Problems with fresh install on RaspiOS 12 -> apt pgp key directory changed
91 views
Skip to first unread message
Charlie Victor
Oct 6, 2024, 10:33:23 AM10/6/24
to weewx-user
Hello dear WeeWx users!
When installing WeeWx 5.1 on a freshly installed RasiOS 12 (Debian 12 Bookworm) on an Raspi 3B, I ran into problems:
The offical installation description for Debian does not work for me.
The pgp key download worked fine, but apt does not find the key and complains accordingly when you try to "apt update":
But the problem is neither weewx.com nor the key. Something seems to have chanced with apt in Debian 12. It seems to want a different directory now for those keyfiles (As described here in a different context)
That's it.
Now sudo apt update runs without complaints.
When installing WeeWx 5.1 on a freshly installed RasiOS 12 (Debian 12 Bookworm) on an Raspi 3B, I ran into problems:
The offical installation description for Debian does not work for me.
The pgp key download worked fine, but apt does not find the key and complains accordingly when you try to "apt update":
The following
signatures couldn't be verified because the public key is not available:
NO_PUBKEY A0CB255B75BF977C
This is my system version:
Linux 6.6.51+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.51-1+rpt2 (2024-10-01) aarch64 GNU/Linux
Linux 6.6.51+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.51-1+rpt2 (2024-10-01) aarch64 GNU/Linux
But the problem is neither weewx.com nor the key. Something seems to have chanced with apt in Debian 12. It seems to want a different directory now for those keyfiles (As described here in a different context)
Solution
- Download the key file into /etc/apt/keyrings
and not into /etc/apt/trusted.gpg.d - Change Information in the file weewx.list accordingly, including the new path to the key file.
This is what I did exactly (as root user)
- Download the key file in the right directory
wget -O - https://weewx.com/keys.html | gpg --dearmor --output /etc/apt/keyrings/weewx.gpg - correct file permissions
chmod 644 /etc/apt/keyrings/weewx.gpg - manually create the .list file for apt:
nano /etc/apt/sources.list.d/weewx.list - and write this very line into the file weewx.list:
deb [arch=all signed-by=/etc/apt/keyrings/weewx.gpg] https://weewx.com/apt/python3 buster main
and save the file. Note the option "signed-by=" with the path to the key file. - correct file permissons
chmod 644 /etc/apt/sources.list.d/weewx.list
Now sudo apt update runs without complaints.
Perhaps the documentation for debian installs needs an update.
Many thanks to thy makers of WeeWx for their great work. Im am running a weather station with WeeWx on Raspi since 2019 without interruptions.
I ran into this issue while setting up a new replacement hardware.
Best regards to all weather station operators out there! Good luck and have fun!
Chris
Many thanks to thy makers of WeeWx for their great work. Im am running a weather station with WeeWx on Raspi since 2019 without interruptions.
I ran into this issue while setting up a new replacement hardware.
Best regards to all weather station operators out there! Good luck and have fun!
Chris
matthew wall
Oct 7, 2024, 7:39:48 PM10/7/24
to weewx-user
i just did a clean install of rasiOS 12 (64-bit lite - no desktop) followed by weewx 5.1 on a pi 3 B+
everything worked as described in the weewx documentation
uname -a reports this:
Linux pitmp 6.6.31+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.31-1+rpt1 (2024-05-29) aarch64 GNU/Linux
so i'm not sure why there are two different behaviors.
however, we might have to update the installation instructions. when they started deprecating the use of apt-key, the recommendation was to put the gpg key(s) in /etc/apt/trusted.gpg.d. but apparently that, too, is not secure. the secure approach is to tightly couple the key with the repository, i.e., specify the key in the weewx.list file. on top of that, there is apparently a newer, more explicit format (deb822) for the lists, but no indication of whether the current format will be deprecated or removed.
here is a reference:
Reply all
Reply to author
Forward
0 new messages