Apt-secure and upgrading to bullseye

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Apt-secure and upgrading to bullseye

Julian Gilbey-2
Hooray, buster's released!  Congrats to all!

So I tried upgrading my machine to bullseye today, and
aptitude/apt-get update don't like this, giving me errors such as:

E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed its 'Codename' value from 'buster' to 'bullseye'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

So I read apt-secure(8), which gives no indication of how to "accept
this explicitly", and neither do any of the linked wiki pages.

Any suggestions?

(And obviously something needs changing so that people aren't stung
when bullseye is released.)

Best wishes,

   Julian

Reply | Threaded
Open this post in threaded view
|

Re: Apt-secure and upgrading to bullseye

David Kalnischkies-4
Hi,

On Wed, Jul 10, 2019 at 12:31:51PM +0100, Julian Gilbey wrote:
> Hooray, buster's released!  Congrats to all!

Indeed! ☺

> E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed its 'Codename' value from 'buster' to 'bullseye'
> N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

There are various reports about that against apt/aptitude, so I am not
feeling like adding lots of duplicated content now, but the gist is:

Either use "apt update" (it will ask an interactive question) or
"apt-get update --allow-releaseinfo-change" (see apt-get manpage) or
[least preferred option] set the config option
Acquire::AllowReleaseInfoChange for basically any apt-based client.


Best regards

David Kalnischkies

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Apt-secure and upgrading to bullseye

Paul Wise via nm
In reply to this post by Julian Gilbey-2
On Wed, Jul 10, 2019 at 7:59 PM Julian Gilbey wrote:

> So I read apt-secure(8), which gives no indication of how to "accept
> this explicitly", and neither do any of the linked wiki pages.
>
> Any suggestions?

There are two options:

# apt update
<accept the changes when asked>

# apt-get --allow-releaseinfo-change update

--
bye,
pabs

https://wiki.debian.org/PaulWise
https://bonedaddy.net/pabs3/

Reply | Threaded
Open this post in threaded view
|

Re: Apt-secure and upgrading to bullseye

Julian Gilbey-2
In reply to this post by Julian Gilbey-2
On Wed, Jul 10, 2019 at 12:31:51PM +0100, Julian Gilbey wrote:

> Hooray, buster's released!  Congrats to all!
>
> So I tried upgrading my machine to bullseye today, and
> aptitude/apt-get update don't like this, giving me errors such as:
>
> E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed its 'Codename' value from 'buster' to 'bullseye'
> N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
>
> So I read apt-secure(8), which gives no indication of how to "accept
> this explicitly", and neither do any of the linked wiki pages.
>
> Any suggestions?
>
> (And obviously something needs changing so that people aren't stung
> when bullseye is released.)

Ah, turns out it's a known bug with aptitude.  The solution is to run
"apt update", which interactively asks what to do with these changes.

Best wishes,

   Julian

Reply | Threaded
Open this post in threaded view
|

Re: Apt-secure and upgrading to bullseye

Mechtilde Stehmann-4
Hello,

Am 10.07.19 um 14:30 schrieb Julian Gilbey:

> On Wed, Jul 10, 2019 at 12:31:51PM +0100, Julian Gilbey wrote:
>> Hooray, buster's released!  Congrats to all!
>>
>> So I tried upgrading my machine to bullseye today, and
>> aptitude/apt-get update don't like this, giving me errors such as:
>>
>> E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed its 'Codename' value from 'buster' to 'bullseye'
>> N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
>>
>> So I read apt-secure(8), which gives no indication of how to "accept
>> this explicitly", and neither do any of the linked wiki pages.
>>
>> Any suggestions?
>>
>> (And obviously something needs changing so that people aren't stung
>> when bullseye is released.)
>
> Ah, turns out it's a known bug with aptitude.  The solution is to run
> "apt update", which interactively asks what to do with these changes.
that is the reason, why I didn't have this problem. I use apt-get / apt
all the time.

>
> Best wishes,
>
>    Julian
>

Kind regards

--
Mechtilde Stehmann
## Debian Developer
## PGP encryption welcome
## F0E3 7F3D C87A 4998 2899  39E7 F287 7BBA 141A AD7F


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Apt-secure and upgrading to bullseye

Bjørn Mork
In reply to this post by Julian Gilbey-2
Julian Gilbey <[hidden email]> writes:

> On Wed, Jul 10, 2019 at 12:31:51PM +0100, Julian Gilbey wrote:
>> Hooray, buster's released!  Congrats to all!
>>
>> So I tried upgrading my machine to bullseye today, and
>> aptitude/apt-get update don't like this, giving me errors such as:
>>
>> E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed its 'Codename' value from 'buster' to 'bullseye'
>> N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
>>
>> So I read apt-secure(8), which gives no indication of how to "accept
>> this explicitly", and neither do any of the linked wiki pages.
>>
>> Any suggestions?
>>
>> (And obviously something needs changing so that people aren't stung
>> when bullseye is released.)
>
> Ah, turns out it's a known bug with aptitude.  The solution is to run
> "apt update", which interactively asks what to do with these changes.

