L.P.H. van Belle
2021-Sep-30 09:39 UTC
[Samba] Debian Bullseye Samba 4.15 online now. Amd64/i386/armhf/arm64
Hai,
The Bullseye Samba 4.15 packages for amd64/i386/armhf/arm64 are online now..
The repo setup for Bullseye has changed a bit.
Conform debian policy.
wget -O- https://apt.van-belle.nl/louis-van-belle.gpg-key.asc |\
gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/louis-van-belle.gpg >
/dev/null
echo "deb [arch=$(dpkg --print-architecture)
signed-by=/etc/apt/trusted.gpg.d/louis-van-belle.gpg]
http://apt.van-belle.nl/debian/ $(lsb_release -sc)-samba415 main" \|
sudo tee -a /etc/apt/sources.list.d/van-belle.list > /dev/null
Please to read the changelogs..
https://www.samba.org/samba/history/samba-4.15.0.html
Most know my policy with the packages and version numbering.
4.15.0
.0 is a test server.
.1 is preffered an auth only server.
.2 is the first member server with shares/printing.
.3 is the first AD-DC.
But off course, you are not me and i'm not you..
TEST before you use them in production, all im saying..
Enjoy.
Greetz,
Louis
Lorenz Schori
2021-Sep-30 09:59 UTC
[Samba] Debian Bullseye Samba 4.15 online now. Amd64/i386/armhf/arm64
Hi, On Thu, 30 Sep 2021 11:39:05 +0200 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> [...] > The repo setup for Bullseye has changed a bit. > > Conform debian policy. > wget -O- https://apt.van-belle.nl/louis-van-belle.gpg-key.asc |\ > gpg --dearmor | sudo tee > /etc/apt/trusted.gpg.d/louis-van-belle.gpg > /dev/null > [...]Thanks for maintaining this repos. Please follow the Debian recommendations and do not instruct people to place third-party keys into /etc/apt/trusted.gpg.d. They should be placed in /usr/share/keyrings instead, according the Debian wiki: https://wiki.debian.org/DebianRepository/UseThirdParty The key MUST be downloaded over a secure mechanism like HTTPS to a location only writable by root, which SHOULD be /usr/share/keyrings. The key MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded by apt-key add. Dropping third party keyrings into /etc/apt/trusted.gpg.d is equally bad as using apt-key for the exact same reasons. It looks like this is a widespread mistake (I did this too in the past). The following post describes the problem accurately: https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-how-to-add.html The reason for this change is that when adding an OpenPGP key that's used to sign an APT repository to /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d, the key is unconditionally trusted by APT on all other repositories configured on the system that don't have a signed-by (see below) option, even the official Debian / Ubuntu repositories. As a result, any unofficial APT repository which has its signing key added to /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d can replace any package on the system. So this change was made for security reasons (your security). Cheers, Lorenz -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 659 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20210930/a17ab8fe/attachment.sig>
L.P.H. van Belle
2021-Sep-30 10:30 UTC
[Samba] Debian Bullseye Samba 4.15 online now. Amd64/i386/armhf/arm64
Ahh.. Thats a stupid error.. You are totaly right. Thats /usr/share/keyrings offcourse.. Bad copy/past from my older mail. I already adjusted that in : https://apt.van-belle.nl/simple-repo-setup.txt But off course the correct line is : echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/louis-van-belle.gpg] http://apt.van-belle.nl/debian/ $(lsb_release -sc)-samba415 main" \| sudo tee -a /etc/apt/sources.list.d/van-belle.list > /dev/null Thanks for reporting it. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Lorenz Schori via samba > Verzonden: donderdag 30 september 2021 11:59 > Aan: L.P.H. van Belle via samba > Onderwerp: Re: [Samba] Debian Bullseye Samba 4.15 online now. > Amd64/i386/armhf/arm64 > > Hi, > > On Thu, 30 Sep 2021 11:39:05 +0200 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > [...] > > The repo setup for Bullseye has changed a bit. > > > > Conform debian policy. > > wget -O- https://apt.van-belle.nl/louis-van-belle.gpg-key.asc |\ > > gpg --dearmor | sudo tee > > /etc/apt/trusted.gpg.d/louis-van-belle.gpg > /dev/null > > [...] > > Thanks for maintaining this repos. Please follow the Debian > recommendations and do not instruct people to place third-party keys > into /etc/apt/trusted.gpg.d. They should be placed in > /usr/share/keyrings instead, according the Debian wiki: > > https://wiki.debian.org/DebianRepository/UseThirdParty > > The key MUST be downloaded over a secure mechanism like HTTPS > to a location only writable by root, which SHOULD be > /usr/share/keyrings. The key MUST NOT be placed in > /etc/apt/trusted.gpg.d or loaded by apt-key add. > > Dropping third party keyrings into /etc/apt/trusted.gpg.d is equally > bad as using apt-key for the exact same reasons. It looks > like this is a > widespread mistake (I did this too in the past). The following post > describes the problem accurately: > > https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-ho > w-to-add.html > > The reason for this change is that when adding an OpenPGP key > that's used to sign an APT repository to /etc/apt/trusted.gpg or > /etc/apt/trusted.gpg.d, the key is unconditionally trusted by > APT on all other repositories configured on the system that > don't have a signed-by (see below) option, even the official > Debian / Ubuntu repositories. As a result, any unofficial APT > repository which has its signing key added to > /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d can replace any > package on the system. So this change was made for security > reasons (your security). > > Cheers, > Lorenz > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >