asc /etc/apt/trusted.gpg.d
[sudo] password for rachel: 

~ took 5s 
❯ sudo apt update
Hit:1 http://security.debian.org/debian-security bullseye-security InRelease
Hit:2 http://ftp.us.debian.org/debian bullseye InRelease                       
Get:3 http://ftp.us.debian.org/debian bullseye-updates InRelease [39.4 kB]     
Get:4 https://kelaino.bunsenlabs.org/~johnraff/debian beryllium InRelease [3,405 B]
Fetched 42.8 kB in 1s (46.7 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.

~ took 2s 
❯ 

Offline

#5 2021-10-18 12:57:09

rbh
Moderator
From: Sweden/Vasterbotten/Rusfors
Registered: 2016-08-11
Posts: 1,244

Re: BunsenLabs Beryllium experimental packages are available

I don't get it.

On my desktop it worked as it should, but on my laptop and the server, after downloading new key and copied it to /etc/apt...:

sudo LC_ALL=LC apt update
.
.
.
W: GPG error: http://kelaino.bunsenlabs.org/~johnraff/debian beryllium InRelease: The following signatures were invalid: EXPKEYSIG 8FFD2CE993071671 John Crawley <john@bunsenlabs.org>
E: The repository 'http://kelaino.bunsenlabs.org/~johnraff/debian beryllium InRelease' is not signed.

I have not tested more boxes.
But, for mee it does not matter at the moment, I don't need to pull from dev repo.
But it would be interesting to know if more than I gets error with new apt-key.


// Regards rbh

Please read before requesting help: Guide to getting help,
Introduction to the Bunsenlabs Lithium Desktop and other help topics under "Help Resources" on the BunsenLabs menu

Online

#6 2021-10-18 22:42:07

dhalgren
Member
Registered: 2015-10-01
Posts: 101

Re: BunsenLabs Beryllium experimental packages are available

I have the same problem as @rbh on my laptop.
It appeared to have copied to \etc\apt\...

W: Failed to fetch https://kelaino.bunsenlabs.org/~johnraff/debian/dists/beryllium/InRelease  The following signatures were invalid: EXPKEYSIG 8FFD2CE993071671 John Crawley <john@bunsenlabs.org>

Offline

#7 2021-10-19 03:50:33

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,331
Website

Re: BunsenLabs Beryllium experimental packages are available

Could it be you guys both have existing old copies of  ~/bunsen-dev.asc? In that case, wget will not overwrite it, but download the new file as bunsen-dev.asc.1 (This ocurred to me last evening roll)

Try 'rm bunsen-dev.asc' before running wget, or alternatively use wget's -O option:

wget https://kelaino.bunsenlabs.org/~johnraff/bunsen-dev.asc -O bunsen-dev.asc

(Unfortunately wget does not have a simple 'overwrite' option, and other suggested alternatives like -N might not work in all situations.)

I'll update the instructions.

OTOH if you still get the error then there's a trickier problem to solve...


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Online

#8 2021-10-19 08:15:31

dolly
Miss Mixunderstand
From: /lab701
Registered: 2015-10-03
Posts: 434

Re: BunsenLabs Beryllium experimental packages are available

johnraff wrote:

Try 'rm bunsen-dev.asc' before running wget

Worked here. smile


A bit nerdy, trying to grow up.

Offline

#9 2021-10-19 19:34:20

rbh
Moderator
From: Sweden/Vasterbotten/Rusfors
Registered: 2016-08-11
Posts: 1,244

Re: BunsenLabs Beryllium experimental packages are available

johnraff wrote:

(Unfortunately wget does not have a simple 'overwrite' option, and other suggested alternatives like -N might not work in all situations.)

In this case the -N-flag worked... But removing old key is safer.