If it's any comfort, I had the exact same problem.

It would be nice if the warning either pointed to the apt-get(8) man
page, where the solution can be found, or some hint was added to the
apt-secure(8) man page.

I found this section of the apt-secure(8) man page particularily
unhelpful:

  Since version 1.5 the user must therefore explicitly confirm changes
  to signal that the user is sufficiently prepared e.g. for the new
  major release of the distribution shipped in the repository (as
  e.g. indicated by the codename).


Those who cares which version this was added will read the changelog.
Those reading the man page are more likely looking for instructions, not
background info.


Bjørn

Reply | Threaded
Open this post in threaded view
|

Re: Apt-secure and upgrading to bullseye

Osamu Aoki
In reply to this post by Julian Gilbey-2
On Wed, Jul 10, 2019 at 12:31:51PM +0100, Julian Gilbey wrote:

> Hooray, buster's released!  Congrats to all!
>
> So I tried upgrading my machine to bullseye today, and
> aptitude/apt-get update don't like this, giving me errors such as:
>
> E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed its 'Codename' value from 'buster' to 'bullseye'
> N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
>
> So I read apt-secure(8), which gives no indication of how to "accept
> this explicitly", and neither do any of the linked wiki pages.
>
> Any suggestions?
>
> (And obviously something needs changing so that people aren't stung
> when bullseye is released.)

Slightly different but ...
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879786
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929248

I guess it may be worth to try along:

 $ sudo apt-get --allow-releaseinfo-change update

Osamu

Reply | Threaded
Open this post in threaded view
|

Re: Apt-secure and upgrading to bullseye

Julian Gilbey-2
In reply to this post by David Kalnischkies-4
On Wed, Jul 10, 2019 at 02:30:24PM +0200, David Kalnischkies wrote:

> Hi,
>
> On Wed, Jul 10, 2019 at 12:31:51PM +0100, Julian Gilbey wrote:
> > Hooray, buster's released!  Congrats to all!
>
> Indeed! ☺
>
> > E: Repository 'http://ftp.uk.debian.org/debian testing InRelease' changed its 'Codename' value from 'buster' to 'bullseye'
> > N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
>
> There are various reports about that against apt/aptitude, so I am not
> feeling like adding lots of duplicated content now, but the gist is:
>
> Either use "apt update" (it will ask an interactive question) or
> "apt-get update --allow-releaseinfo-change" (see apt-get manpage) or
> [least preferred option] set the config option
> Acquire::AllowReleaseInfoChange for basically any apt-based client.

Thanks to everyone for suggestions; I discovered "apt update" through
a Google search.

But I realised later that this is going to bite all users when they
come to upgrade from buster.  Perhaps some aptitude and apt-get
patches can go into a stable (buster) point release, so that fewer
users are hurt by this in 2-3 years' time?  It is quite a showstopper!

Best wishes,

   Julian

Reply | Threaded
Open this post in threaded view
|

Re: Apt-secure and upgrading to bullseye

Neil McGovern via nm
On Wed, Jul 10, 2019 at 07:51:18PM +0100, Julian Gilbey wrote:
> Thanks to everyone for suggestions; I discovered "apt update" through
> a Google search.
>

I've submitted a patch against the release notes to explicitly mention
this:
https://salsa.debian.org/ddp-team/release-notes/merge_requests/50

> But I realised later that this is going to bite all users when they
> come to upgrade from buster.  Perhaps some aptitude and apt-get
> patches can go into a stable (buster) point release, so that fewer
> users are hurt by this in 2-3 years' time?  It is quite a showstopper!
>

Given the release notes tell people to use "apt update", I'd be
interested to know if there was any documentation you read or followed
during the upgrade. If you didn't use the release notes, is there a
reason why? Could a tl;dr version make you more likely to read them?

Neil
--

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Apt-secure and upgrading to bullseye

The Wanderer
On 2019-07-10 at 15:03, Neil McGovern wrote:

> On Wed, Jul 10, 2019 at 07:51:18PM +0100, Julian Gilbey wrote:

>> But I realised later that this is going to bite all users when they
>> come to upgrade from buster.  Perhaps some aptitude and apt-get
>> patches can go into a stable (buster) point release, so that fewer
>> users are hurt by this in 2-3 years' time?  It is quite a
>> showstopper!
>
> Given the release notes tell people to use "apt update", I'd be
> interested to know if there was any documentation you read or
> followed during the upgrade. If you didn't use the release notes, is
> there a reason why? Could a tl;dr version make you more likely to
> read them?
For myself, no, a shorter/simplified version of the release notes
probably wouldn't have made me more likely to read them.

I track testing by that name (and have done so for well over a decade),
and dist-upgrade on at least a weekly basis, so I never actually upgrade
to a new release; I just start pulling from the new testing when the old
one moves out from under my feet to become stable.

