sources.list confusion.

golinux · 2020-01-29 20:10:23

@mmaglis . . . Thanks for taking the initiative to find that. I knew it existed and was going to suggest searching for it but thought better of it since I was not inclined to do so myself. IIUC (that's certainly not a given), all the packages are signed so should be secure even without https.

Head_on_a_Stick · 2020-02-19 15:43:48

ghaverla wrote:

Ideas?

Firewall?

And I think this should have it's own thread, hi-jacking an official announcement thread seems a bit rude.

xinomilo · 2020-02-20 10:09:20

Head_on_a_Stick wrote:

Note that the apt-transport-https package is needed to take advantage of https sources.

this is only required in ascii. since apt >1.5 (beowulf) it's already included in apt, and that package is just transitional & can go away

xinomilo · 2020-02-20 10:38:45

tails uses only https iirc : https://tails.boum.org/contribute/how/mirror/
and their RR still fails, just like devuan : eg. https://dl.amnesia.boum.org/
that makes sense, otherwise devuan would have to share private keys with mirrors, which is of course out of the question.

about https://deb.debian.org , i think it only has one -sponsored- mirror and that's why it works ok.

in all mirror cases i've seen so far, if you want to use apt through https, pick a mirror that supports it..

bai4Iej2need · 2023-05-05 13:48:05

golinux wrote:

Hear ye, hear ye intrepid Devuan users!!
Please use deb.devuan.org in your sources list with http NOT https. It is a round-robin of all available Devuan package mirrors.
...
Finally . . . all Devuan mirrors pull from pkgmaster.devuan.org so please do not add extra load by using it in your sources.list. Use the round-robin - deb.devuan.org - instead.
golinux

I made today a fresh install using the devuan_chimaera_4.0.0_amd64_netinstall.iso,
devuan_chimaera_4.0.0_amd64_netinstall.iso 12-Oct-2021 10:48 372M

My /etc/apt/sources.list contains 2 lines after the install

deb http://pkgmaster.devuan.org/merged chimaera-security main contrib non-free
deb-src http://pkgmaster.devuan.org/merged chimaera-security main contrib non-free

all other lines in the file point to deb.devuan.org

So this should be fixed, as it introduces confusion and additional load on my apt-proxy, which creates a new directory for this.
It should be fixed at least for daedalus.

BR

Last edited by bai4Iej2need (2023-05-14 09:15:55)

bai4Iej2need · 2023-06-13 10:47:14

@maintainer of isos

I tried to file a bug , but this is not possible with the bug tracking system
The bugs must refer to a package but
/etc/apt/sources.list does not belong to a package.

the bug should be against the iso install

jue-gen · 2023-08-16 07:00:27

I mean that this sources.list was still working fine on my machines just before Daedalus became stable:

cat /etc/apt/sources.list
deb http://deb.devuan.org/merged daedalus main contrib non-free non-free-firmware
deb-src http://deb.devuan.org/merged daedalus main contrib non-free non-free-firmware

#Updates
deb http://deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware
deb-src http://deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware

#Security
deb http://deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware
deb-src http://deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware

#Proposed-Updates
deb http://deb.devuan.org/devuan daedalus-proposed-updates main contrib non-free non-free-firmware
deb-src http://deb.devuan.org/devuan daedalus-proposed-updates main contrib non-free non-free-firmware

#Backports
deb http://deb.devuan.org/merged daedalus-backports main contrib non-free non-free-firmware
deb-src http://deb.devuan.org/merged daedalus-backports main contrib non-free non-free-firmware

Today I get this message:

nala update && nala upgrade && nala clean && nala autopurge && nala autoremove
╭─ Aktualisierung der Paketlisten ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│Keine Änderung: http://deb.devuan.org/merged daedalus InRelease                                                                                     │
│Keine Änderung: http://deb.devuan.org/merged daedalus-updates InRelease                                                                             │
│Keine Änderung: http://deb.devuan.org/devuan daedalus-proposed-updates InRelease                                                                    │
│Keine Änderung: http://deb.devuan.org/merged daedalus-backports InRelease                                                                           │
│Aktualisiert:   http://deb.devuan.org/merged daedalus-security InRelease [31 KB]                                                                    │
│Holte 31 KB in 0s (0 bytes/s)                                                                                                                       │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
Warnung: Skipping acquire of configured file 'non-free-firmware/i18n/Translation-en' as repository 'http://deb.devuan.org/devuan daedalus-proposed-updates InRelease' doesn't have the component 'non-free-firmware' (component misspelt in sources.list?)
Fehler: Repository 'http://deb.devuan.org/merged daedalus-security InRelease' changed its 'Label' value from 'Devuan Security' to 'Devuan-Security'
Warnung: Skipping acquire of configured file 'non-free-firmware/dep11/icons-128x128.tar' as repository 'http://deb.devuan.org/devuan daedalus-proposed-updates InRelease' doesn't have the component 'non-free-firmware' (component misspelt in sources.list?)
Warnung: Skipping acquire of configured file 'non-free-firmware/i18n/Translation-de_DE' as repository 'http://deb.devuan.org/devuan daedalus-proposed-updates InRelease' doesn't have the component 'non-free-firmware' (component misspelt in sources.list?)
Warnung: Skipping acquire of configured file 'non-free-firmware/dep11/Components-amd64.yml' as repository 'http://deb.devuan.org/devuan daedalus-proposed-updates InRelease' doesn't have the component 'non-free-firmware' (component misspelt in sources.list?)
Warnung: Skipping acquire of configured file 'non-free-firmware/dep11/icons-64x64@2.tar' as repository 'http://deb.devuan.org/devuan daedalus-proposed-updates InRelease' doesn't have the component 'non-free-firmware' (component misspelt in sources.list?)
Warnung: Skipping acquire of configured file 'non-free-firmware/i18n/Translation-de' as repository 'http://deb.devuan.org/devuan daedalus-proposed-updates InRelease' doesn't have the component 'non-free-firmware' (component misspelt in sources.list?)
Warnung: Skipping acquire of configured file 'non-free-firmware/source/Sources' as repository 'http://deb.devuan.org/devuan daedalus-proposed-updates InRelease' doesn't have the component 'non-free-firmware' (component misspelt in sources.list?)
Warnung: Skipping acquire of configured file 'non-free-firmware/dep11/icons-64x64.tar' as repository 'http://deb.devuan.org/devuan daedalus-proposed-updates InRelease' doesn't have the component 'non-free-firmware' (component misspelt in sources.list?)
Warnung: Skipping acquire of configured file 'non-free-firmware/binary-amd64/Packages' as repository 'http://deb.devuan.org/devuan daedalus-proposed-updates InRelease' doesn't have the component 'non-free-firmware' (component misspelt in sources.list?)
Warnung: Skipping acquire of configured file 'non-free-firmware/dep11/icons-48x48.tar' as repository 'http://deb.devuan.org/devuan daedalus-proposed-updates InRelease' doesn't have the component 'non-free-firmware' (component misspelt in sources.list?)

Does anyone know anything about this?

stopAI · 2023-08-16 11:49:24

Does anyone know anything about this?

Hello. I think you should remove

non-free-firmware

from

#Proposed-Updates

jue-gen · 2023-08-16 12:49:04

stopAI wrote:

Hello. I think you should remove
non-free-firmware
from
#Proposed-Updates

Yes, thank you! I did that and now I only get this message:

Repository 'http://deb.devuan.org/merged daedalus-security InRelease' changed its 'Label' value from 'Devuan Security' to 'Devuan-Security'

I don't really understand that.

seeker · 2023-08-16 15:02:42

jue-gen wrote:

stopAI wrote:
Hello. I think you should remove
non-free-firmware
from
#Proposed-Updates
Yes, thank you! I did that and now I only get this message:
Repository 'http://deb.devuan.org/merged daedalus-security InRelease' changed its 'Label' value from 'Devuan Security' to 'Devuan-Security'
I don't really understand that.

I am getting that same Label message. Is the sources.list now case sensitive? This is what I am using:

# 

# deb cdrom:[devuan_daedalus_5.0.0_amd64_netinst]/ daedalus main non-free

#deb cdrom:[devuan_daedalus_5.0.0_amd64_netinst]/ daedalus main non-free

deb http://deb.devuan.org/merged daedalus main non-free contrib
deb-src http://deb.devuan.org/merged daedalus main non-free contrib

deb http://deb.devuan.org/merged daedalus-security main non-free contrib
deb-src http://deb.devuan.org/merged daedalus-security main non-free contrib

deb http://deb.devuan.org/merged daedalus-updates main non-free contrib
deb-src http://deb.devuan.org/merged daedalus-updates main non-free contrib

jue-gen · 2023-08-16 15:50:26

seeker wrote:

I am getting that same Label message.

