public inbox for [email protected]
help / color / mirror / Atom feedFrom: Christoph Berg <[email protected]>
To: PostgreSQL in Debian <[email protected]>
Subject: Repository key handling changed
Date: Fri, 11 Nov 2022 17:54:30 +0100
Message-ID: <[email protected]> (raw)
Hi,
previously, when installing postgresql-common from apt.postgresql.org,
it would pull in the pgdg-keyring package that contains the key for
the repository:
/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc
/usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg
/etc/apt/trusted.gpg.d/apt.postgresql.org.gpg -> /usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg
In postgresql-common 246, this has been changed such that
postgresql-common itself contains the key files, and the trusted.gpg.d
symlink is created when a /etc/apt/sources.list.d/pgdg.list is found.
On upgrade, pgdg-keyring will be removed, but since the same set of
files is provided, nothing should change.
One caveat is that pgdg-keyring has /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg
marked as conffile, so if the package is purged after the removal, the .gpg file
will be removed. (Workaround: reinstall postgresql-common, or don't
purge pgdg-keyring, or use an explicit key file (see below))
Additionally the apt.postgresql.org.sh installer script [1] has been
updated to write /etc/apt/sources.list.d/pgdg.sources in the modern
deb-822 style. By default it looks like this:
$ cat /etc/apt/sources.list.d/pgdg.sources
Types: deb
URIs: https://apt.postgresql.org/pub/repos/apt
Suites: bullseye-pgdg
Components: main
Signed-By: /usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg
[1] https://salsa.debian.org/postgresql/postgresql-common/-/raw/master/pgdg/apt.postgresql.org.sh
The advantage is that the key for the repository is explicitly
specified, and the URI scheme has been upgraded to https://.
(Make sure systems have ca-certificates installed!)
I have not yet upgraded the installation instructions on
https://wiki.postgresql.org/wiki/Apt yet, since they are compatible
with either version of the key/scripts, but will do so over the next
days.
If you have questions, follow up here or ask on #postgresql-apt on
libera.
Christoph
view thread (3+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Repository key handling changed
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox