You should be able to mark a bug as a duplicate of another.
FYI I did revert to this one:
https://launchpad.net/ubuntu/+source/python-apt/2.7.1~ubuntu1/+build/27047450/+files/python3-apt_2.7.1~ubuntu1_amd64.deb
(I do use old sources format).
gtk works perfectly now after downgrading python with the provided deb file! Thanks mate!
New here and to Linux. Seeing this after ignoring the python issue for a long time. I ignorantly upgraded to the dev branch of Ubuntu 24.04 from Ubuntu 22.04 LTS as a result of trying out do-release-upgrade blindly. (I didn’t bother to look up the -d flag and what it does.)
I avoided the software-properties-gtk python issue by deleting the older source files/entries from the /etc/apt/ folder as recommended by some in the LaunchPad Bug Report #2053228 linked above.
After Software & Updates started up again: out of all the repositories I did want to add, only AnyDesk’s one worked. Not only did the rest not work but those caused the app to crash. I had to manually remove the new entries/files from the /etc/apt/ folder again in order to continue opening it directly.
Glad to see that it has some solution but I’ll be avoiding it for now since the vulnerability in XZ Utils is still being cleaned up. There’s a long way to go.
Will this be completed by Noble release?
the latest daily builds (4/20/2024) still have the wrong sources.list
and no ubuntu.sources
file
eg:
https://cdimage.ubuntu.com/daily-preinstalled/pending/noble-preinstalled-desktop-arm64+raspi.img.xz
sources.list
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://ports.ubuntu.com/ubuntu-ports/ noble main restricted universe
Thanks for bringing this to our attention. Along with some other reports of issues, this made us realize the images were still being built with a version of ubuntu-image
lacking support for deb822 sources. This has been corrected, and you should now see the correct behavior in the 20240421.1 daily image.
Correction: the ubuntu-image used for the dailies was the right one (as we build from candidate in noble), but we did not have the deb822 images enabled in the definitions for the pi images indeed. This should now be fixed and today’s desktop daily should, in theory, have the right sources list. Can you test it once it’s made available?
For some reason, software-properties-gtk handles these new sources just fine but not the qt interface:
So after some time with a messy Software sources (duplicate: checked items in 1st tab and additional sources in 2nd).
I had to separate each repo like this for ubuntu.sources and delete old sources.list:
Types: deb
URIs: http://archive.ubuntu.com/ubuntu
Suites: noble
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Types: deb
URIs: http://security.ubuntu.com/ubuntu
Suites: noble-security
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Types: deb
URIs: http://archive.ubuntu.com/ubuntu
Suites: noble-updates
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Types: deb
URIs: http://archive.ubuntu.com/ubuntu
Suites: noble-backports
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Types: deb
URIs: http://archive.ubuntu.com/ubuntu
Suites: noble-security
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Types: deb
URIs: http://archive.ubuntu.com/ubuntu
Suites: noble-proposed
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
(I don’t know what’s the correct security repo…)
It does not work if I put all the repos in the same source (noble noble-updates etc.) as permitted by new format.
On my install from last ISO in ubuntu.sources are no comments but there are in ubuntu.sources.curtin.orig
corrado@corrado-n9-noble:~$ cat /etc/apt/sources.list.d/ubuntu.sources
Types: deb
URIs: http://archive.ubuntu.com/ubuntu
Suites: noble noble-updates noble-backports
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Types: deb
URIs: http://security.ubuntu.com/ubuntu/
Suites: noble-security
Components: main restricted universe multiverse
corrado@corrado-n9-noble:~$ cat /etc/apt/sources.list.d/ubuntu.sources.curtin.orig