I had deleted old apt-key, but did it again, then:

sudo su -
cd /etc/apt/trusted.gpg
touch bunsen-dev.asc
ls -l bunsen-dev.asc
-rw-r--r-- 1 root root 0 19 okt 21.15 bunsen-dev.asc
wget https://kelaino.bunsenlabs.org/~johnraff/bunsen-dev.asc -N -O bunsen-dev.asc
ls -l bunsen-dev.asc
-rw-r--r-- 1 root root 6860 18 okt 09.04 bunsen-dev.asc

Newer key same size as downloaded yesterday.
And still complaining about the apt-key.
No difference if using https or http in sources.list.


// Regards rbh

Please read before requesting help: Guide to getting help,
Introduction to the Bunsenlabs Lithium Desktop and other help topics under "Help Resources" on the BunsenLabs menu

Online

#10 2021-10-20 01:53:16

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,331
Website

Re: BunsenLabs Beryllium experimental packages are available

^So, @rbh is the issue solved or not?
"And still complaining about the apt-key" has me worried...

As to wget's -N option, it will download the file, overwriting the existing one, but only if the file on the server is newer than the one you have already. So most of the time it does what you want, but if you 'touch' the local file it becomes newer than the server file so there's no download.

That's why I recommend the -O option to specify the download filename, or else just delete the old file first. It's a bit more work, but unavoidable I think.

PS I think the new file is the same size as the old one, but you can use 'cmp' or 'diff' to check if they are different.


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Online

#11 2021-10-20 11:05:23

dhalgren
Member
Registered: 2015-10-01
Posts: 101

Re: BunsenLabs Beryllium experimental packages are available

Well, that did not solve the issue for me.
What I did:
Listed the contents of /etc/apt/trusted.gpg.p/ which returned:

root@inana:/etc/apt/trusted.gpg.d# ls
bunsen-dev.asc
bunsen-dev.asc~
bunsen-keyring.gpg
debian-archive-bullseye-automatic.gpg
debian-archive-bullseye-security-automatic.gpg
debian-archive-bullseye-stable.gpg
debian-archive-buster-automatic.gpg
debian-archive-buster-security-automatic.gpg
debian-archive-buster-stable.gpg
debian-archive-stretch-automatic.gpg
debian-archive-stretch-security-automatic.gpg
debian-archive-stretch-stable.gpg
trinity-archive-keyring.gpg
trinity-keyring.gpg

I then removed both bunsen-dev.asc and bunsen-dev.asc~
I then ran apt update and received the following:

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
28 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://kelaino.bunsenlabs.org/~johnraff/debian beryllium InRelease: The following signatures were invalid: EXPKEYSIG 8FFD2CE993071671 John Crawley <john@bunsenlabs.org>
W: Failed to fetch https://kelaino.bunsenlabs.org/~johnraff/debian/dists/beryllium/InRelease  The following signatures were invalid: EXPKEYSIG 8FFD2CE993071671 John Crawley <john@bunsenlabs.org>
W: Some index files failed to download. They have been ignored, or old ones used instead.

Could the bunsen-keyring.gpg be interfering? (I would assume not, but as I have little knowledge of these matters, it seems worth the ask.) Or the old buster stuff?

Offline

#12 2021-10-20 11:28:32

rbh
Moderator
From: Sweden/Vasterbotten/Rusfors
Registered: 2016-08-11
Posts: 1,244

Re: BunsenLabs Beryllium experimental packages are available

johnraff wrote:

^So, @rbh is the issue solved or not?
"And still complaining about the apt-key" has me worried...

Of those pc's, I use frekvently, it works on one. On two pc's, "apt update" result in GPG error as quoted before. For me, I have solved it by pulling beryllium from pkg.bunsenlabs.org. As I have understood, now for a user, not a tester, that is ok.

I started an virtual pc, i use quite often, but have not touched since 17/9. Same error. No dev key in ../trusted.gpg.d. downloaded and copied it to /etc/apt/trusted.gpg.d.
Same error.
Command "apt-key list", shows some outdated Bunsen keys and:

/etc/apt/trusted.gpg.d/bunsen-dev.asc
-------------------------------------
pub   rsa4096 2017-05-01 [SC] [expires: 2023-10-18]
      E8A7 1771 F7B2 F0B3 2A31  3694 3ADA 82C1 2153 DCF1
uid           [ unknown] John Crawley <john@bunsenlabs.org>
sub   rsa4096 2017-05-01 [S] [expires: 2023-10-18]
sub   rsa4096 2017-05-01 [E] [expires: 2023-10-18]

The key seems to be unknown.
Running "apt-key del 8FFD2CE993071671", returns "OK", but same error.

