Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v5Orc-006DYP-2T for pgsql-pkg-debian@arkaria.postgresql.org; Sun, 05 Oct 2025 13:33:24 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1v5Ora-002fTe-Bh for pgsql-pkg-debian@arkaria.postgresql.org; Sun, 05 Oct 2025 13:33:23 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v5OrZ-002fTW-EY for pgsql-pkg-debian@lists.postgresql.org; Sun, 05 Oct 2025 13:33:23 +0000 Received: from fhigh-a6-smtp.messagingengine.com ([103.168.172.157]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1v5OrW-000Vuy-32 for pgsql-pkg-debian@lists.postgresql.org; Sun, 05 Oct 2025 13:33:22 +0000 Received: from phl-compute-03.internal (phl-compute-03.internal [10.202.2.43]) by mailfhigh.phl.internal (Postfix) with ESMTP id 88D0F140007C for ; Sun, 5 Oct 2025 09:33:16 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-03.internal (MEProxy); Sun, 05 Oct 2025 09:33:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eisentraut.org; h=cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm1; t=1759671196; x=1759757596; bh=VM G3S+DEnlEPiQUNFGGwT0ALf99scuRORG4wjNEPKJU=; b=AbSI76lMOBDq/t7jGl +J7VSWgGN80ZsMlUtqy+zr0bC6feOWZwcUHnqA3Pv2MaMjPIMOp0hWwB97sUqQ09 qFOvJAzyH+ZuDzpPSEVzAS66lvM6NSB0HQ52k9GRCw+65HhlC6yt47o7yMAiLEBX 1wWsohhvKprRjPMmNQkyAJ3NCm116GVV1zlBLwMXQXJyMZM3Jg0k07ER+aF4AyFN 9tu6WG2iGIQDfZIUh4dMddQ1Eh4S0b/AdC2K1BSedTUiP2csiLTcw/JkWdwmD7OC nf+Nx5xmwvh7rBevqsXJN26sGL7TB3JOvEGF8pcdzSipd1KDfZ1CPRgy7zCsqxa6 Ai7A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1759671196; x=1759757596; bh=VMG3S+DEnlEPiQUNFGGwT0ALf99scuRORG4 wjNEPKJU=; b=ZBjddjjNmZmFvd6CCWak6pO45kIU0VPamg1aKO1bvnnNzRNngwO 2T5mq6MIxgek9XHEObiRKlhxwtBundh8AMfFsyLCD8VLR9XhM/qUtQ76kdYPKTKt 818g1pWrrZaC/Cgx2GebSnYQjGuevzw/mJTpBWTd8g2YG/JqQMQLtdC53x0EzwqP SEQWrTDHB06TDMl5Wt1d85G4Lv33i58Mzeo7V4hqul/4zXUwuuPNKzXor+fRYRdF YF0rMDrFk6ewbEWpn1JhSZWd/3hF2a+EHMMqCHDvGyBfP5Po7npv3ngoPyF0f6l6 haLFVQZNefzIesMAB/mfi9L7syH+PTYNByA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggdelgeejlecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpefkffggfgfvhffutgfgsehtjeertddtvdejnecuhfhrohhmpefrvghtvghrucfgihhs vghnthhrrghuthcuoehpvghtvghrsegvihhsvghnthhrrghuthdrohhrgheqnecuggftrf grthhtvghrnhepkefgueefkeegfeeghfdvfeeuhffgheektdefgffgtddvkeevveehhfdv vddugfelnecuffhomhgrihhnpehpohhsthhgrhgvshhqlhdrohhrghdpohhrghdrshhhne cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphgvthgv rhesvghishgvnhhtrhgruhhtrdhorhhgpdhnsggprhgtphhtthhopedupdhmohguvgepsh hmthhpohhuthdprhgtphhtthhopehpghhsqhhlqdhpkhhgqdguvggsihgrnheslhhishht shdrphhoshhtghhrvghsqhhlrdhorhhg X-ME-Proxy: Feedback-ID: ie0a040ee:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sun, 5 Oct 2025 09:33:15 -0400 (EDT) Message-ID: Date: Sun, 5 Oct 2025 15:33:14 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: PostgreSQL on Debian and Ubuntu Content-Language: en-US From: Peter Eisentraut Subject: should postgresql-common depend on ca-certificates? Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk If I follow the Quickstart at https://wiki.postgresql.org/wiki/Apt#Quickstart but use --no-install-recommends, things don't quite work. (I realize I'm going off the well-trodden path, but this is useful for CI setups to avoid installing packages you don't strictly need.) For example, on Ubuntu 24.04: apt-get update apt-get -y --no-install-recommends install gnupg postgresql-common /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y Then you get warnings like this: Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 151.101.3.52 443] W: https://apt.postgresql.org/pub/repos/apt/dists/noble-pgdg/InRelease: No system certificates available. Try installing ca-certificates. When you install ca-certificates, then the whole thing works. Apparently, there is a "recommends" dependency somewhere down the chain, but postgresql-common itself doesn't mention it. I don't know what the right solution is, but maybe a combination of 1) postgresql-common at least "suggests" ca-certificates. 2) apt.postgresql.org.sh should do more checking that the setup it creates actually works. 3) The wiki page quickstart makes more explicit mention of ca-certificates. (It is mentioned for the manual setup.)