I think there is something wrong. I've had something like this a few times. Wait and see has helped. Maybe we should just wait and see. Maybe it's being worked on right now.

stopAI · 2023-08-16 15:57:26

Default configuration of Devuan package repositories looks like this

deb http://deb.devuan.org/merged daedalus          main contrib non-free non-free-firmware
deb http://deb.devuan.org/merged daedalus-updates  main contrib non-free non-free-firmware
deb http://deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware

More info here:

https://www.devuan.org/os/packages

jue-gen · 2023-08-16 19:05:18

stopAI wrote:

Default configuration of Devuan package repositories looks like this
deb http://deb.devuan.org/merged daedalus          main contrib non-free non-free-firmware
deb http://deb.devuan.org/merged daedalus-updates  main contrib non-free non-free-firmware
deb http://deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware
More info here:
https://www.devuan.org/os/packages

Also with this sources.list

cat /etc/apt/sources.list
deb http://deb.devuan.org/merged daedalus          main contrib non-free non-free-firmware
deb http://deb.devuan.org/merged daedalus-updates  main contrib non-free non-free-firmware
deb http://deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware

I get this error message:

Fehler: Repository 'http://deb.devuan.org/merged daedalus-security InRelease' changed its 'Label' value from 'Devuan Security' to 'Devuan-Security'

Last edited by jue-gen (2023-08-16 19:12:50)

ralph.ronnquist · 2023-08-17 00:47:51

Run apt update once and confirm.

EDIT for some background: The root of this problem is that the InRelease file for debian-security previously had the wrong "Label" setting of "Devuan Security", and that is what has got loaded onto your system while updating devuan-secuirty before while in testing.

Apt keeps a copy of all the "dists" files, such as

/var/lib/apt/lists/....InRelease

and it's that file that has

Label: Devuan Security

on your system, whereas the one in the remote repo was corrected to have

Label: Devuan-Security

when also it changed to

Suite: stable-security

That is what the Apt system (by apt-get) discovers and complains about. The apt program does the same, but then reacts by asking you to confirm that the new file is good rather than just discarding it.

jue-gen · 2023-08-17 05:19:20

ralph.ronnquist wrote:

Run apt update once and confirm. ...

Thank you for this tutorial. It works. I will read everything again carefully.
Thank you very much!

seeker · 2023-08-17 11:02:39

ralph.ronnquist wrote:

Run apt update once and confirm.
EDIT for some background: The root of this problem is that the InRelease file for debian-security previously had the wrong "Label" setting of "Devuan Security", and that is what has got loaded onto your system while updating devuan-secuirty before while in testing.
Apt keeps a copy of all the "dists" files, such as
/var/lib/apt/lists/....InRelease
and it's that file that has
Label: Devuan Security
on your system, whereas the one in the remote repo was corrected to have
Label: Devuan-Security
when also it changed to
Suite: stable-security
That is what the Apt system (by apt-get) discovers and complains about. The apt program does the same, but then reacts by asking you to confirm that the new file is good rather than just discarding it.

That fixed it for me too. Thank you.

The officially official Devuan Forum!

#26 2020-01-29 20:10:23

Re: sources.list confusion.

#27 2020-02-19 15:43:48

Re: sources.list confusion.

#28 2020-02-20 10:09:20

Re: sources.list confusion.

#29 2020-02-20 10:38:45

Re: sources.list confusion.

#30 2023-05-05 13:48:05

Re: sources.list confusion.

#31 2023-06-13 10:47:14

Re: sources.list confusion.

#32 2023-08-16 07:00:27

Re: sources.list confusion.

#33 2023-08-16 11:49:24

Re: sources.list confusion.

#34 2023-08-16 12:49:04

Re: sources.list confusion.

#35 2023-08-16 15:02:42

Re: sources.list confusion.

#36 2023-08-16 15:50:26

Re: sources.list confusion.

#37 2023-08-16 15:57:26

Re: sources.list confusion.

#38 2023-08-16 19:05:18

Re: sources.list confusion.

#39 2023-08-17 00:47:51

Re: sources.list confusion.

#40 2023-08-17 05:19:20

Re: sources.list confusion.

#41 2023-08-17 11:02:39

Re: sources.list confusion.

Board footer