[SOLVED] Third Party Updates for Iceweasel

Ztcoracat · 09-10-2012, 04:06 PM

Hi:

Upon looking at these 3rd party updates:
-xulrunner- 15.0 and xul + xpcom an application runner;I went to the Debian website to check on these packages.
http://packages.debian.org/search?ke...le&section=all

The site indicates that these packages are 1.9.1.16-17 but my Update manager indicates that it's a third party and the numbers at the end of the packages (15.0) are not the same as the Debian website.

Is it ok to install these 2 packages?

And, I don't understand how to delete packages that I don't want that are in the Update Mgr-
I'm assuming this command; Can I just use:

Code:

apt-get purge <name of pkg> ?

Thanks in advance

widget · 09-10-2012, 06:12 PM

I would not reccomend using 3rd party packages in Squeeze. Squeeze is ment to be stable. In Debian terms it is no longer stable if you add things like that.

I would also not be using Update Mangler for installing this. I wouldn't use it for updates but that is just me. It is your box.

If you used Synaptic package manager you could "remove" or "completely remove" any package.

The command you have in your post will do the same thing as "completely remove" and do it a bit faster and more reliably simply because you are cutting out one layer of applications to do the job.

All that said. Iceweasel is maintained by Debian. If you are getting the package from the official Iceweasel site then it is probably pretty safe.

Checking the package available through Debian in the experimental repo I find version 15.0-1.
http://packages.debian.org/experimental/iceweasel

If you look at that page you will see the depends for that package also. Note that it is very much discouraged, for good reason, not to use packages from even testing (Wheezy) or Sid (Debian unstable) in Squeeze.

The experimental repo has packages that have not been migrated to the Debian unstable repos yet as they are not trusted enough yet by Debian.

Yet you want to put this in your stable release.

Think about this just a bit before doing this.

This is Linux, not some MS OS, and 3rd party packages are not needed to make things run.

If you want to use something from the experimental repo you should do a small install of Wheezy and use it there. By adding the experimental repo to your sources.list and running "apt-get update" you will make those packages available to you.

Then running;

Code:

apt-get -t experimental iceweasle

it will install the package and pull in any needed depends from the experimental repo too.

craigevil · 09-10-2012, 07:51 PM

http://packages.debian.org/search?su...ords=xulrunner

$ apt-cache policy xulrunner-15.0
xulrunner-15.0:
Installed: 15.0-1
Candidate: 15.0-1
Version table:
*** 15.0-1 0
1 http://mirrors.kernel.org/debian/ experimental/main i386 Packages
100 /var/lib/dpkg/status

if by third party you mean the mozilla.debian.net repo, it is maintained by a Debian dev and is considered a more or less an "official" repo.

while backports has 10.0.6esr-1~bpo60+1, and yes backports is on "official" Debian repo. if it wasn't packages wouldn't be listed on packages.debian.org

Ztcoracat · 09-10-2012, 11:17 PM

From this day forward I now know that these 3rd party packages that keep showing up in my Update Manager are:
not exceptable for my distribution at all and shouldn't be trusted.
I was suspicious about these packages before I made the post but needed wise counsel; Thank You for the clarification.

My wondering is that;
Why do these 3rd party; experimental, unstable and buggy packages keep finding entry into my Update Manager?

I had Iceweasel 3.0 for 3 weeks but I now have Iceweasel 10.0 and obtained it thru the backports of the Debian repo's and that is working well. I was not aware of " mozilla.debian.net" repository- Thanks for the truth it set me straight.

widget · 09-10-2012, 11:31 PM

Are you sure it is UM that you are looking at?

No 3rd party packages should be in there unless you put the repo they are from in your /etc/apt/sources.list.

If you know this is UM then you should post the entire contents of your sources.list here.

Easest would be to copy paste the results of this command in terminal;

Code:

cat /etc/apt/sources.list

That is the source for all packages listed in any package management tool on your box.

The Debian repos are maintained by Debian. The packages are not accepted by your install if the hash sum does not match.

If you get a message that a package is not from a trusted source but it is a Debian repo it is because you do not have the correct public key. Or the repo you have is bogus.