Maybe that if the apt-key has been handled with old "apt key add -", it needs more than just copying new key to disk?

As to wget's -N option, it will download the file, overwriting the existing one, but only if the file on the server is newer than the one you have already. So most of the time it does what you want, but if you 'touch' the local file it becomes newer than the server file so there's no download.

As you saw, my newer bunsen-dev.asc, 0 byte in size, was overwritten.

or else just delete the old file first. It's a bit more work, but unavoidable I think..

Yes, it is safer, but not much more work. But, something more is needed...

PS I think the new file is the same size as the old one, but you can use 'cmp' or 'diff' to check if they are different.

Nope, I can not. I do not have any boxes with old bunsen-dev.asc


// Regards rbh

Please read before requesting help: Guide to getting help,
Introduction to the Bunsenlabs Lithium Desktop and other help topics under "Help Resources" on the BunsenLabs menu

Online

#13 2021-10-20 13:50:33

rbh
Moderator
From: Sweden/Vasterbotten/Rusfors
Registered: 2016-08-11
Posts: 1,244

Re: BunsenLabs Beryllium experimental packages are available

I took my very old IBM TP X30, still on Lithium/Buster but pulling Lithium from dev-server.
Same errror. No difference copying bunsen-dev.asc to ../trusted.gpg.d

Noted that command "apt key del testkey" also returns "ok"...

Finaly tried old "apt-key add bunsen-dev.asc", it worked.
Importing key with "apt-key add bunsen-dev.asc", also worked on boxes runing Beryllium/Bullseye. Saw later that old "apt-key add" will be available in debian 11. First in Debian 12 wil it not be there.

So, the solution is to use old school "apt-key add bunsen-dev.asc" for debian 10 and 11 if it does not suffice to copy bunsen-dev.asc ../trusted.gpg.d


// Regards rbh

Please read before requesting help: Guide to getting help,
Introduction to the Bunsenlabs Lithium Desktop and other help topics under "Help Resources" on the BunsenLabs menu

Online

#14 2021-10-21 01:08:02

dhalgren
Member
Registered: 2015-10-01
Posts: 101

Re: BunsenLabs Beryllium experimental packages are available

@rbh

Thank you. That worked for me also.

Offline

#15 2021-10-21 02:37:26

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,331
Website

Re: BunsenLabs Beryllium experimental packages are available

^That's very interesting.

From  "apt-key list" on your VM, this shows the latest key, same as what I see on the machine that sucessfully updated:

/etc/apt/trusted.gpg.d/bunsen-dev.asc
-------------------------------------
pub   rsa4096 2017-05-01 [SC] [expires: 2023-10-18]
      E8A7 1771 F7B2 F0B3 2A31  3694 3ADA 82C1 2153 DCF1
uid           [ unknown] John Crawley <john@bunsenlabs.org>
sub   rsa4096 2017-05-01 [S] [expires: 2023-10-18]
sub   rsa4096 2017-05-01 [E] [expires: 2023-10-18]

That's the new key which expires in 2023, and the fingerprint is right too.
On my machine, where the key was originally generated:

john@lithium:~$ gpg --fingerprint
/home/john/.gnupg/pubring.kbx
-----------------------------
pub   rsa4096 2017-05-01 [SC] [expires: 2023-10-18]
      E8A7 1771 F7B2 F0B3 2A31  3694 3ADA 82C1 2153 DCF1
uid           [ultimate] John Crawley <john@bunsenlabs.org>
sub   rsa4096 2017-05-01 [S] [expires: 2023-10-18]
sub   rsa4096 2017-05-01 [E] [expires: 2023-10-18]

An easy check for people to tell if they have downloaded the right key is the md5sum:

john@lithium:~$ md5sum bunsen-dev.asc{,-old}
68be64ac5ea6f86daae2441e938bcf6f  bunsen-dev.asc
f0a06ddfa37a7679538c4ade8bb6e2db  bunsen-dev.asc-old

I've just re-checked and the key on the kelaino server also has the new md5sum.

