Florian Kulzer wrote:
> On Sun, Feb 15, 2009 at 08:47:06 -0600, Kent West wrote:
>
>>> 2009/2/15 Kent West:
>>>
>>> Should this be happening?
>>>
>
> [...]
>
>
>> westk[@]goshen]:/home/westk:> sudo apt-get update
>> Password:
>>
>
> [...]
>
>
>> W: There is no public key available for the following key IDs:
>> 4D270D06F42584E6
>> W: You may want to run apt-get update to correct these problems
>>
>
> Check the version of your debian-archive-keyring package; the newest one
> (2009.01.31) has this key:
>
> $ gpg --keyring /usr/share/keyrings/debian-archive-keyring.gpg --list-key 4D270D06F42584E6
> pub 1024D/F42584E6 2008-04-06 [expires: 2012-05-15]
> uid Lenny Stable Release Key <debian-release AT lists DOT debian DOT org>
>
>
On my etch box, this package was not installed. So I installed it (and
most all, if not all, of Gnome was removed as part of the process
(?!!)). Now I have this version:
Sun Feb 15 11:35:06
-------------
westk[@]goshen]:/home/westk:> sudo aptitude show debian-archive-keyring
Unable to find an archive "stable" for the package "debian-archive-keyring"
Package: debian-archive-keyring
State: installed
Automatically installed: no
Version: 2007.07.31~etch1
Priority: important
Section: misc
Maintainer: Michael Vogt <mvo@debian.org>
Uncompressed Size: 57.3k
Depends: gnupg (>= 1.0.6-4)
Description: GnuPG archive keys of the Debian archive
The Debian project digitally signs its Release files. This package
contains the archive keys used for that.
And if I enable Lenny in my sources.list and do another update, I still
have the same problem.
So it seems to me that there's no ("normal, everyday-user") way to
validate that the Lenny packages are valid without first installing a
Lenny package which you can't be sure is valid.
Am I missing something?
Thanks!
--
Kent West <")))><
Westing Peacefully - http://kentwest.blogspot.com
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
02-15-2009, 05:01 PM
"H.S."
Lenny?
The release news is already on Slashdot.
http://linux.slashdot.org/article.pl?sid=09/02/14/1952222
--
Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
02-15-2009, 05:29 PM
Florian Kulzer
Lenny?
On Sun, Feb 15, 2009 at 11:38:45 -0600, Kent West wrote:
> Florian Kulzer wrote:
> > On Sun, Feb 15, 2009 at 08:47:06 -0600, Kent West wrote:
[...]
> >> westk[@]goshen]:/home/westk:> sudo apt-get update
> >> Password:
> >>
> >
> > [...]
> >
> >
> >> W: There is no public key available for the following key IDs:
> >> 4D270D06F42584E6
> >> W: You may want to run apt-get update to correct these problems
> >>
> >
> > Check the version of your debian-archive-keyring package; the newest one
> > (2009.01.31) has this key:
[...]
> On my etch box, this package was not installed. So I installed it (and
> most all, if not all, of Gnome was removed as part of the process
> (?!!)).
I cannot see how the debian-archive-keyring would trigger the removal of
Gnome packages, therefore I would guess that this is the symptom of an
unrelated problem. What happens if you try to install Gnome again
(assuming that you want it back)?
> Now I have this version:
>
> Sun Feb 15 11:35:06
> -------------
> westk[@]goshen]:/home/westk:> sudo aptitude show debian-archive-keyring
> Unable to find an archive "stable" for the package "debian-archive-keyring"
> Package: debian-archive-keyring
> State: installed
> Automatically installed: no
> Version: 2007.07.31~etch1
[...]
> And if I enable Lenny in my sources.list and do another update, I still
> have the same problem.
>
> So it seems to me that there's no ("normal, everyday-user") way to
> validate that the Lenny packages are valid without first installing a
> Lenny package which you can't be sure is valid.
>
> Am I missing something?
The Release files have two signatures at the moment to facilitate the
transition:
Your apt keyring should contain A70DAF536070D3A1 ("Debian Archive
Automatic Signing Key (4.0/etch)") as a trusted key, so apt(itude)
should be able to verify one of the signatures. That is good enough
because you are trusting the Etch key already anyway. As long as
apt(itude) does not complain that a package is "untrusted" you can be
sure that there is at least one trusted signature vouching for it. (This
assumes that you did not change the default configuration regarding
verification of package integrity.) The post-installation script of the
new version of debian-archive-keyring will add the Lenny key to apt's
keyring automatically so that you are ready for the future. (The Etch
key expires on 2009-07-01.)
