Apt-listchanges

Problem Description

I got this email from my server this morning. Before I start hacking around trying to figure out what to do, I thought I’d check if I need to do anything when using Sympl? Thanks :slight_smile:

Any Error Messages

debsuryorg-archive-keyring (2025.03.11) unstable; urgency=medium

  * The /etc/apt/trusted.gpg.d/debsuryorg-archive.gpg global APT key will
    been removed in the next update of the package.

    The script will try to autodetect whether any APT repository is not
    configured with signed-by= directive and will print warning about the
    installation of this package.

    You need to manually add:

    [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg]

    to your APT sources lists.  See the Debian Wiki for more information:

    https://wiki.debian.org/DebianRepository/UseThirdParty#Sources.list_entry

 -- Ondřej Surý <ondrej@debian.org>  Tue, 11 Mar 2025 14:08:14 +0100

Environment

  • Sympl Version: 12
  • Debian Version: Debian GNU/Linux 12 (bookworm)
  • Hardware Type: 6.1.0-28-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.119-1 (2024-11-22) x86_64
  • Hosted With: Mythic Beasts

Hi @fogma

I was wondering about this too – and I still am. Fwiw, looking at Remove /etc/apt/trusted.gpg.d/debsuryorg-archive.gpg, a manual apt upgrade and …

sympl@alphacabbage1:~$ sudo apt-get -V -s install debsuryorg-archive-keyring […]

debsuryorg-archive-keyring is already the newest version (2025.03.13).

sympl@alphacabbage1:~$ grep -l sury.org /etc/apt/sources.list.d/*
/etc/apt/sources.list.d/deb.sury.org-php.list

sympl@alphacabbage1:~$ cat /etc/apt/sources.list.d/deb.sury.org-php.list
deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ bookworm main

sympl@alphacabbage1:~$ ls -al /usr/share/keyrings/debsuryorg-archive-keyring.gpg
-rw-r--r-- 1 root root 1769 Mar 11 20:07 /usr/share/keyrings/debsuryorg-archive-keyring.gpg

… I’m guessing that the next debsuryorg-archive-keyring update will work out.

I’ve asked Mythic support whether we need to start tinkering with Sympl. Watch this space…

1 Like

Reply from MB Support,

I think you should be fine. The message from apt-listchanges only
requires the manual changes if it prints a warning about misconfigured
sources.

The example posted by fogma on the forum thread certainly looks fine.
To confirm, please could you send me the output of:

grep -l sury.org /etc/apt/sources.list.d/*

and then the output of “cat” on any files returned by the above.

regards,

MB Support

This should all be fine - Sympl uses the official instructions to set up the Sury Repo, although with slightly different paths to avoid conflicts, so it includes the ‘[signed-by=/usr/share/keyrings/deb.sury.org-php.gpg]’ line in the .deb file when initially creating it, and checks for that string in the file.

You only need to worry about this if you made manual changes outside of Sympl.

For topic completeness/closure and everyone’s reference:

There should be no problems there - Sympl adds the Sury repo following the official process, and includes the ‘signed-by’ in the .deb.

MB Support