🆕 [Debian/Ubuntu users] Feedback on new package feed #834
Comments
shiftkey
changed the title
|
Cool. I have a script that I've been using for a while over here: https://github.com/mwt/desktop-makerepo The script scans the github releases and adds new apt/rpm to the repos. There might be something useful in there that you can use (particularly the steps after scanning releases for rpm). Edit: The repo works for me. |
|
Tested successfully on Ubuntu 22.04 - looking great 👍 |
shiftkey
changed the title
|
I should set the origin of my mirror to these two new feeds so that packages are updated. If I do this, I think existing users will get a gpg error because they key likely changed. I think this is fine. I could get around this by setting the new repo in a different path (i.e. not |
|
I set up a mirror from the new origins here: It seems to be working. There are two options:
I think 2 will result in fewer issues being filed here. |
|
@shiftkey Thanks for creating the official deb repository! Unfortunately, it didn't work as expected on my end. I installed the GPG key and repository info as written in the README. wget -qO - https://apt.packages.shiftkey.dev/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/shiftkey-packages.asc > /dev/null
sudo sh -c 'echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/shiftkey-packages.asc] https://apt.packages.shiftkey.dev/ubuntu/ any main" > /etc/apt/sources.list.d/shiftkey-packages.list'Then I ran $ sudo apt update
Hit:1 http://download.virtualbox.org/virtualbox/debian jammy InRelease
Hit:2 https://dl.google.com/linux/chrome/deb stable InRelease
Hit:3 https://apt.releases.hashicorp.com jammy InRelease
Hit:4 http://packages.microsoft.com/repos/code stable InRelease
Hit:5 https://download.docker.com/linux/ubuntu jammy InRelease
Hit:6 https://deb.nodesource.com/node_18.x jammy InRelease
Get:7 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Hit:8 http://archive.ubuntu.com/ubuntu jammy InRelease
Get:9 https://apt.packages.shiftkey.dev/ubuntu any InRelease [1,226 B]
Err:9 https://apt.packages.shiftkey.dev/ubuntu any InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FC979028B1997C1
Get:10 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
Hit:11 https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu jammy InRelease
Get:12 http://archive.neon.kde.org/user jammy InRelease [178 kB]
Reading package lists... Done
W: GPG error: https://apt.packages.shiftkey.dev/ubuntu any InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FC979028B1997C1
E: The repository 'https://apt.packages.shiftkey.dev/ubuntu any InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
$
$ cat /etc/apt/sources.list.d/shiftkey-packages.list
deb [arch=amd64 signed-by=/etc/apt/keyrings/shiftkey-packages.asc] https://apt.packages.shiftkey.dev/ubuntu/ any main
$ ls /etc/apt/keyrings/shiftkey-packages.asc
/etc/apt/keyrings/shiftkey-packages.ascI found InRelease may have wrong Can you check the configuration? |
|
@phanect afaik origin and label shouldn't cause an error like that. For example, these always differ from the hostname of any mirror (such as the official Ubuntu mirrors) and there is no issue caused by this. The InRelease has the right signature. Perhaps there is something wrong with your local copy of gpg --show-keys /etc/apt/keyrings/shiftkey-packages.ascThe output should be something like: If not, then the first command ( |
|
@mwt @shiftkey Thanks for your assistance. I have run the command, and it shows the identical result as @mwt's output: $ gpg --show-keys /etc/apt/keyrings/shiftkey-packages.asc
pub ed25519 2023-02-19 [SC] [expires: 2028-02-18]
4E02A356A18314B00A481F067FC979028B1997C1
uid Brendan Forster <[email protected]>
sub cv25519 2023-02-19 [E] [expires: 2028-02-18]
If I remember correctly, it caused an error when I was trying to create a deb repo. KDE neon uses PackageKit as a package manager frontend while it is based on apt and deb, so perhaps it might have more strict restrictions than Ubuntu. |
|
Hmm. The only thing I can think of is that there is possibly some other file in
I don't think so. Too much would break. An example from the legacy packagecloud mirror: The purpose of Edit: Maybe also try replacing the |
|
@mwt Thanks.
I confirmed there is only one file pointing to apt.packages.shiftkey.dev repo in /etc/apt/sources.list.d. $ cat /etc/apt/sources.list.d/*
deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main
deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com jammy main
deb http://archive.neon.kde.org/user jammy main
deb-src http://archive.neon.kde.org/user jammy main
deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x jammy main
deb-src [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x jammy main
deb https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu jammy main
deb [arch=amd64 signed-by=/etc/apt/keyrings/shiftkey-packages.asc] https://apt.packages.shiftkey.dev/ubuntu/ any main
deb http://download.virtualbox.org/virtualbox/debian jammy contrib
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code stable mainI also tried to your mirror (mirror.mwt.me) and $ sudo apt update
Hit:1 http://download.virtualbox.org/virtualbox/debian jammy InRelease
Hit:2 https://download.docker.com/linux/ubuntu jammy InRelease
Hit:3 https://dl.google.com/linux/chrome/deb stable InRelease
Hit:4 http://packages.microsoft.com/repos/code stable InRelease
Hit:5 https://apt.releases.hashicorp.com jammy InRelease
Get:6 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Hit:7 http://archive.ubuntu.com/ubuntu jammy InRelease
Get:8 https://deb.nodesource.com/node_18.x jammy InRelease [4,563 B]
Get:9 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
Get:10 https://apt.packages.shiftkey.dev/ubuntu any InRelease [1,226 B]
Err:10 https://apt.packages.shiftkey.dev/ubuntu any InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FC979028B1997C1
Get:11 https://mirror.mwt.me/shiftkey-desktop/deb any InRelease [1,226 B]
Err:11 https://mirror.mwt.me/shiftkey-desktop/deb any InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FC979028B1997C1
Get:12 https://deb.nodesource.com/node_18.x jammy/main amd64 Packages [777 B]
Get:13 http://security.ubuntu.com/ubuntu jammy-security/main amd64 DEP-11 Metadata [41.6 kB]
Get:14 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 DEP-11 Metadata [15.2 kB]
Hit:15 https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu jammy InRelease
Get:16 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 DEP-11 Metadata [101 kB]
Get:17 http://archive.neon.kde.org/user jammy InRelease [178 kB]
Get:18 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 DEP-11 Metadata [267 kB]
Get:19 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 DEP-11 Metadata [940 B]
Reading package lists... Done
W: GPG error: https://apt.packages.shiftkey.dev/ubuntu any InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FC979028B1997C1
E: The repository 'https://apt.packages.shiftkey.dev/ubuntu any InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://mirror.mwt.me/shiftkey-desktop/deb any InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FC979028B1997C1
E: The repository 'https://mirror.mwt.me/shiftkey-desktop/deb any InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
$ sudo mv /etc/apt/keyrings/shiftkey-packages.asc /etc/apt/keyrings/shiftkey-packages.gpg
$ sudo mv /etc/apt/keyrings/mwt-desktop.asc /etc/apt/keyrings/mwt-desktop.gpg
$ sudo apt update
Hit:1 http://download.virtualbox.org/virtualbox/debian jammy InRelease
Hit:2 https://download.docker.com/linux/ubuntu jammy InRelease
Hit:3 http://packages.microsoft.com/repos/code stable InRelease
Hit:4 https://dl.google.com/linux/chrome/deb stable InRelease
Hit:5 https://apt.releases.hashicorp.com jammy InRelease
Hit:6 https://deb.nodesource.com/node_18.x jammy InRelease
Get:7 https://mirror.mwt.me/shiftkey-desktop/deb any InRelease [1,226 B]
Err:7 https://mirror.mwt.me/shiftkey-desktop/deb any InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FC979028B1997C1
Hit:8 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:9 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:10 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Get:11 https://apt.packages.shiftkey.dev/ubuntu any InRelease [1,226 B]
Err:11 https://apt.packages.shiftkey.dev/ubuntu any InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FC979028B1997C1
Hit:12 https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu jammy InRelease
Get:13 http://archive.neon.kde.org/user jammy InRelease [178 kB]
Reading package lists... Done
W: GPG error: https://mirror.mwt.me/shiftkey-desktop/deb any InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FC979028B1997C1
E: The repository 'https://mirror.mwt.me/shiftkey-desktop/deb any InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://apt.packages.shiftkey.dev/ubuntu any InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FC979028B1997C1
E: The repository 'https://apt.packages.shiftkey.dev/ubuntu any InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.Thanks anyway for your advice. |
You need to change the |
Year, I just noticed I forgot to change $ sudo apt update
Hit:1 http://download.virtualbox.org/virtualbox/debian jammy InRelease
Hit:2 http://packages.microsoft.com/repos/code stable InRelease
Hit:3 https://deb.nodesource.com/node_18.x jammy InRelease
Hit:4 https://dl.google.com/linux/chrome/deb stable InRelease
Hit:5 https://download.docker.com/linux/ubuntu jammy InRelease
Hit:6 https://apt.releases.hashicorp.com jammy InRelease
Hit:7 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:8 https://apt.packages.shiftkey.dev/ubuntu any InRelease [1,226 B]
Get:9 https://mirror.mwt.me/shiftkey-desktop/deb any InRelease [1,226 B]
Get:10 https://apt.packages.shiftkey.dev/ubuntu any/main amd64 Packages [617 B]
Hit:11 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:12 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Get:13 https://mirror.mwt.me/shiftkey-desktop/deb any/main amd64 Packages [617 B]
Hit:14 https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu jammy InRelease
Get:15 http://archive.neon.kde.org/user jammy InRelease [178 kB]
Fetched 181 kB in 2s (87.1 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
$ cat /etc/apt/sources.list.d/shiftkey-packages.list
deb [arch=amd64 signed-by=/etc/apt/keyrings/shiftkey-packages.gpg] https://apt.packages.shiftkey.dev/ubuntu/ any mainThanks so much for your assistance! |
Oof. No problem! I guess some versions of apt assume that any @shiftkey readme should probably have all instances of |
|
I opened #839 to fix the README. |
|
@mwt Oops, you also wrote the same patch. Then just close my PR :) |
No, that's good! I just won't finish making mine. |
|
Thanks so much for making this Linux build and adding this package feed - I really appreciate it. I'm leaving this comment in case anyone else hits the very minor issue I did. I found that (perhaps because I haven't added a package feed before) that the directory This was simply solved by creating the directory with sudo mkdir /etc/apt/keyringsand then running your instructions. |
That's a good point. I think I had to create this directory the first time even in Jammy. Though, I might be misremembering. If you want to rectify: sudo mkdir -p /etc/apt/keyrings && wget ...(at some point, these may just become lines in an install script...) |
I'm looking to migrate away from PackageCloud for many reasons, and after a bunch of false starts I have a new server setup with the necessary keys and bits that this should work as-is:
https://apt.packages.shiftkey.dev/
Relevant steps:
aptIf you have a previous version of
github-desktopinstalled, you should be able to upgrade to the latest release from earlier this week, otherwise you can manually install the latest version3.1.7-linux1:Before I update the docs to point everyone to this I figure I'd open this up to anyone who wants to test it out and ensure I haven't missed any details...
The text was updated successfully, but these errors were encountered: