Firstly, thanks to all of those who have participated in this thread. I have some follow up comments and responses. This is a long reply, so the executive summary is that I managed to solve the issues on all my Stretch systems. There is a main issue and some kindred issues that manifest under different circumstances. The main issue is that the /etc/apt/trusted.gpg file seems to be problematic and once *removed* (rather than just made readable) the problems are resolved.
One quasi-significant secondary issue is that the installation DVD doesn't seem to be accepted as a valid source, but no big deal I guess. Now for the full details. I have managed to solve, I think, the problem on 2 physical laptops and 2 virtual machines. I think I was getting side tracked by multiple different apt-get errors and different output on different machines. On one (Dell) laptop I had to: 1. Delete /etc/apt/trusted.gpg 2. Purge /var/lib/apt/lists [I was seeing symlinking errors with that path in the apt-get output] 3. Change sources.list to the default described here: https://wiki.debian.org/SourcesList (On that laptop I am using contrib and non-free for Ethernet and Wifi). On the VM where I ran into this issue initially, and where I was going well out of my comfort zone trying to "fix" stuff, I had to: 1. Delete /etc/apt/trusted.gpg 2. Restore /etc/apr/trusted.gpd.d [which I had blown away somehow during previous attempts at solving the issue] [apt-key list was returning an empty list which I realized was due to my heavy handedness there] 3. Change sources.list to the default described here: https://wiki.debian.org/SourcesList (On that VM I am NOT using contrib and non-free). [EDIT: Now I realize that the problems with my local mirror might only be present when contrib and non-free are included]. On a different (Compaq) laptop (where I have LVM/encryption) I had never ran Synaptic and so didn't need to do anything other than remove the install DVD from /etc/apt/sources.list, and it seems that I also edited sources.list to that described here: https://wiki.debian.org/SourcesList (On that laptop I am using contrib and non-free for Wifi only). On the second VM, where I had also never run Synaptic, 'sudo apt-get update' results in the following issues off the bat. W: The repository 'cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official amd64 DVD Binary-1 20170617-13:08] stretch Release' does not have a Release file. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch cdrom://[Debian GNU/Linux 9.0.0 _Stretch_ - Official amd64 DVD Binary-1 20170617-13:08]/dists/stretch/main/binary-amd64/Packages Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update cannot be used to add new CD-ROMs E: Some index files failed to download. They have been ignored, or old ones used instead. If I edit /etc/apt/sources.list to comment the second line for the DVD (one duplicate commented line exists already) then 'sudo apt-get update' runs without error, even when using the original local mirror repositories. [EDIT: I think the local mirror works because I am not using contrib and non-free on the VMs]. debianuser@masterdebian964:~$ sudo apt-get update Ign:1 http://ftp.iinet.net.au/debian/debian stretch InRelease Hit:2 http://ftp.iinet.net.au/debian/debian stretch-updates InRelease Hit:3 http://ftp.iinet.net.au/debian/debian stretch Release Hit:5 http://security.debian.org/debian-security stretch/updates InRelease Reading package lists... Done I'm not sure what the issue with the DVD is. I don't recall such an issue in Jessie, but it's not a deal breaker. Now if on this second VM I run Synaptic (or software-properties-gtk) and edit the repository sources, running 'sudo apt-get update' results in: Hit:1 http://security.debian.org/debian-security stretch/updates InRelease Ign:2 http://ftp.iinet.net.au/debian/debian stretch InRelease Hit:3 http://ftp.iinet.net.au/debian/debian stretch-updates InRelease Hit:4 http://ftp.iinet.net.au/debian/debian stretch Release Reading package lists... Done W: http://security.debian.org/debian-security/dists/stretch/updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://ftp.iinet.net.au/debian/debian/dists/stretch-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://ftp.iinet.net.au/debian/debian/dists/stretch/Release.gpg: The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is not readable by user '_apt' executing apt-key. If I delete /etc/apt/trusted.gpg the issue is resolved and furthermore, if I re-edit my sources list using software-properties-gtk *again* the /etc/apt/trusted.gpg file is no longer re-created. It only seems to get created the first time through. I'm not sure why this VM has no issues with public keys (like at least two of the other machines had); could be that on those machines I tried first editing the permissions on /etc/apt/trusted.gpg as opposed to just deleting it. This is consistent with Jason Wittlin-Cohen's post where he says the presence of the file stops the trusted.gpg.d directory from being interrogated. FYI, for all of these 4 systems I used the same installation media: debian-9.0.0-amd64-DVD-1.iso So for me the problem appears to be the *presence* of /etc/apt/trusted.gpg which has been echoed by others. The other symptoms that I have run into seem to be due to making /etc/apt/trusted.gpg read-only (rather than just nuking it) and potentially other messing around I have done with respect to trying to import keys. There also seems to be a minor issue with my local mirror and contrib and non-free sources, plus the DVD as a source issue. So now on to some direct answers to close the loop on a few things. Michael Lange wrote: >> 4. sudo apt-get update >> [generated errors] >> Err:16 http://ftp.iinet.net.au/debian/debian >> stretch/updates/non-free Sources 404 Not Found > ^^^^ >Shouldn't this be stretch-updates? >Not sure how this is related to the problem you described in the first place, though. Possibly a typo on my part; for that final e-mail I typed the errors by hand. I can see how that might screw people up so wont do it in future. That said, I see that the security repositories use the following substring '/ stretch/updates' and I think that's where it's coming from. There seems to be an issue when I use my local mirror for that particular repository (when contrib and non-free are included), but no issue when I use the main one. I may dig around and try to find a better repository for my use. Fungi4All wrote: > And this for the OP: > 1 But if there is such a basic problem with installation what is > so different that the rest of the new stretch installers did not > face? > That's a good question. I'm not 100% sure what the problem with the installer is in your minds? Do you mean whatever causes the problem that occurs when /etc/apt/trusted.gpg is *present*? > 2 What filesystem did you use while partitioning? > Being a novice I didn't make any changes from the defaults (did the guided partitioning with everything in one** partition), except on one laptop, where I used LVM/encryption, but with no partitioning differences other than those created by using LVM. **I note that even though the installer says "one" partition, it still seems to create a separate swap partition (I read, I think that on some distros the swap partition is now optional; it can be a file instead). So the file system is (for 3/4 of the systems): /dev/sda1 bootable Ext4 341GB /dev/sda2 extended 2.1GB /dev/sda5 swap 2.1GB > 3 Is there any kind of raid? No raid on any of the systems. > 4 Is autoupdate/unattended-update enabled? And is there a log of it? Only if it was enabled by default. "System Upgrade" in Synaptic is set to "Smart Upgrade" if that's what you are talking about. I don't know what this is and after yesterday haven't got enough time to research what this is and where/how to find logs for now. Let me know if a proper answer to this question is important, and I will dig into it further. Kind Regards, Wayne.
