Mostly doing updates by cli, so using
Code: Select all
sudo apt update && sudo apt dist-upgrade -yCode: Select all
sudo apt update && sudo checkaptgpg && sudo apt dist-upgrade -yupdate upgrade with combined gpg check good practice? > No. [Solved]
update upgrade with combined gpg check good practice? > No.
Hello
Mostly doing updates by cli, so using but sometimes, some apps required last weeks gpg key updates, e.g. teamviewer, so I want to know, would the following be a good or bad practice?
Mostly doing updates by cli, so using
Last edited by Sigi on Mon Nov 07, 2022 9:25 am, edited 1 time in total.
-
dolphin_oracle
- Developer
- Posts: 22016
- Joined: Sun Dec 16, 2007 12:17 pm
Re: update upgrade with combined gpg check good practice? [Solved]
they only thing I don't like is the -y. automatically saying yes is dangerous. all you need is a package to be messed up and your desktop vanishes or something.
http://www.youtube.com/runwiththedolphin
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.
Re: update upgrade with combined gpg check good practice?
Well, so we could say it would be a good practice for this, w/o -y Thx!
Code: Select all
sudo apt update && sudo checkaptgpg && sudo apt dist-upgrade-
dolphin_oracle
- Developer
- Posts: 22016
- Joined: Sun Dec 16, 2007 12:17 pm
Re: update upgrade with combined gpg check good practice?
should be fine. probably want to run the checkaptgpg first, before the update. the update will fail if the keys are bad.
http://www.youtube.com/runwiththedolphin
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.
Re: update upgrade with combined gpg check good practice?
Thank you, so this is a good practice for full (dist) upgrade with automatic gpg key update before:
Code: Select all
sudo checkaptgpg && sudo apt update && sudo apt dist-upgrade
Re: update upgrade with combined gpg check good practice?
It won't hurd to run checkaptgpg, but I would'n recommend to consider this as a "good practice ".Sigi wrote: ↑Mon Nov 07, 2022 7:00 am Thank you, so this is a good practice for full (dist) upgrade with automatic gpg key update before:
Code: Select all
sudo checkaptgpg && sudo apt update && sudo apt dist-upgrade
The tool "MX Fix GPG keys" ("Check and install missing apt GPG keys") is rather a emergency tool
to fix something which normally shouldn't happen and wich is normally not as easy to fix if it happens.
In most cases expired archive-signing keys or replaced/renewed signing keys would cause apt to reject Release files from apt packages sources. In case this happens to you often something else is out of order. Or you are using or changing apt repos in an unusual way.
Also note: 3rd party apps/packages tend to move the archive-signing key to the new, Debian recommended location at /usr/share/keyrings, which would currently not be handled by checkaptgpg keys - at least not with the version we have now.
So my recommendation: Don't run it always "as a good practice", but rather fix the issue on it's root cause.
And try to use "MX Fix GPG keys" only as a last resort to try to fix expired or renewed keys.
Probably also good practice:
Report the archive-key issue here in the forum, so someone can try to find the cause and fix the issue potentially for others as well.
Thanks
Re: update upgrade with combined gpg check good practice?
** double post deleted **
Re: update upgrade with combined gpg check good practice?
Thank you for explanations, I realize now, it is not a good practice always execute checkapkey together with upgrades, but useful to solve issues if happens.
Conslusion: Just keep good old upgrade as known:
Report (gpg key) issues to forum, so someone cloud solve it and help others.
Conslusion: Just keep good old upgrade as known:
Code: Select all
sudo apt update && sudo apt dist-upgrade