1

The apt-key has been depreciated. E.g. here they describe how to migrate to gpg keys. Great but it works for a month or so until the sources.list file gets overwritten. Why or how it gets overwritten, I have no idea, just that at some point it gets overwritten and I have to do the process again. Typical examples of external repositories that do that: geogebra or google earth. In both cases, the line deb [signed-by=/usr/share/keyrings/geogebra.gpg] http://www.geogebra.net/linux/ stable main gets overwritten to: deb http://www.geogebra.net/linux/ stable main.

Anyone else has this experience and a solution to this quite annoying "new feature"?

Improve this question
6
  • Do you have the file /etc/default/geogebra? If so can you give its content? Commented Sep 18, 2023 at 17:47
  • Btw, such "feature" isn't from Debian, it would be from the package. And anyway I'm quite sure apt-key was done at the same time, so you'd have to also remove the key added (apt-key del ...) Commented Sep 18, 2023 at 17:51
  • That's definitely not a debian feature. Sounds like some software you've installed is messing with things. and seeing it affects your geogebra repository only, tht would be my primary suspect. But then the question becomes why geogebra even has privileges to do that, being a didactic math tool, and not a system administration tool. Commented Sep 18, 2023 at 18:03
  • @Marcus it’s typically done by package maintainer scripts during upgrade, or by a cron job. Commented Sep 18, 2023 at 18:33
  • And that's what is doing geogebra: a crontab entry + postinst, but it should not be doing this by default. I suspect it did by default it in the past, but shouldn't do it anymore by default (old settings doing it are probably still around for OP). Commented Sep 18, 2023 at 18:34

1 Answer 1

Reset to default
0

The package did it

... not Debian.

According to the content of the package geogebra (retrievable from this place: http://www.geogebra.net/linux/pool/main/g/geogebra/) and its metadata, which can all be extracted for example in /tmp/geogebra and examined with:

dpkg-deb --raw-extract geogebra_4.2.60.0-30762_all.deb /tmp/geogebra cd /tmp/geogebra

DEBIAN/postinst file:

[...] DEFAULTS_FILE=/etc/default/geogebra ## MAIN ## if [ ! -e "$DEFAULTS_FILE" ]; then echo 'repo_add_once="true"' > "$DEFAULTS_FILE" echo 'repo_reenable_on_distupgrade="true"' >> "$DEFAULTS_FILE" fi # Run the cron job immediately to perform repository configuration. nohup sh /etc/cron.daily/geogebra > /dev/null 2>&1 &

This writes the initial /etc/default/geogebra as:

repo_add_once="true" repo_reenable_on_distupgrade="true"

etc/cron.daily/geogebra (which is run once a day):

#!/bin/sh [...] # System-wide package configuration. DEFAULTS_FILE="/etc/default/geogebra" # sources.list setting for GeoGebra updates. REPOCONFIG="deb http://www.geogebra.net/linux/ stable main" [...] update_bad_sources() { [...] # Don't do anything if the file isn't there, since that probably means the # user disabled it. if [ ! -r "$SOURCELIST" ]; then return 0 fi [...] # Detect if the repo config was disabled by distro upgrade and enable if # necessary. handle_distro_upgrade() { [...] SOURCELIST="$APT_SOURCESDIR/geogebra.list" if [ -r "$SOURCELIST" ]; then [...] fi ## MAIN ## DEFAULTS_FILE="/etc/default/geogebra" if [ -r "$DEFAULTS_FILE" ]; then . "$DEFAULTS_FILE" fi if [ "$repo_add_once" = "true" ]; then install_key create_sources_lists RES=$? # Sources creation succeeded, so stop trying. if [ $RES -ne 2 ]; then sed -i -e 's/[[:space:]]*repo_add_once=.*/repo_add_once="false"/' "$DEFAULTS_FILE" fi else update_bad_sources fi if [ "$repo_reenable_on_distupgrade" = "true" ]; then handle_distro_upgrade fi

which will have changed /etc/default/geogebra after first run into:

repo_add_once="false" repo_reenable_on_distupgrade="true"

This will thus each day or on each upgrade proceed to run functions update_bad_sources() and handle_distro_upgrade()

which are two places where the package attempts to re-enable its own repository in its own way.

Prevent the package geogebra to (re)add its own repository

According to the content, it's possible to avoid this by not having at all the file /etc/apt/sources.d/geogebra. But there's no guarantee how this will work in the future.

So currently renaming /etc/apt/sources.d/geogebra into /etc/apt/sources.d/local-geogebra should prevent the package to manage its own repository source (except at initial installation).

Optionally one could also in addition create an empty file and make it immutable so the package's content won't be able to change it even if its future behavior changes. As the upgrade script doesn't check such upgrade's return code (nohup ... &) it won't even fail during an upgrade.

So:

mv /etc/apt/sources.d/geogebra /etc/apt/sources.d/local-geogebra

and also optionally:

touch /etc/apt/sources.d/geogebra chattr +i /etc/apt/sources.d/geogebra

One other way is to prevent the crontab file to be executed by renaming it at the package level into a name that will be ignored by cron's Debian-specific ignore list (and not found by postinst):

For example, any file containing dots will be ignored. This is done to prevent cron from running any of the files that are left by the Debian package management system when handling files in /etc/cron.d/ as configuration files (i.e. files ending in .dpkg-dist, .dpkg-orig, .dpkg-old, and .dpkg-new).

So instead or in addition of above:

dpkg-divert --local --rename --divert /etc/cron.daily/geogebra.disabled --add /etc/cron.daily/geogebra

should prevent, both before or after the package is installed for the first time, to have /etc/cron.daily/geogebra executed and the package to attempt to manage its own repository.

The key added with apt-key doesn't appear to be automatically re-added after initial setup. If still present, which can be checked with:

# apt-key list [email protected] Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). pub rsa2048 2013-03-22 [SC] 9827 2894 F647 8AA4 434B 41D3 C072 A329 83A7 36CF uid [ unknown] International GeoGebra Institute <[email protected]>

it can be deleted like this:

# apt-key del [email protected] Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). OK
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.