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
02-15-2009, 05:38 PM
Bob Cox
Lenny?
On Sun, Feb 15, 2009 at 11:38:45 -0600, Kent West (westk@acu.edu) wrote:
> On my etch box, this package was not installed. So I installed it (and
> most all, if not all, of Gnome was removed as part of the process
> (?!!)). Now I have this version:
>
> Sun Feb 15 11:35:06
> -------------
> westk[@]goshen]:/home/westk:> sudo aptitude show debian-archive-keyring
(no need for root privileges for aptitude show)
> Unable to find an archive "stable" for the package "debian-archive-keyring"
> Package: debian-archive-keyring
> State: installed
> Automatically installed: no
> Version: 2007.07.31~etch1
> Priority: important
> Section: misc
> Maintainer: Michael Vogt <mvo@debian.org>
> Uncompressed Size: 57.3k
> Depends: gnupg (>= 1.0.6-4)
> Description: GnuPG archive keys of the Debian archive
> The Debian project digitally signs its Release files. This package
> contains the archive keys used for that.
>
> Tags: admin::file-distribution, role::data, security::authentication,
> suite::debian
>
>
> And if I enable Lenny in my sources.list and do another update, I still
> have the same problem.
>
> So it seems to me that there's no ("normal, everyday-user") way to
> validate that the Lenny packages are valid without first installing a
> Lenny package which you can't be sure is valid.
>
> Am I missing something?
The package is there in stable, testing and unstable as far as I can
see. Perhaps the mirror you are using has been slow to update.
--
Bob Cox. Stoke Gifford, near Bristol, UK.
Please reply to the list only. Do NOT send copies directly to me.
Debian on the NSLU2: http://bobcox.com/slug/
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
02-15-2009, 06:02 PM
Kent West
Lenny?
Bob Cox wrote:
> On Sun, Feb 15, 2009 at 11:38:45 -0600, Kent West (westk@acu.edu) wrote:
>
>
>> On my etch box, this package was not installed. So I installed it (and
>> most all, if not all, of Gnome was removed as part of the process
>> (?!!)). Now I have this version:
>>
>> Sun Feb 15 11:35:06
>> -------------
>> westk[@]goshen]:/home/westk:> sudo aptitude show debian-archive-keyring
>>
>
> (no need for root privileges for aptitude show)
>
>
>> Unable to find an archive "stable" for the package "debian-archive-keyring"
>> Package: debian-archive-keyring
>> State: installed
>> Automatically installed: no
>> Version: 2007.07.31~etch1
>> Priority: important
>> Section: misc
>> Maintainer: Michael Vogt <mvo@debian.org>
>> Uncompressed Size: 57.3k
>> Depends: gnupg (>= 1.0.6-4)
>> Description: GnuPG archive keys of the Debian archive
>> The Debian project digitally signs its Release files. This package
>> contains the archive keys used for that.
>>
>> Tags: admin::file-distribution, role::data, security::authentication,
>> suite::debian
>>
>>
>> And if I enable Lenny in my sources.list and do another update, I still
>> have the same problem.
>>
>> So it seems to me that there's no ("normal, everyday-user") way to
>> validate that the Lenny packages are valid without first installing a
>> Lenny package which you can't be sure is valid.
>>
>> Am I missing something?
>>
>
> The package is there in stable, testing and unstable as far as I can
> see. Perhaps the mirror you are using has been slow to update.
