[Samba] Debian Bullseye Samba 4.15 online now. Amd64/i386/armhf/arm64
L.P.H. van Belle
belle at bazuin.nl
Thu Sep 30 10:30:01 UTC 2021
Ahh.. Thats a stupid error.. You are totaly right.
Thats /usr/share/keyrings offcourse..
Bad copy/past from my older mail.
I already adjusted that in :
https://apt.van-belle.nl/simple-repo-setup.txt
But off course the correct line is :
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/louis-van-belle.gpg] http://apt.van-belle.nl/debian/ $(lsb_release -sc)-samba415 main" \|
sudo tee -a /etc/apt/sources.list.d/van-belle.list > /dev/null
Thanks for reporting it.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Lorenz Schori via samba
> Verzonden: donderdag 30 september 2021 11:59
> Aan: L.P.H. van Belle via samba
> Onderwerp: Re: [Samba] Debian Bullseye Samba 4.15 online now.
> Amd64/i386/armhf/arm64
>
> Hi,
>
> On Thu, 30 Sep 2021 11:39:05 +0200
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
> > [...]
> > The repo setup for Bullseye has changed a bit.
> >
> > Conform debian policy.
> > wget -O- https://apt.van-belle.nl/louis-van-belle.gpg-key.asc |\
> > gpg --dearmor | sudo tee
> > /etc/apt/trusted.gpg.d/louis-van-belle.gpg > /dev/null
> > [...]
>
> Thanks for maintaining this repos. Please follow the Debian
> recommendations and do not instruct people to place third-party keys
> into /etc/apt/trusted.gpg.d. They should be placed in
> /usr/share/keyrings instead, according the Debian wiki:
>
> https://wiki.debian.org/DebianRepository/UseThirdParty
>
> The key MUST be downloaded over a secure mechanism like HTTPS
> to a location only writable by root, which SHOULD be
> /usr/share/keyrings. The key MUST NOT be placed in
> /etc/apt/trusted.gpg.d or loaded by apt-key add.
>
> Dropping third party keyrings into /etc/apt/trusted.gpg.d is equally
> bad as using apt-key for the exact same reasons. It looks
> like this is a
> widespread mistake (I did this too in the past). The following post
> describes the problem accurately:
>
> https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-ho
> w-to-add.html
>
> The reason for this change is that when adding an OpenPGP key
> that's used to sign an APT repository to /etc/apt/trusted.gpg or
> /etc/apt/trusted.gpg.d, the key is unconditionally trusted by
> APT on all other repositories configured on the system that
> don't have a signed-by (see below) option, even the official
> Debian / Ubuntu repositories. As a result, any unofficial APT
> repository which has its signing key added to
> /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d can replace any
> package on the system. So this change was made for security
> reasons (your security).
>
> Cheers,
> Lorenz
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list