This concerns those consuming GIP Debian and Raspbian packages from my openSUSE Build Service (OBS) repo. Old Issue ========= Last year the repo signing key held locally after downloading a GIP package expired causing update and upgrade problems. The original communication is here [1]. Solution ======== I do not 'own' the key, I cannot set it to not expire, I can only extend the expiration date. The issue then becomes, how to update local copies of the key. The solution selected is to package the key itself and set the GIP package to depend on the keyring package. This solution is queued up and ready to be published to the repos. This solution does require one-off manual intervention. I shall publish the packages on Sunday morning giving affected people a chance to read the following instructions. Instructions ============ As this solution changes the dependencies of the GIP package the changes will not be installed / upgraded by a sudo apt-get upgrade, the package will be held back. root@test1:/# sudo apt-get upgrade Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done The following packages have been kept back: get-iplayer 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. The command to perform the upgrade will be root@test1:/# sudo apt-get update root@test1:/# sudo apt-get --with-new-pkgs upgrade Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done The following NEW packages will be installed: mgrant-obs-deb-keyring The following packages will be upgraded: get-iplayer 1 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 149 kB/166 kB of archives. After this operation, 34.8 kB of additional disk space will be used. Do you want to continue? [Y/n] The above command will show a new package to be installed called mgrant-obs-deb-keyring. If other packages are shown then this means that other unrelated packages have changed dependencies that are due to be installed. If you do not want them to be installed then answer no and as an alternative enter sudo apt-get install mgrant-obs-deb-keyring Whichever route is taken the package will want to update the pre-existing keyring file which it did not install. Under these conditions APT will discover this and ask the following question Configuration file '/etc/apt/trusted.gpg.d/home_m-grant-prg.gpg' ==> File on system created by you or by a script. ==> File also in package provided by package maintainer. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** home_m-grant-prg.gpg (Y/I/N/O/D/Z) [default=N] ? Please answer Y or I to install the new file. That should conclude this process. Future ====== Currently I expect to extend the key and re-package once a year in January. Once I have published the package it should upgrade with a normal sudo apt-get upgrade Regards, Mark References ========== [1] https://lists.infradead.org/pipermail/get_iplayer/2021-March/011993.html _______________________________________________ get_iplayer mailing list get_iplayer@lists.infradead.org http://lists.infradead.org/mailman/listinfo/get_iplayer