That last is highly unlikely unless you altered the sources.list.

craigevil · 09-10-2012, 11:39 PM

The only way anything shows up is you put it there.

Other than Google Chrome, other Google apps, and Opera , all of which add repos to your sources.list when you install them nothing else changes your sources.list.

The only way your sources.list gets changed is when you change it.

Post your /etc/apt/sources.list so we can take a look at it.

Ztcoracat · 09-10-2012, 11:43 PM

deb cdrom:[Debian GNU/Linux 6.0.5 _Squeeze_ - Official amd64 DVD Binary-1 20120512-14:34]/ squeeze contrib main

deb cdrom:[Debian GNU/Linux 6.0.5 _Squeeze_ - Official amd64 DVD Binary-1 20120512-14:34]/ squeeze contrib main

deb http://security.debian.org/ squeeze/updates main contrib
deb http://http.us.debian.org/debian/ squeeze contrib main
deb-src http://http.us.debian.org/debian/ squeeze contrib main
deb-src http://security.debian.org/ squeeze/updates main contrib
deb http://ftp.us.debian.org/debian/ squeeze main contrib non-free
deb-src http://ftp.us.debian.org/debian/ squeeze main contrib non-free
deb http://security.debian.org/ squeeze/updates main contrib non-free
deb http://securuty.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free
deb http://www.deb-multimedia.org squeeze main non-free
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http:ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http://backports.debian.org/debian-backports squeeze-backports main
deb http://mozilla.debian.net/ squeeze-backports iceweasel-release
ztcoracat

Ztcoracat · 09-10-2012, 11:53 PM

You said:" the only way anything shows up is you put it there"

Roger that; however I did not (upon performing and apt-get update) edit or add to my sources list.
Can a 3rd party pkg and the repo it is linked to gain access to my sources list when I perform an update via the terminal?

"If you get a message that a package is not from a trusted source but it is a Debian repo it is because you do not have the correct public key."

I have not gotten a message that a pkg is not from a trusted source but I was able to find that these (mentioned pkg's above) are experimental and unstable when I read at the Debian site.
If I do not have the correct public key I at this point am uneducated on how to be certain that I don't-

widget · 09-11-2012, 02:44 AM

I would like to know what messages you do get.

There should be at least one complaining about duplicate entries and listing them.

Your sources.list is a mess.

Do you stick in your install disk every time you do an update/upgrade cycle? This may be a good idea if you have no internet conection but to have 2 entries for the same disk is not right.

Sorted by repo and http or ftp here is your sources.list;

Code:

deb http://http.us.debian.org/debian/ squeeze contrib main
deb-src http://http.us.debian.org/debian/ squeeze contrib main

deb http://ftp.us.debian.org/debian/ squeeze main contrib non-free
deb-src http://ftp.us.debian.org/debian/ squeeze main contrib non-free

deb http://security.debian.org/ squeeze/updates main contrib
deb-src http://security.debian.org/ squeeze/updates main contrib
deb http://security.debian.org/ squeeze/updates main contrib non-free
deb http://securuty.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

deb http://backports.debian.org/debian-backports squeeze-backports main

deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main
deb http:ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main

deb http://mozilla.debian.net/ squeeze-backports iceweasel-release

deb http://www.deb-multimedia.org squeeze main non-free

Here is a parred down version that will do the same thing and not take so long to run the update part of the cycle:

Code:

deb http://ftp.us.debian.org/debian/ squeeze main contrib non-free
## deb-src http://ftp.us.debian.org/debian/ squeeze main contrib non-free

deb http://securuty.debian.org/ squeeze/updates main contrib non-free
## deb-src http://security.debian.org/ squeeze/updates main contrib non-free

deb http://backports.debian.org/debian-backports squeeze-backports main

deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main

deb http://www.deb-multimedia.org squeeze main non-free

deb http://mozilla.debian.net/ squeeze-backports iceweasel-release

Note that I commented out the "src" repos you have in there. This gets you the source code for packages. You do not need that all the time. If you want or need it simply remove the ## and run "apt-get update" or "reload" synaptic.

