adding a debian repository from open build service
Hi, I try to add my home project's repo to a debian installation and did: sudo add-apt-repository https://download.opensuse.org/repositories/home:/behrisch/Debian_11/ sudo apt update and got the following error: apt update Hit:1 http://deb.debian.org/debian bullseye InRelease Hit:2 http://security.debian.org/debian-security bullseye-security InRelease Hit:3 http://deb.debian.org/debian bullseye-updates InRelease Ign:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 bullseye InRelease Err:5 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 bullseye Release 404 Not Found [IP: 195.135.221.134 443] Reading package lists... Done E: The repository 'https://download.opensuse.org/repositories/home:/behrisch/Debian_11 bullseye Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. The repository has a Release file and I can also retrieve it (using wget for instance). Reading the apt-secure manpage I thought it might be an issue with authentication but "apt update --allow-unauthenticated" gives the same error. I also tried it with ubuntu with the same results. Adding ubuntu ppas from launchpad works however. Thanks for any hints! Best regards, Michael
This is a mirrorcache problem. The files in the directory aren't available from any mirror yet, which you can see from the fact that https://mirrorcache.opensuse.org/repositories/home:/behrisch/Debian_11/Relea... doesn't work. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1 "And now for something completely different."
Am 24.01.22 um 22:20 schrieb Andreas Schwab:
This is a mirrorcache problem. The files in the directory aren't available from any mirror yet, which you can see from the fact that https://mirrorcache.opensuse.org/repositories/home:/behrisch/Debian_11/Relea... doesn't work.
Thanks for the fast answer. Can I do something about it or just wait? Best regards, Michael
How do I unsubscribe from this list?
On Tue, 25 Jan 2022 at 06:56, Michael Behrisch
Am 24.01.22 um 22:20 schrieb Andreas Schwab:
This is a mirrorcache problem. The files in the directory aren't available from any mirror yet, which you can see from the fact that
https://mirrorcache.opensuse.org/repositories/home:/behrisch/Debian_11/Relea...
doesn't work.
Thanks for the fast answer. Can I do something about it or just wait?
Best regards, Michael
Hi, Am 25.01.22 um 06:56 schrieb Michael Behrisch:
Am 24.01.22 um 22:20 schrieb Andreas Schwab:
This is a mirrorcache problem. The files in the directory aren't available from any mirror yet, which you can see from the fact that https://mirrorcache.opensuse.org/repositories/home:/behrisch/Debian_11/Relea...
doesn't work.
Thanks for the fast answer. Can I do something about it or just wait?
Waiting did not help. The link to the mirrorcache above now at least returns something but the error message ist still the same. Anything I can do? Best regards, Michael
On Mon, Mar 7, 2022 at 6:55 AM Michael Behrisch
Hi,
Am 25.01.22 um 06:56 schrieb Michael Behrisch:
Am 24.01.22 um 22:20 schrieb Andreas Schwab:
This is a mirrorcache problem. The files in the directory aren't available from any mirror yet, which you can see from the fact that https://mirrorcache.opensuse.org/repositories/home:/behrisch/Debian_11/Relea...
doesn't work.
Thanks for the fast answer. Can I do something about it or just wait?
Waiting did not help. The link to the mirrorcache above now at least returns something but the error message ist still the same. Anything I can do?
The repository definition is wrong in your apt sources. Write instead to /etc/apt/sources.list.d/home-behrisch-deb11.sources: Types: deb URIs: https://download.opensuse.org/repositories/home:/behrisch/Debian_11/ Suites: ./ You will also need to import the GPG key at: https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release.... That should fix it. -- 真実はいつも一つ!/ Always, there's only one truth!
Am 07.03.22 um 13:31 schrieb Neal Gompa:
Waiting did not help. The link to the mirrorcache above now at least returns something but the error message ist still the same. Anything I can do?
The repository definition is wrong in your apt sources.
Write instead to /etc/apt/sources.list.d/home-behrisch-deb11.sources:
Types: deb URIs: https://download.opensuse.org/repositories/home:/behrisch/Debian_11/ Suites: ./
You will also need to import the GPG key at: https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release....