>
> bob@trantor:~$ apt-cache policy debian-archive-keyring
> debian-archive-keyring:
> Installed: 2009.01.31
> Candidate: 2009.01.31
> Version table:
> *** 2009.01.31 0
> 990 http://ftp.uk.debian.org testing/main Packages
> 500 http://ftp.uk.debian.org stable/main Packages
> 500 http://ftp.uk.debian.org unstable/main Packages
> 100 /var/lib/dpkg/status
>
>
Sun Feb 15 12:57:14
-------------
westk[@]goshen]:/home/westk:> sudo nano /etc/apt/sources.list
Password:
#
# deb cdrom:[Debian GNU/Linux testing _Etch_ - Official Beta i386
NETINST Binary-1 20070326-09:02]/ etch contrib main
#deb http://ftp.debian.org/debian/ lenny main
deb http://ftp.debian.org/debian/ etch main
#deb http://ftp.debian.org/debian/ testing main
#deb http://ftp.debian.org/debian/ unstable main
#deb http://security.debian.org/ lenny/updates main contrib
deb http://security.debian.org/ etch/updates main contrib
Sun Feb 15 12:57:55
-------------
westk[@]goshen]:/home/westk:> sudo aptitude update
Get:1 http://security.debian.org etch/updates Release.gpg [189B]
Hit http://security.debian.org etch/updates Release
Ign http://security.debian.org etch/updates/main Packages/DiffIndex
Ign http://security.debian.org etch/updates/contrib Packages/DiffIndex
Hit http://security.debian.org etch/updates/main Packages
Hit http://security.debian.org etch/updates/contrib Packages
Get:2 http://ftp.debian.org etch Release.gpg [386B]
Hit http://ftp.debian.org etch Release
Ign http://ftp.debian.org etch/main Packages/DiffIndex
Hit http://ftp.debian.org etch/main Packages
Fetched 2B in 0s (2B/s)
Reading package lists... Done
Sun Feb 15 12:57:59
-------------
westk[@]goshen]:/home/westk:> apt-cache policy debian-archive-keyring
debian-archive-keyring:
Installed: 2007.07.31~etch1
Candidate: 2007.07.31~etch1
Version table:
*** 2007.07.31~etch1 0
500 http://ftp.debian.org etch/main Packages
100 /var/lib/dpkg/status
Sun Feb 15 12:58:04
-------------
westk[@]goshen]:/home/westk:> sudo aptitude install debian-archive-keyring
Reading package lists... Done
Building dependency tree... Done
Reading extended state information
Initializing package states... Done
Reading task descriptions... Done
Building tag database... Done
The following packages have been kept back:
tzdata
0 packages upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 0B of archives. After unpacking 0B will be used.
Writing extended state information... Done
Sun Feb 15 13:00:30
-------------
westk[@]goshen]:/home/westk:> apt-cache show debian-archive-keyring
Package: debian-archive-keyring
Priority: important
Section: misc
Installed-Size: 56
Maintainer: Michael Vogt <mvo@debian.org>
Architecture: all
Version: 2007.07.31~etch1
Depends: gnupg (>= 1.0.6-4)
Filename:
pool/main/d/debian-archive-keyring/debian-archive-keyring_2007.07.31~etch1_all.deb
Size: 9318
MD5sum: 46d0ba96a62b75573fe8c5fe59ab20b7
SHA1: f60d46e921a69108eaa97e4c12d4be83a5c79e0d
SHA256: 2a7d7e9c9a5afc9b6026ba10ff9c78b0d57be5005f76f7d78b 58827ed32ae725
Description: GnuPG archive keys of the Debian archive
The Debian project digitally signs its Release files. This package
contains the archive keys used for that.
Tag: admin::file-distribution, role::data, security::authentication,
suite::debian
--
Kent West <")))><
Westing Peacefully - http://kentwest.blogspot.com
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
02-15-2009, 06:18 PM
Bob Cox
Lenny?
On Sun, Feb 15, 2009 at 13:02:04 -0600, Kent West (westk@acu.edu) wrote:
> > The package is there in stable, testing and unstable as far as I can
> > see. Perhaps the mirror you are using has been slow to update.
> >
> > bob@trantor:~$ apt-cache policy debian-archive-keyring
> > debian-archive-keyring:
> > Installed: 2009.01.31
> > Candidate: 2009.01.31
> > Version table:
> > *** 2009.01.31 0
> > 990 http://ftp.uk.debian.org testing/main Packages
> > 500 http://ftp.uk.debian.org stable/main Packages
> > 500 http://ftp.uk.debian.org unstable/main Packages
> > 100 /var/lib/dpkg/status
If it helps, it does look like the 2007.07.31 version for etch you are
quoting is correct:
--
Bob Cox. Stoke Gifford, near Bristol, UK.
Please reply to the list only. Do NOT send copies directly to me.
Debian on the NSLU2: http://bobcox.com/slug/
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
02-15-2009, 06:39 PM
Kent West
Lenny?