Unless you have a very unique or really screwed up install there is no way that sources.list got in that kind of shape without help from you.

I am not trying to be harsh here at all. I know this for a fact because I have done things like this in the past myself. You really need to pay attention to what you are doing.

I just had a problem with the file that serves the same purpose in Mageia as sources.list does in Debian. The package list would update but the packages would not upgrade nor could I install anything.

Careful reading of that rather huge file (278 lines) showed that right at the beginning of the file it was still calling for the install disk.

Removing that cured the problem.

I new there was a problem because I was using the terminal to try and update/upgrade and install. Thus I got error messages.

Use your terminal and don't ignore the errors.

Rename your sources.list to something like sources.list.def and then use the one I edited as sources.list.

Should work better.

If you continue to get 3rd party packages post a thread on that subject and include the sources.list in your post along with the name of the package and what "3rd party" it came from.

For your entertainment here is my sources.list for this install which is a Sid install. It is 23 lines total. Only 3 are uncommented and therefore it is 20 lines longer than it needs to be.

One that is uncommented is for the experimental repo and is not necessary at all so it is more than 20 lines too long.

Code:

# Mini - an experiment in installation

deb http://ftp.us.debian.org/debian/ sid main contrib non-free
## deb-src http://ftp.us.debian.org/debian/ sid main contrib non-free

deb http://ftp.us.debian.org/debian/ experimental main contrib non-free

## debian multimedia
deb http://www.deb-multimedia.org sid main non-free
## deb-src http://www.deb-multimedia.org sid main non-free


### Public Key

### apt-get install debian-keyring debian-archive-keyring
### apt-key update

### Or

### If you get errors about missing keys, run these commands (replace KEY with key number)

### gpg --keyserver subkeys.pgp.net --recv KEY
### gpg --export --armor KEY | apt-key add -

There is no dedicated security repo for Sid. Package maintainers are responcible for security upgrades.

Randicus Draco Albus · 09-11-2012, 02:44 AM

Oops.I was going to mention the multiple duplicate entries, but widget posted before I did.

Ztcoracat · 09-11-2012, 03:34 AM

Widget:
Yes I have used the install disc when prompted. Didn't know that i should not have.

Sorry for more questions but I'm having trouble understanding and probably so because my sources list is a mess for one and for two now I can not execute apt-get update because of this GPG error in regard to this:

Code:

The following signature could not be verified because the public key is not availabe No_PUBKEY 07DC536D1F41B907

If I understand you I need to use the sources list that you made and copy and paste it in the terminal using nano.

It's ok to be a little harsh and I say that because I have Post Tramatic Stress disorder and when I get upset like I am now with the mess I've created; confusion sets in along with nervousness.
Now I'm trying to focus and think what is the first thing I need to do now?

Obviously, take care of my sources list first. I'll do that first before I can even attempt to follow the rest of your instructions. When my list is correct(and I'm not sure how to make the new one you told me to"sources.list.def) I'll post it. Before I attempt that:

Would I use nano and type into the terminal to create the new list?

Code:

nano /etc/apt/sources.list.def

Or delete all of the text in the current sources list that I do have and replace it with what you typed??

Ztcoracat · 09-11-2012, 03:40 AM

This is what I tried in the terminal and if I am wrong kindly; correct me-

Code:

