[X2Go-Commits] [[X2Go Wiki]] page changed: wiki:repositories:archives:debian

wiki-admin at x2go.org wiki-admin at x2go.org
Thu Sep 12 19:32:44 CEST 2019 

A page in your DokuWiki was added or changed. Here are the details:

Date        : 2019/09/12 17:32
Browser     : Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0
IP-Address  : 178.162.222.163
Hostname    : 178.162.222.163.adsl.inet-telecom.org
Old Revision: https://wiki.x2go.org/doku.php/wiki:repositories:archives:debian?rev=1568308479
New Revision: https://wiki.x2go.org/doku.php/wiki:repositories:archives:debian
Edit Summary: Sync with repositories:debian.
User        : ionic

@@ -3,11 +3,11 @@
  Alongside with the instructions on [[wiki:repositories:debian|the main Debian repository page]], we provide a repository archive for archived X2Go Debian packages for deprecated Debian GNU/Linux releases. These are provided in the state they were in after their last successful build. This repository is not updated at all, other than when a new Debian GNU/Linux release version is deprecated.
  
  ===== Adding this Repository to Your Package System =====
  
- ==== Adding
the Repository GPG Keys ====
+ ==== Bootstrapping the Repository GPG Keys ====
  
- Make sure to either install the ''x2go-keyring'' file or add the GPG key as described on [[wiki:repositories:debian#adding_the_repository_gpg_keys|the main Debian repository page]].
+ Make sure to either have installed the ''x2go-keyring'' package previously or add the GPG key as described on [[wiki:repositories:debian#bootstrapping_the_repository_gpg_keys|the main Debian repository page]].
  
  ==== Adding the Actual Repository ====
  
  === Changing Existing Entries ===
@@ -19,8 +19,10 @@
  If this is a new installation on a fresh machine, follow these steps. Note, that these packages are completely unmaintained and bug reports will not be accepted. This also holds for security-related issues.
  
  Please add the file ''x2go-archive.list'' to the folder ''/etc/apt/sources.list.d/''.
  This can be done by using your preferred editor.
+ 
+ <note>If you have not gotten a directory named
''/etc/apt/sources.list.d/'' add the lines to ''/etc/apt/sources.list''.</note>
  
  <code bash>
  $ editor /etc/apt/sources.list.d/x2go-archive.list
  </code>
@@ -43,18 +45,30 @@
  # Archived X2Go Packages Repository (sources of nightly builds)
  #deb-src http://archives.packages.x2go.org/debian squeeze extras heuler
  </file>
  
- **Edit this new data** and make sure to uncomment desired components and comment non-desired components. Only one group may be active at a given time. Switching between components requires uninstalling all X2Go packages first!
+ **Edit this new data** and make sure to uncomment desired components and comment non-desired components. Only one group may be active at a given time.
  
- **Note:** If you have not gotten a directory named ''/etc/apt/sources.list.d/'' add the lines to ''/etc/apt/sources.list''.
+ <note warning>While we do offer pseudo-codenames like ''oldstable'', ''stable'', ''testing'' and ''unstable'' for convenience, you **should not use
them**. Our pseudo-codename setup is not guaranteed to be in sync with Debian's releases, so using the ''stable'' codename might mean that you will actually get packages for what Debian calls ''oldstable'' after a new Debian distro release for a considerable amount of time.</note>
+ 
+ <note warning>Switching between components usually requires uninstalling all X2Go packages first! The only upgrade path that is considered somewhat safe is main (release packages) to heuler (nightly packages), but there are no guarantees regarding the stability or usefulness of nightly packages.</note>
  
  ==== Synchronize the Newly Added or Changed Repository's Metadata ====
  
  Please perform an update of your APT package database:
  
  <code bash>
  $ apt-get update
+ </code>
+ 
+ <note important>If you were unable to bootstrap the repository GPG key previously, apt-get will fail to validate the signatures and discard the downloaded repository metadata.
+ \\ \\ 
+ **Not being able to verify
signatures means that any content downloaded from the remote location could be injected/offered by a malicious third party and need not come from the X2Go Project. This includes repository metadata and any packages downloaded from unauthenticated repositories. Installing the x2go-keyring package from an unauthenticated repository bears the chance that this is not our package but a malicious third-party one which will not contain our public keys. This holds for all packages installed from this repository, now and later.**
+ \\ \\ 
+ You can bypass apt's internal checks **if you understand the implications** and are ready to take the risk by **once** using:
+ \\ \\ 
+ <code bash>
+ $ apt-get update --allow-insecure-repositories
  </code>
  
  After the update you should be able to access the archived X2Go packages via the apt command family. As a first action you should install our ''x2go-keyring'' package and refresh the apt cache:
  


-- 
This mail was generated by DokuWiki
at
https://wiki.x2go.org/

More information about the x2go-commits mailing list