Since I'm not upgrading to a new release, but just sticking with testing
as I've been doing all along, I wouldn't think to check release notes.
That's especially true just after the release of a new stable; at that
point, it's intuitively obvious that testing can't have release notes,
because until new package versions migrate from unstable the new testing
is *empty*. (Whether this intuition is accurate or not.)

As Julian apparently did, I only found the solution for this by a Google
search for the error message I was seeing - in my case, in what I recall
as being a months-old bug report, since it it hadn't been brought up
post-release on e.g. debian-user yet by then.

The release notes might be a valid place to document this for people
upgrading from oldstable-buster to stable-bullseye after the release of
bullseye, or even (if this would be applicable) switching from stable to
testing-bullseye midway through the release cycle; it's considerably
more reasonable to expect people to think to check release notes before
upgrading at those stages. But for people who are merely sticking with
testing, after the buster release just as after previous releases, the
release notes are IMO not an appropriate answer.


Also: I would have tried to reject a "just use 'apt update'" solution,
as you say the release notes propose, and kept searching for a way to do
it using apt-get - since that's my preferred client, and the idea of
switching clients just for a single task like this strikes me as
intuitively wrong somehow. In fact, it's possible that I *did* do that;
I remember skipping multiple search results which suggested only that
solution, and it's even possible that the release notes were one of them.

I'd have given in eventually if no "native" solution were to be found,
but since in this case one *does* exist, IMO it's not appropriate to
present only the solution which would require me to temporarily switch
clients.

David Kalnischkies presented three different solutions, suitable for
different clients, earlier in this thread. IMO, if the release notes
need to document any of them, they should document all - or, if it's
considered more reasonable to restrict the release notes to discussing
one single recommended client, there should be another document
somewhere which lists not only all of these solutions but (for
discoverability's sake) as many of the client-specific error messages as
may be practical. (For those clients which don't present the solution
themselves, of course.)

--
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man.         -- George Bernard Shaw


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Apt-secure and upgrading to bullseye

andreimpopescu
On Mi, 10 iul 19, 23:47:28, The Wanderer wrote:
>
> The release notes might be a valid place to document this for people
> upgrading from oldstable-buster to stable-bullseye after the release of
> bullseye, or even (if this would be applicable) switching from stable to
> testing-bullseye midway through the release cycle;

In my understanding of the issue it only affects users that already have
a source in their lists, but the source changes.

It shouldn't have any impact on buster users that upgrade to bullseye
*after* the release, because they are adding a new source.

The biggest impact at bullseye's release will be on buster users,
because buster will change from stable to oldstable.

It might also have some impact to buster users upgrading to bullseye
before the release, however, by then most package managers should be
updated to deal with this correctly.

Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Apt-secure and upgrading to bullseye

David Kalnischkies-4
In reply to this post by The Wanderer

As I have noted in my previous reply there are VARIOUS bugreports dealing
with different aspects of this, so rehashing it all lumped together on
d-d@ is not very productive and I would like to advice anyone seriously
interested in this to contribute to the relevant one instead.

And the rest can be happy as they were asking for "testing" and they got
to test something and the gathered test results are now being worked on…


On Wed, Jul 10, 2019 at 11:47:28PM -0400, The Wanderer wrote:
> For myself, no, a shorter/simplified version of the release notes
> probably wouldn't have made me more likely to read them.

Clients producing these errors can optionally also print a pointer to
the release notes btw, just in case that would nudge anyone to give them
a read, it was just not used for now for buster.

N: More information about this can be found online in the Release notes at: https://example.org/future


> it using apt-get - since that's my preferred client, and the idea of
> switching clients just for a single task like this strikes me as
> intuitively wrong somehow. In fact, it's possible that I *did* do that;

JFTR: apt and apt-get use the very same code for "update" via libapt.
In fact all package managers in Debian do, be it aptitude, synaptics or
your preferred software center [okay, there are exceptions, but if you
happen to use one you will know that].

As such you can mix and match apt clients as much as you like. The
difference is in the presentation: "apt" tries to be a little friendlier
in interactive usage while "apt-get" sticks to 'what it always did' as
much as it can without negative effects [= big bugs and security tend to
be the only reason for it changing drastically]. As it is usual for apt
clients there is an option for basically everything though. Setting the
options listed by the following command for apt-get as well will make it
behave as if it were apt: apt-config dump --no-empty Binary::apt

Binary::apt::APT::Get::Update::InteractiveReleaseInfoChanges "1"; being
responsible for the interactive question in update btw. APT is really
not as much magic as people believe… (but I might be biased 😉)


> different clients, earlier in this thread. IMO, if the release notes
> need to document any of them, they should document all - or, if it's

As an example, the current plan is to make the switch over for Suite
changes automatic – if some preconditions are satisfied. The discussion
about that isn't hard to find, but here you go: #931566. You are welcome
to add any good ideas not already present (that hopefully shows also
that this is a tiny bit more complex than it looks at first).


Best regards

David Kalnischkies

signature.asc (849 bytes) Download Attachment