ztcoracat:~$ gpg --keyserver subkeys.pgp.net --recv 85A3D26506C4AE2A
gpg: requesting key 06C4AE2A from hkp server subkeys.pgp.net
gpg: key 06C4AE2A: "Debian Mozilla team APT archive <pkg-mozilla-maintainers@lists.alioth.debian.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
ztcoracat@mock:~$ gpg --export --armor 85A3D26506C4AE2A tmp.key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQINBEznsdMBEACfcYngEYj3ybsPxPuuzujmYs1oWFLSm9lm1dAHw0bBMhBxgBwf
HaSxh/Z43oX0+i0Qz37gU/rY+zW5nMMvBtF+0L0ZmX43SqxxX7vK4mPxN5h6KvUC
FrLeQo5OS+qB/wEj/7s5Sj0Q3g6/A5AUpkufrxUyhArKaHOuj96wlp3wH9Bupy0H
TrWvEQ8K4x4UXQozBvj0BKcr5okly0dSTggnKuwJ18kZuCCKvHohQNmaWn1jtuA2
kosHm5PKNnTKcQCePaW6dnmE/L7aq3QkBGfH6PhvcYAbuDxUKeGc/6VFFOTbULhr
AQ2aXkbkiamuExtDW0XDN4GugxPkhmhAZgo5TXQj9S1NR1IYFKbFsdK3XtqFfc9x
CVJx8T/Urj+qQ4VkQKPzlAtVGC3EqD77afyjLfAHPVcnzhZqcwwiKUmZBI+jgZC/
497HiadH219OqIJo5R6zB5WMwdakHQO9NEi1bbVcYBt0vdAjYVLBF6bQ9mRFuqsC
4CzLPHqwhgrXk5bqY6DAWrEWQ1ncfmM9aosDrxFDhr1Vynt2f+UAkcjF+QPZGGJu
edeO2ZYamOL83b7RDjUxNGqxQLbzgTER/CqJp4FcdAwRQZ4kkjOZ++oCKazEVNwh
bgl5et0jGxiLYvqZYkVjyGCeNbZalR/nh7QiGfWQ0HKh8+rCJPnMQxUnXQARAQAB
tFFEZWJpYW4gTW96aWxsYSB0ZWFtIEFQVCBhcmNoaXZlIDxwa2ctbW96aWxsYS1t
YWludGFpbmVyc0BsaXN0cy5hbGlvdGguZGViaWFuLm9yZz6IRQQQEQgABgUCTOey
+wAKCRDeS9osVP0qWGc+AJ9tuSy5Haz6PYJkXZbaRX3CsOl6WgCYzXHdullu24QI
3oC8p7MXbcol8okCHAQQAQgABgUCTOey3AAKCRDkKqBPpqqMcrCbD/0Y3mYRQK88
4qR+F0WIIrDPYyYcfax7oGrW2M+CVbAkNh+18UTncvXLCppKMj3ltKotOlO99XVC
a4vOTo3+Ok6r6BpZ06d1g1f7QHcMGyqQCTeBHVj80mDCLkuSwAhI8qWIrN1cXi4W
f7EAeYGFPbKa+j866ckpDMAxJTBVZDvwAvjLTnyeok2HY0roN94b5vX+dCZkVcKI
5VPVKTaZXJ1qPBbHXTXGEbeGpOnZgTOu/E5XRhuQPqq1movyIj5HBKwAsAsjcL/Z
BESOUWQeE3yGefzvbD0QOqmj9dJMiGakeGN8s8EhoFO8jUkpOqwQAfdQOMBwBPVb
jChaIeLyfFJzIKcV4k5xxQdRMUnQHPzVV4WOL2mstJxNF4jYxZz2W6ZIiPRo5l6+
7FuvaOZjQxz2oimpxJTFsx43lRhR8+rmdutirxAuBqm78ZM8bXxcXjmNqJ7x5sIA
xsh9kyFvTBq6dNbH7l8bFTe/LJgnc5Rb/1Wi+7nJPu9Yzdm0Vrapm0v5c7jZ1KMH
r94thQzz2ZAvuzh0J9IuVuNKo60wtpDPlAPw+JzE6bJqsbkrCYqJWbI9zagsAXEA
rPBsLp+xPTAYzllJhDwB0pjOvRssJe02o01w69HScEyYJLnlJcLt9IfKRGymgU7p
gKr44YPuPIVhJZfEO1q60Y4lq/q+yxcVuokCPQQTAQgAJwIbAwULCQgHAwUVCgkI
CwUWAgMBAAIeAQIXgAUCTsI9OAUJA7u+4gAKCRCFo9JlBsSuKpvQD/92BZt8KZ6Y
huu6AUjAmkYiDEPx8YWLaQJPERzGhtWo4eoTCj3+9GgwpvTYzRHnVAzVitqxgNlh