Thank you very much that took me one step further! After doing wget https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release.... sudo apt-key add Release.key sudo apt update I now get: Hit:1 http://deb.debian.org/debian bullseye InRelease Hit:2 http://security.debian.org/debian-security bullseye-security InRelease Hit:3 http://deb.debian.org/debian bullseye-updates InRelease Get:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease [1224 B] Err:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease The following signatures were invalid: 22E0D9DAE3D63FCBA97AB99956DFF5B0559BC40E Reading package lists... Done W: GPG error: https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease: The following signatures were invalid: 22E0D9DAE3D63FCBA97AB99956DFF5B0559BC40E E: The repository 'https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. More ideas are welcome :-) Thank you in advance, Michael
Am 07.03.22 um 16:22 schrieb Michael Behrisch:
After doing wget https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release....
sudo apt-key add Release.key sudo apt update
I now get:
Hit:1 http://deb.debian.org/debian bullseye InRelease Hit:2 http://security.debian.org/debian-security bullseye-security InRelease Hit:3 http://deb.debian.org/debian bullseye-updates InRelease Get:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease [1224 B] Err:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease The following signatures were invalid: 22E0D9DAE3D63FCBA97AB99956DFF5B0559BC40E Reading package lists... Done W: GPG error: https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease: The following signatures were invalid: 22E0D9DAE3D63FCBA97AB99956DFF5B0559BC40E E: The repository 'https://download.opensuse.org/repositories/home:/behrisch/Debian_11 ./ InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
Sorry for reviving this old thread but I still did not get it working. I worked around the signature issue by using the following line in sources.list (it is for ubuntu but the errors for debian look the same): deb [trusted=yes] https://download.opensuse.org/repositories/home:/behrisch/xUbuntu_20.04 ./ but it still gives a warning and of course I do not want to force the user to add insecure sources. Any ideas? (The documentation here: https://en.opensuse.org/openSUSE:Build_Service_Debian_builds#Adding_the_apt-... at least seems to be outdated.) Thank you, Michael
Hello Michael, * On Mon, Jul 18, 2022 at 08:33:46AM +0200 Michael Behrisch wrote:
Sorry for reviving this old thread but I still did not get it working. I worked around the signature issue by using the following line in sources.list (it is for ubuntu but the errors for debian look the same): deb [trusted=yes] https://download.opensuse.org/repositories/home:/behrisch/xUbuntu_20.04 ./ but it still gives a warning and of course I do not want to force the user to add insecure sources. Any ideas?
Something like this should work: curl -fsSL https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release.... | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_behrisch.gpg > /dev/null If you enable the download of Debian packages, OBS will give you the detailed and correct instructions on its own. For example, on my home, it gives me this: https://software.opensuse.org//download.html?project=home%3Astrik&package=cc65 Viele Grüße Spiro -- Spiro R. Trikaliotis https://spiro.trikaliotis.net/
Hi Spiro, Am 18.07.22 um 08:46 schrieb Spiro Trikaliotis:
curl -fsSL https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release.... | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_behrisch.gpg > /dev/null
If you enable the download of Debian packages, OBS will give you the detailed and correct instructions on its own.
For example, on my home, it gives me this: https://software.opensuse.org//download.html?project=home%3Astrik&package=cc65
thanks for the instructions! I never noticed that it is directly on the download page. Actually it works if I use your repo but not with mine. I still get "Signature invalid" errors, so there might be really a problem with my signature. Can I update it somehow? Best regards, Michael
Hello Michael, * On Tue, Jul 19, 2022 at 08:28:35AM +0200 Michael Behrisch wrote:
Actually it works if I use your repo but not with mine. I still get "Signature invalid" errors, so there might be really a problem with my signature. Can I update it somehow?