Bob Cox wrote:
> On Sun, Feb 15, 2009 at 13:02:04 -0600, Kent West (westk@acu.edu) wrote:
>
>
>>> The package is there in stable, testing and unstable as far as I can
>>> see. Perhaps the mirror you are using has been slow to update.
>>>
>>> bob@trantor:~$ apt-cache policy debian-archive-keyring
>>> debian-archive-keyring:
>>> Installed: 2009.01.31
>>> Candidate: 2009.01.31
>>> Version table:
>>> *** 2009.01.31 0
>>> 990 http://ftp.uk.debian.org testing/main Packages
>>> 500 http://ftp.uk.debian.org stable/main Packages
>>> 500 http://ftp.uk.debian.org unstable/main Packages
>>> 100 /var/lib/dpkg/status
>>>
>
> If it helps, it does look like the 2007.07.31 version for etch you are
> quoting is correct:
>
> http://packages.debian.org/search?suite=etch&keywords=debian-archive-keyring
>
So I am correct in believing that someone who is upgrading from an etch
stable system to Lenny will be presented with this quandary that he
can't trust the Lenny repository until he first trusts the Lenny repository?
Seems like an oversight to me, but I'm pretty ignorant, so maybe not.
--
Kent West <")))><
Westing Peacefully - http://kentwest.blogspot.com
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
02-15-2009, 08:12 PM
"Boyd Stephen Smith Jr."
Lenny?
On Sunday 15 February 2009 13:39:16 Kent West wrote:
> So I am correct in believing that someone who is upgrading from an etch
> stable system to Lenny will be presented with this quandary that he
> can't trust the Lenny repository until he first trusts the Lenny
> repository?
No, they will get the error/warning that one of the two signatures is from a
key that is not in the keyring. Aptitude, apt, etc. will still report the
packages as trusted (and not further complain) since one of the signatures is
good and trusted.
As part of the upgrade to Lenny, you'll get the second key added to your
trusted keyring and both the the two signatures will be good and trusted until
Debian drops the signature made with the old key from the mirrors. (The old
key expires in June, I think.)
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
02-15-2009, 08:35 PM
Charlie
Lenny?
On Mon, 16 Feb 2009, H.S. engaged keyboard and shared this with us all:
>--}
>--} The release news is already on Slashdot.
>--} http://linux.slashdot.org/article.pl?sid=09/02/14/1952222
>--}
<snip>
Just wondering; if Lenny has been released, I just wonder why I'm still
getting this?
After doing # apt-get update
Then get this: # apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
bind9-host ghostscript libbind9-40 libgs8 libisccc40 libisccfg40 liblwres40
0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
Then do this: # apt-get dselect-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
cups cups-driver-gutenprint cupsys cupsys-driver-gutenprint epstool
foomatic-db-gutenprint ghostscript ghostscript-x gs-esp gs-gpl gv
ijsgutenprint ps2eps
pstoedit pstotext scribus
The following NEW packages will be installed:
libdns45 libisc45
The following packages will be upgraded:
bind9-host libbind9-40 libgs8 libisccc40 libisccfg40 liblwres40
6 upgraded, 2 newly installed, 16 to remove and 0 not upgraded.
Need to get 3123kB of archives.
After this operation, 93.2MB disk space will be freed.
Do you want to continue [Y/n]?
I don't want to remove those packages unless there are replacements?
What am I missing?
Charlie
--
Registered Linux User:- 329524
***********************************************
Man is the only animal for whom his own existence is a problem which he has to
solve. ................Erich Fromm
***********************************************
Debian, just the best way to create magic
_______________________________________________
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
02-15-2009, 10:18 PM
"Boyd Stephen Smith Jr."
Lenny?
On Sunday 15 February 2009 15:35:42 Charlie wrote:
> After doing # apt-get update
> Then get this: # apt-get upgrade
> Then do this: # apt-get dselect-upgrade
> What am I missing?
Try 'aptitude dist-upgrade'. Aptitude is the preferred package manager since
at least Etch.
However, you should see the Lenny release notes for the proper way to upgrade.
In general, you should update 'dpkg', 'apt', and 'aptitude' to their Lenny
versions before updating everything.
If, for some reason, aptitude also wants to remove some packages, we can
troubleshoot better from there. If we need to troubleshoot, the output of
'apt-cache policy', 'aptitude install', 'aptitude upgrade', and 'aptitude
dist-upgrade' would probably be the best start.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
Lenny?