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
## Ubuntu distribution repository
##
## The following settings can be adjusted to configure which packages to use from Ubuntu.
## Mirror your choices (except for URIs and Suites) in the security section below to
## ensure timely security updates.
##
## Types: Append deb-src to enable the fetching of source package.
## URIs: A URL to the repository (you may add multiple URLs)
## Suites: The following additional suites can be configured
## <name>-updates - Major bug fix updates produced after the final release of the
## distribution.
## <name>-backports - software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
## Components: Aside from main, the following components can be added to the list
## restricted - Software that may not be under a free license, or protected by patents.
## universe - Community maintained packages. Software in this repository receives maintenance
## from volunteers in the Ubuntu community, or a 10 year security maintenance
## commitment from Canonical when an Ubuntu Pro subscription is attached.
## multiverse - Community maintained of restricted. Software from this repository is
## ENTIRELY UNSUPPORTED by the Ubuntu team, and may not be under a free
## licence. Please satisfy yourself as to your rights to use the software.
## Also, please note that software in multiverse WILL NOT receive any
## review or updates from the Ubuntu security team.
##
## See the sources.list(5) manual page for further settings.
Types: deb
URIs: http://archive.ubuntu.com/ubuntu/
Suites: noble noble-updates noble-backports
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
## Ubuntu security updates. Aside from URIs and Suites,
## this should mirror your choices in the previous section.
Types: deb
URIs: http://security.ubuntu.com/ubuntu/
Suites: noble-security
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
corrado@corrado-n9-noble:~$
I want to ask if there is any command to add repo. in this new deb822
format, I didn’t find any, add-apt-repository
adds in the old formats.
I only found Apt Manage repolib python module but it’s not in Ubuntu repos.
How can I add repo in this new format from command-line, excluding manual echo "<deb822_content>"
.
There is no command for now.
An apt add-sources
command that does some fast checks and fetches the sources being added will be available at a later time, it will take an HTTPS URL at which a .sources
file is located, download it, validate it, fetch the repository, check that, and then install the .sources
files to your sources.list.d
. Probably the same could be added to add-apt-repository
.
If you already have the file, there is little need for a command.
And there’s little point in allowing you to construct deb822 files by arguments:
add-apt-repository --name foo.sources --types "deb deb-src" --uris "ddd"
How do you express the inline Signed-By
field there? Every source should have one, and generally it should be inlined for third-party repositories, meaning a large ASCII-enarmored public OpenPGP key. Can read it from the pipe, but what’s the value there?
So you either way have to write a long deb822 sources file, so a fictional
add-apt-repository --name foo.sources << EOF
... file content ...
EOF
isn’t much better than
cat > /etc/apt/sources.list.d/foo.sources << EOF
... file content ...
EOF
apt update
Where apt add-sources
fetching comes in is that it is remotely safer than doing curl url | sudo tee /etc/apt/sources.list.d/foo.sources
which would be the current convention. This is all built around the model that you get the complete .sources
file from your third-party repository operator, dump it in sources.list.d
, run apt update
and have it work, the model where you go edit sources.list by hand (or tool) locally is rather obsolete.
It’s possibly a future add-apt-repository
version will silently rewrite any new sources in the old format into deb822 though.
Ok, I see I didn’t understand that part about downloading and processing the .sources
file what makes sense.
So it all depends on the repository provider, if it will provide the repo in the deb822 format then the add-apt-repository
will save it in deb822?, I didn’t hear about the apt add-sources
command and can’t find any manpages. It looks like add-apt-repository
internally calls apt add-sources
? @juliank
The Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
field can of course take a filepath.
But you answered my question, now I get it, thank you.
Hello. I’m a Debian user, but I don’t find a lot of content online about this interesting subject, so I thought I would share my humble opinion (sorry if I’m not supposed to post here, first timer).
This “cosmetic caveat” indeed is worrying me. Did you guys talk about it internally? AFAIK, the “global” sources.list
file was always read first by apt
, thus preventing this problem.
So if I’m understanding correctly, with the new approach of a dedicated file sources.list.d/ubuntu.sources
(or similar in Bookworm sources.list.d/debian.sources
), if I have another .sources
file named “alphabetically earlier”, we can run into an issue?
For instance, let’s say the package foobar
is available from the official default repo but also from a custom repo abc
, loaded with sources.list.d/abc.sources
file. So running apt install foobar
could in theory install foobar
package from the official default repo instead of the abc
repo. Correct?
I can see the version table with apt-cache policy foobar
/ apt-cache madison foobar
so I guess apt always picks the “greatest” version of an available package (if not specified)?
And I guess we could fix this potential issue with a file in preferences.d/
to give abc
repo priority for the foobar
package:
Package: src:foobar
Pin: release n=abc
Pin-Priority: 990