:: Re: [DNG] updating postgresql and x…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: o1bigtenor
Date:  
CC: Devuan ML
Sujet: Re: [DNG] updating postgresql and x2go using apt
On Sun, Aug 25, 2024 at 7:30 PM Tom via Dng <dng@???> wrote:

>
>
> > On 26 Aug 2024, at 07:23, o1bigtenor via Dng <dng@???> wrote:
> >
>
> Postgresql changes worked well - - - thank you!



> >> For x2go - - it seems to be a different kind of problem.
> >> Following is the error message.
> >>
> >> W: An error occurred during the signature verification. The repository
> is not updated and the previous index files will be used. GPG error:
> http://packages.x2go.org/debian bullseye InRelease: The following
> signatures couldn't be verified because the public key is not available:
> NO_PUBKEY E1F958385BFE2B6E
> >>
> >> Sadly x2gos docs are rather outdated and I can't find a way to update
> what I have to what is needed.
> >>
> >> Is there some apt guru who would be able to advise?
> >
> > That error suggests you haven’t installed their repository gpg key
> correctly. Unfortunately their docs appear to be a bit outdated and suggest
> using apt-key which is either deprecated or no longer working.
> >
> > https://wiki.x2go.org/doku.php/wiki:repositories:debian
> >
> > sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --no-default-keyring
> --keyring /etc/apt/keyrings/x2go.gpg --recv-keys E1F958385BFE2B6E
> >
> > It should download the gpg key into /etc/apt/keyrings. I coped the gpg
> fingerprint from their docs but I’m not sure it’s in the correct format.
> Try and see if it works.
> >
> > Then update the first part of each line in the x2go.sources file to use
> the gpg key:
> >
> > deb [signed-by=/etc/apt/keyrings/x2go.gpg]
> >
> >
> > The problem is that keyrings have been deprecated.
> > Instead one is to use trusted.gpg.d which is different.
> > I have not been able to find a way to add the whatevers to
> /etc/apt/trusted.gpg.d which is where things are supposed to be placed now.
> > (Noticed that you are using keyserver.ubuntu - - - you did notice that I
> was doing this on a Devuan system - - - yes?)
>
> Keyrings are not deprecated. The `apt-key` tool is what was deprecated,
> and that was just a convenience to allow easily adding multiple gpg keys
> into the one keyring for apt to use. The problem with that method is that
> any provided gpg key would then be available for trusting all of the
> configured apt sources on a system. The new current recommendation is to
> save each repository gpg key as a separate file and get each apt sources
> config to specify which individual key file it will use for trust purposes.
>
> The reason why /etc/apt/trusted.gpg.d is not used is because key files in
> that location are also “trusted” by apt for any/all configured sources, so
> you would be unable to prevent one key from trusting the wrong repository.
>
> Cloudflare blog has a good overview on why these changes were necessary:
> https://blog.cloudflare.com/dont-use-apt-key/
>
> This is why we need to run `gpg` manually to download the key into a
> single file `/etc/apt/keyrings/x2go.gpg`. We can then tell the sources list
> entries to specify that key file as the trusted key for the x2go apt
> sources.
>
> Looking at the x2go documentation page
> https://wiki.x2go.org/doku.php/wiki:repositories:debian, they provide an
> example sources.list file for release builds:
>
> # X2Go Repository (release builds)
> deb http://packages.x2go.org/debian bookworm extras main
> # X2Go Repository (sources of release builds)
> deb-src http://packages.x2go.org/debian bookworm extras main
>
>
> You would change this to:
>
> # X2Go Repository (release builds)
> deb [signed-by=/etc/apt/keyrings/x2go.gpg] http://packages.x2go.org/debian
> bookworm extras main
> # X2Go Repository (sources of release builds)
> deb-src [signed-by=/etc/apt/keyrings/x2go.gpg]
> http://packages.x2go.org/debian bookworm extras main
>
> And save it as /etc/apt/sources.list.d/x2go.list.
>
>
> Then download the key file and export it to a .gpg file:
>
> gpg --keyserver keyserver.ubuntu.com --recv-keys E1F958385BFE2B6E
> gpg --export E1F958385BFE2B6E > /etc/apt/keyrings/x2go.gpg
>
>
> I tested this in a Devuan Daedalus VM and this was the easiest way to get
> the key working. Download it into the default user keyring and then export
> it to the .gpg file. The url for keyserver.ubuntu.com has nothing
> specifically to do with Ubuntu here. We are just using their public PGP
> key server to download the key file. You could also replace that with
> pgp.mit.edu, keys.gnupg.net, or any other public PGP key server that has
> the key available.
>
> One other minor point that may be confusing. The cloudflare blog says to
> save the gpg key file into `/usr/share/keyrings`. Debian documentation at
> https://wiki.debian.org/DebianRepository/UseThirdParty says
> `/usr/share/keyrings` should be reserved for package-provided key files and
> `/etc/apt/keyrings` for manually provided key files so we use that instead.
>
> # apt update

E: Conflicting values set for option Signed-By regarding source
http://packages.x2go.org/debian/ bookworm: /var/lib/extrepo/keys/x2go.asc
!= /etc/apt/keyrings/x2go.gpg
E: The list of sources could not be read.

Have tried deleting both /var/lib/extrepo/keys/s2g0/asc and
/etc/apt/keyrings/x2go.gpg one at a time and
trying apt update after each and no better success.

Something still is blocking things!

(I use x2go quite a bit or I'd dump it due to its 'whatever'.)

Further ideas?

TIA