Apt-listchanges

fogma · 12 March 2025 11:05

Problem Description

I got this email from my server this morning. Before I start hacking around trying to figure out what to do, I thought I’d check if I need to do anything when using Sympl? Thanks

Any Error Messages

debsuryorg-archive-keyring (2025.03.11) unstable; urgency=medium

  * The /etc/apt/trusted.gpg.d/debsuryorg-archive.gpg global APT key will
    been removed in the next update of the package.

    The script will try to autodetect whether any APT repository is not
    configured with signed-by= directive and will print warning about the
    installation of this package.

    You need to manually add:

    [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg]

    to your APT sources lists.  See the Debian Wiki for more information:

    https://wiki.debian.org/DebianRepository/UseThirdParty#Sources.list_entry

 -- Ondřej Surý <ondrej@debian.org>  Tue, 11 Mar 2025 14:08:14 +0100

Environment

Sympl Version: 12
Debian Version: Debian GNU/Linux 12 (bookworm)
Hardware Type: 6.1.0-28-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.119-1 (2024-11-22) x86_64
Hosted With: Mythic Beasts

alphacabbage1 · 13 March 2025 11:34

Hi @fogma

I was wondering about this too – and I still am. Fwiw, looking at Remove /etc/apt/trusted.gpg.d/debsuryorg-archive.gpg, a manual apt upgrade and …

sympl@alphacabbage1:~$ sudo apt-get -V -s install debsuryorg-archive-keyring […]

debsuryorg-archive-keyring is already the newest version (2025.03.13).

sympl@alphacabbage1:~$ grep -l sury.org /etc/apt/sources.list.d/*
/etc/apt/sources.list.d/deb.sury.org-php.list

sympl@alphacabbage1:~$ cat /etc/apt/sources.list.d/deb.sury.org-php.list
deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ bookworm main

sympl@alphacabbage1:~$ ls -al /usr/share/keyrings/debsuryorg-archive-keyring.gpg
-rw-r--r-- 1 root root 1769 Mar 11 20:07 /usr/share/keyrings/debsuryorg-archive-keyring.gpg

… I’m guessing that the next debsuryorg-archive-keyring update will work out.

compassweb · 13 March 2025 16:25

I’ve asked Mythic support whether we need to start tinkering with Sympl. Watch this space…

compassweb · 17 March 2025 07:16

Reply from MB Support,

I think you should be fine. The message from apt-listchanges only
requires the manual changes if it prints a warning about misconfigured
sources.

The example posted by fogma on the forum thread certainly looks fine.
To confirm, please could you send me the output of:

grep -l sury.org /etc/apt/sources.list.d/*

and then the output of “cat” on any files returned by the above.

regards,

MB Support

Kelduum · 17 March 2025 16:12

This should all be fine - Sympl uses the official instructions to set up the Sury Repo, although with slightly different paths to avoid conflicts, so it includes the ‘[signed-by=/usr/share/keyrings/deb.sury.org-php.gpg]’ line in the .deb file when initially creating it, and checks for that string in the file.

You only need to worry about this if you made manual changes outside of Sympl.

compassweb · 19 March 2025 06:54

For topic completeness/closure and everyone’s reference:

There should be no problems there - Sympl adds the Sury repo following the official process, and includes the ‘signed-by’ in the .deb.

MB Support