On my laptop there's a beryllium VM which hasn't been updated yet, and sure enough apt reports the usual error, and bunsen-dev.asc shows the old md5sum. Now, I'll try the commands shown here to update it.

...and it worked:

john@beryl:~$ md5sum bunsen-dev.asc 
f0a06ddfa37a7679538c4ade8bb6e2db  bunsen-dev.asc <<= Old md5sum
john@beryl:~$ mv bunsen-dev.asc{,-old}
john@beryl:~$ wget https://kelaino.bunsenlabs.org/~johnraff/bunsen-dev.asc -O bunsen-dev.asc
--2021-10-21 09:59:54--  https://kelaino.bunsenlabs.org/~johnraff/bunsen-dev.asc
Resolving kelaino.bunsenlabs.org (kelaino.bunsenlabs.org)... 78.47.156.207, 2a01:4f8:c17:2c09::2
Connecting to kelaino.bunsenlabs.org (kelaino.bunsenlabs.org)|78.47.156.207|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6860 (6.7K) [application/pgp-keys]
Saving to: ‘bunsen-dev.asc’
2021-10-21 09:59:55 (39.2 MB/s) - ‘bunsen-dev.asc’ saved [6860/6860]
john@beryl:~$ md5sum bunsen-dev.asc 
68be64ac5ea6f86daae2441e938bcf6f  bunsen-dev.asc # <<= New md5sum
john@beryl:~$ ls /etc/apt/trusted.gpg.d
bunsen-dev.asc
bunsen-keyring.gpg
debian-archive-bullseye-automatic.gpg
# etc etc
john@beryl:~$ md5sum /etc/apt/trusted.gpg.d/bunsen-dev.asc 
f0a06ddfa37a7679538c4ade8bb6e2db  /etc/apt/trusted.gpg.d/bunsen-dev.asc
john@beryl:~$ sudo cp bunsen-dev.asc /etc/apt/trusted.gpg.d/
john@beryl:~$ md5sum /etc/apt/trusted.gpg.d/bunsen-dev.asc 
68be64ac5ea6f86daae2441e938bcf6f  /etc/apt/trusted.gpg.d/bunsen-dev.asc
john@beryl:~$ sudo apt update
Hit:1 https://deb.debian.org/debian bullseye InRelease
Hit:2 https://deb.debian.org/debian-security bullseye-security InRelease
Hit:3 https://deb.debian.org/debian bullseye-updates InRelease
Hit:4 https://deb.debian.org/debian bullseye-backports InRelease
Get:5 https://kelaino.bunsenlabs.org/~johnraff/debian beryllium InRelease [3,405 B]
# etc
42 packages can be upgraded. Run 'apt list --upgradable' to see them.

BTW /etc/apt/trusted.gpg.d/bunsen-keyring.gpg is the key for the "official" BL repositories, and should not matter here.

So, why are some peoples' apts not updating even when the new key is in  /etc/apt/trusted.gpg.d??
And why does 'apt-key add' work, even though it has been deprecated??:

apt-key wrote:

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

It's unlikely, but one thing that ocurred to me was: is there a hidden apt dependency on gpg? All my systems (where the update went successfully) have gpg installed. Could it be that the cases which @rbh and @dhalgren reported did not have gpg, and using apt-key works around that?