You are right, but I am not sure WHY this happens. I added your repository in a Debian VM, I get the signature problems. Now, the interesting part: $ wget https://download.opensuse.org/repositories/home:/behrisch/Debian_11/InReleas... $ wget https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release $ wget https://download.opensuse.org/repositories/home:/behrisch/Debian_11/Release.... # gpg --no-default-keyring --keyring /etc/apt/trusted.gpg.d/home_behrisch.gpg --verify InRelease gpg: Signatur vom Di 19 Jul 2022 17:04:46 CEST gpg: mittels DSA-Schlüssel 56DFF5B0559BC40E gpg: Korrekte Signatur von "home:behrisch OBS Project home:behrisch@build.opensuse.org" [unbekannt] gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = 22E0 D9DA E3D6 3FCB A97A B999 56DF F5B0 559B C40E # gpg --no-default-keyring --keyring /etc/apt/trusted.gpg.d/home_behrisch.gpg --verify /var/lib/apt/lists/partial/download.opensuse.org_repositories_home\:_behrisch_Debian%5f11_InRelease gpg: Signatur vom Di 19 Jul 2022 17:04:46 CEST gpg: mittels DSA-Schlüssel 56DFF5B0559BC40E gpg: Korrekte Signatur von "home:behrisch OBS Project home:behrisch@build.opensuse.org" [unbekannt] gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = 22E0 D9DA E3D6 3FCB A97A B999 56DF F5B0 559B C40E # gpg --no-default-keyring --keyring /etc/apt/trusted.gpg.d/home_behrisch.gpg --verify Release.gpg Release gpg: Signatur vom Di 19 Jul 2022 17:04:46 CEST gpg: mittels DSA-Schlüssel 56DFF5B0559BC40E gpg: Korrekte Signatur von "home:behrisch OBS Project home:behrisch@build.opensuse.org" [unbekannt] gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = 22E0 D9DA E3D6 3FCB A97A B999 56DF F5B0 559B C40E # gpg --no-default-keyring --keyring /etc/apt/trusted.gpg.d/home_strik.gpg --verify /var/lib/apt/lists/download.opensuse.org_repositories_home\:_strik_Debian%5f11_InRelease gpg: Signatur vom Di 19 Jul 2022 19:53:17 CEST gpg: mittels RSA-Schlüssel 5648F685941B3F8F gpg: Korrekte Signatur von "home:strik OBS Project home:strik@build.opensuse.org" [unbekannt] gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = 4A96 F212 11DF 78D0 4CE1 5FC5 5648 F685 941B 3F8F Ok, the signatures are correct. # cat /etc/apt/sources.list.d/behrisch.list #deb [signed-by=/etc/apt/trusted.gpg.d/home_behrisch.gpg] https://download.opensuse.org/repositories/home:/behrisch/Debian_11/ / deb https://download.opensuse.org/repositories/home:/behrisch/Debian_11/ / Note the commented-out line (#deb) where I added a signed-by to hint apt which key to use; it does not work, either, if I use that line instead of the line below. However: # LANG=C apt update Hit:1 http://deb.debian.org/debian bullseye InRelease Hit:2 http://security.debian.org/debian-security bullseye-security InRelease Get:3 https://download.opensuse.org/repositories/home:/strik/Debian_11 InRelease [1526 B] Get:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 InRelease [1224 B] Err:4 https://download.opensuse.org/repositories/home:/behrisch/Debian_11 InRelease The following signatures were invalid: 22E0D9DAE3D63FCBA97AB99956DFF5B0559BC40E Reading package lists... Done W: GPG error: https://download.opensuse.org/repositories/home:/behrisch/Debian_11 InRelease: The following signatures were invalid: 22E0D9DAE3D63FCBA97AB99956DFF5B0559BC40E E: The repository 'https://download.opensuse.org/repositories/home:/behrisch/Debian_11 InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. You see, my signature (home:/strik) is accepted, while your (home:/behrisch) is not. Now, the download InRelease file is correct, too: # gpg --no-default-keyring --keyring /etc/apt/trusted.gpg.d/home_behrisch.gpg --verify /var/lib/apt/lists/partial/download.opensuse.org_repositories_home\:_behrisch_Debian%5f11_InRelease gpg: Signatur vom Di 19 Jul 2022 17:04:46 CEST gpg: mittels DSA-Schlüssel 56DFF5B0559BC40E gpg: Korrekte Signatur von "home:behrisch OBS Project home:behrisch@build.opensuse.org" [unbekannt] gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = 22E0 D9DA E3D6 3FCB A97A B999 56DF F5B0 559B C40E This can be proved with a hash, too: # sha256sum /var/lib/apt/lists/partial/download.opensuse.org_repositories_home\:_behrisch_Debian%5f11_InRelease InRelease 9575e3d96428ff24ecc302fb882bed37d9b96801ff5239292863021adaedf19e /var/lib/apt/lists/partial/download.opensuse.org_repositories_home:_behrisch_Debian%5f11_InRelease 9575e3d96428ff24ecc302fb882bed37d9b96801ff5239292863021adaedf19e InRelease I am not sure if this is a problem of OBS or a problem of apt in this case. At the moment, I would believe more of a problem of apt here. Even "moving /var/lib/apt/lists/ out of the way" and doing a fresh apt update does not solve the problem, nor does using apt-get or aptitude. I also checked the user, group and access rights of the files in /etc/apt/sources.list.d/ and /etc/apt/trusted.gpg.d/; I cannot see any differences between your and my files. I am sorry, I cannot help you here. As I am thinking more of a Debian problem than of a OBS problem, I would consider changing to the debian-user-german mailing list for this specific problem. They might have some ideas, hints or similar on what is going on here. Regards, Spiro -- Spiro R. Trikaliotis https://spiro.trikaliotis.net/
participants (5)
-
Andreas Schwab -
Michael Behrisch -
Neal Gompa -
Robert Lindgren -
Spiro Trikaliotis