---
Going forward, there might be a case in the future to stop putting any BL keys (experimental or official) in /etc/apt/trusted.gpg.d and instead using files in /usr/share/keyrings specifically referred to in the apt line:

deb [signed-by=/usr/share/keyrings/bunsen-dev-archive-keyring.gpg] https://kelaino.bunsenlabs.org/~johnraff/debian beryllium main

https://wiki.debian.org/DebianRepository/UseThirdParty


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Online

#16 2021-10-21 06:16:27

rbh
Moderator
From: Sweden/Vasterbotten/Rusfors
Registered: 2016-08-11
Posts: 1,244

Re: BunsenLabs Beryllium experimental packages are available

johnraff wrote:

And why does 'apt-key add' work, even though it has been deprecated??

"You can continue to use apt-key for now as it still works." from: https://www.linuxuprising.com/2021/01/a … o-add.html. You can as I wrote earlier continue using it in Debian 11.

Going forward, there might be a case in the future to stop putting any BL keys (experimental or official) in /etc/apt/trusted.gpg.d and instead using files in /usr/share/keyrings specifically

Copying files to /etc/apt/trusted.gpg.d, is as insecure as apt-key.
But, is not /usr/share/keyrings... just a "placeholder", the keys need more work as described in page above.


// Regards rbh

Please read before requesting help: Guide to getting help,
Introduction to the Bunsenlabs Lithium Desktop and other help topics under "Help Resources" on the BunsenLabs menu

Online

#17 2021-10-21 07:06:07

rbh
Moderator
From: Sweden/Vasterbotten/Rusfors
Registered: 2016-08-11
Posts: 1,244

Re: BunsenLabs Beryllium experimental packages are available

From another VM, with both kelaino and pkg.bunsenlabs.org in sources.list (one of them added yeasterday). Package gpg is installed.
Output of command "apt-key list", only showing Bunsenlabs keys:

/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-05-01 [SC] [expired: 2021-10-17]
      E8A7 1771 F7B2 F0B3 2A31  3694 3ADA 82C1 2153 DCF1
uid           [ expired] John Crawley <john@bunsenlabs.org>

Output after copying bunsen-dev.asc to /etc/apt/trusted.gpg.d:

/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-05-01 [SC] [expired: 2021-10-17]
      E8A7 1771 F7B2 F0B3 2A31  3694 3ADA 82C1 2153 DCF1
uid           [ expired] John Crawley <john@bunsenlabs.org>

/etc/apt/trusted.gpg.d/bunsen-dev.asc
-------------------------------------
pub   rsa4096 2017-05-01 [SC] [expires: 2023-10-18]
      E8A7 1771 F7B2 F0B3 2A31  3694 3ADA 82C1 2153 DCF1
uid           [ unknown] John Crawley <john@bunsenlabs.org>
sub   rsa4096 2017-05-01 [S] [expires: 2023-10-18]
sub   rsa4096 2017-05-01 [E] [expires: 2023-10-18]

Apt update shows error aginst both pkg.bunsenlabs (NO_PUBKEY A0673F72FE62D9C5) and Kelaino (same pubkey)
Output after running "apt-key add"

/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-05-01 [SC] [expires: 2023-10-18]
      E8A7 1771 F7B2 F0B3 2A31  3694 3ADA 82C1 2153 DCF1
uid           [ unknown] John Crawley <john@bunsenlabs.org>
sub   rsa4096 2017-05-01 [E] [expires: 2023-10-18]
sub   rsa4096 2017-05-01 [S] [expires: 2023-10-18]

/etc/apt/trusted.gpg.d/bunsen-dev.asc
-------------------------------------
pub   rsa4096 2017-05-01 [SC] [expires: 2023-10-18]
      E8A7 1771 F7B2 F0B3 2A31  3694 3ADA 82C1 2153 DCF1
uid           [ unknown] John Crawley <john@bunsenlabs.org>
sub   rsa4096 2017-05-01 [S] [expires: 2023-10-18]
sub   rsa4096 2017-05-01 [E] [expires: 2023-10-18]

"Apt update" gives error aginst pkg.bunsenlabs same NO_PUBKEY.

Fetched https://ddl.bunsenlabs.org/ddl/BunsenLabs-RELEASE.asc and added key with apt-key, removed error against pkg.bunsenlabs

And last apt-key list after that:

/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-05-01 [SC] [expires: 2023-10-18]
      E8A7 1771 F7B2 F0B3 2A31  3694 3ADA 82C1 2153 DCF1
uid           [ unknown] John Crawley <john@bunsenlabs.org>
sub   rsa4096 2017-05-01 [E] [expires: 2023-10-18]
sub   rsa4096 2017-05-01 [S] [expires: 2023-10-18]

pub   rsa4096 2015-07-11 [SC] [expires: 2030-10-08]
      3172 4784 0522 7490 BBB7  43E6 A067 3F72 FE62 D9C5
uid           [ unknown] Jens John (BunsenLabs Repository Signing Key) <dev@2ion.de>
sub   rsa4096 2015-07-11 [E] [expires: 2030-10-08]

/etc/apt/trusted.gpg.d/bunsen-dev.asc
-------------------------------------
pub   rsa4096 2017-05-01 [SC] [expires: 2023-10-18]
      E8A7 1771 F7B2 F0B3 2A31  3694 3ADA 82C1 2153 DCF1
uid           [ unknown] John Crawley <john@bunsenlabs.org>
sub   rsa4096 2017-05-01 [S] [expires: 2023-10-18]
sub   rsa4096 2017-05-01 [E] [expires: 2023-10-18]

// Regards rbh

Please read before requesting help: Guide to getting help,
Introduction to the Bunsenlabs Lithium Desktop and other help topics under "Help Resources" on the BunsenLabs menu

Online

#18 2021-10-21 07:58:43

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,331
Website

Re: BunsenLabs Beryllium experimental packages are available

I think I might have an idea here.

rbh wrote:

Output after copying bunsen-dev.asc to /etc/apt/trusted.gpg.d:

/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-05-01 [SC] [expired: 2021-10-17]
      E8A7 1771 F7B2 F0B3 2A31  3694 3ADA 82C1 2153 DCF1
uid           [ expired] John Crawley <john@bunsenlabs.org>

/etc/apt/trusted.gpg.d/bunsen-dev.asc
-------------------------------------
pub   rsa4096 2017-05-01 [SC] [expires: 2023-10-18]
      E8A7 1771 F7B2 F0B3 2A31  3694 3ADA 82C1 2153 DCF1
uid           [ unknown] John Crawley <john@bunsenlabs.org>
sub   rsa4096 2017-05-01 [S] [expires: 2023-10-18]
sub   rsa4096 2017-05-01 [E] [expires: 2023-10-18]

Apt update shows error aginst both pkg.bunsenlabs (NO_PUBKEY A0673F72FE62D9C5) and Kelaino (same pubkey)

My theory is:
1) "apt-key" is operating on the file /etc/apt/trusted.gpg, not the files in /etc/apt/trusted.gpg.d
2) apt is giving /etc/apt/trusted.gpg priority over the files in /etc/apt/trusted.gpg.d
3) the bunsen-dev key still has the same fingerprint, though its expiry date has been updated

So if a user has previously added bunsen-dev.asc (or any other filename holding the same key) via "apt-key add" then the expired key in /etc/apt/trusted.gpg is seen before the new key in /etc/apt/trusted.gpg.d/bunsen-dev.asc and apt thinks the key has expired.

If that's correct, then the above situation (old key in /etc/apt/trusted.gpg, new key in /etc/apt/trusted.gpg.d/bunsen-dev.asc) should be fixable by running "apt-key del 2153DCF1", leaving only the new key.

And, again if that's correct, in future it's best to avoid using "apt-key add" because the same issue will happen again if an updated key is released later.


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Online

#19 Yesterday 06:14:08

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,331
Website

Re: BunsenLabs Beryllium experimental packages are available

New version of bunsen-utilities (11.2-1) has just been uploaded to the experimental repo.
There are many improvements to BLOB (bl-obthemes) in particular.
Of course some bugs might have crept in, so any test reports would be welcome!


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Online

Board footer

Powered by FluxBB