mrKRdqmZJMbGG8iWhCbKge+if/JnAy2yoj6FNDjwY5gVcHqcM2RuNCYxDi0x2fmE
U+8hr1mZIBYJHZPbIo9V0KkurQotzVTf22Pt1PJwcyPdVUeczW/+F/TspXlQvxmD
91v9ly1MJYKCcyigoSHf+fV79RQh35bCKVSW7QTgiveA5g3Y561v4CSME2PHu+wc
v8Pag/ZvKIptMWzw7J9hXBEUazknFdrIkClaZPskhZswQh0AFF8WW952/8BpjXSN
FtzcUMAd/C8O+ldOJ8xEPuf78DOPbysl5PwMmWrUmCylkvHmUs6v9Xr8xBu5PCMg
sgrGqhz65HBlZUB4OpvowCa5y3h6rx9GJAE1IzNXaUslaPxedPiE9PnFPuVeBgGm
xZlCengp/ciMputDR4toNdHdEAxz4gYtpNUphB1fL61mpwliRHCcljvmYrav8+bP
7D4JwccaS29x5PTX3yuKPnq+CW5w6W+ihNEh4v4nceEVZNWKYZjctzvo3Lu4H1kG
A6FEoV+1Fo0nOUqbOjrrX9Fcjw9Xa4x0sFEGzI/LbBNVPAEeIzTV88UlrolQT+Pl
wg72YCtzV9j96Vn3D9NGvvhn5M+Z4Bhmj4kCPQQTAQgAJwUCTOex0wIbAwUJAeEz
gAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCFo9JlBsSuKqLsEACDk2seO4IR
g0nOANHz/qlBvF57RRYuHKvrIjlGZp/SKTmEaDevwtYtG9RNMi+OxlzPmxxmH3He
gDSKpBna24mfsBFZcmI1qGEz9xqo+gP25IRcK0DalZT357WgthBTYBGYVpjRn5Oq
z3uH/vA7k9vtFhPXzU5rn02Z2w+JnwjQDibTCBDshKSWdTG8ZQ8Kb72J3GU7f8rL
DX6J9hamMkn0Iy3VD6pFSdkHAHJZAMmE8wfqKsIMXQty2IFmp67fTldP8WpGucG4
owRiybbudnmr2Gyx/yvj8WDmshxRAj6s4BLomeBFtsrnNNarHRXXURy0XwB7qOM0
ARksgmqKDF99zGsnal4CxeqLRfwi8bb1RwwGNJiYelV8B99jt5LfJZxaMeP4LqPy
STn2QPAsyL48tLauSb+Owqxt+JoZ9qfKO69t0mCskp6KEe8jcD7iA5iZKZJW8qzm
f9dS21JjYmZqq2oGDnNo7/rmLQAJe7q0wUjf5Pol7+tYne9I/SAevmB9qBik+tLW
KRKeypOdvjV91sliCx2rm+YfTIfsyzqaAvWh4xA1YNjC39m7JIfcmCcy5achiihK
nRqBd/hokNDPAyV/+fCyO/7PxSbvdCMVM8I+hTkIjk4NmHw0uKMxYkKoBM9XSzpC
5dEKsTdQ0vU/+HHrC19wtWAFLln9juSSKw==
=JOhH
-----END PGP PUBLIC KEY BLOCK-----
ztcoracatk:~$ su
Password: 
root@:/home/ztcoracat# apt-key add tmp.key
gpg: can't open `tmp.key': No such file or directory

Not sure if I executed this correctly and it is a little hard to understand but I am trying to help you to help me.

Ztcoracat · 09-11-2012, 09:16 PM

Widget:

I fixed my sources list.

Code:

#deb cdrom:[Debian GNU/Linux 6.0.5 _Squeeze_ - Official amd64 DVD Binary-1 20120512-14:34]/ squeeze contrib main


deb http://http.us.debian.org/debian/ squeeze contrib main
#deb-src http://http.us.debian.org/debian/ squeeze contrib main

deb http://ftp.us.debian.org/debian/ squeeze main contrib non-free
#deb-src http://ftp.us.debian.org/debian/ squeeze main contrib non-free

deb http://security.debian.org/ squeeze/updates main contrib non-free
#deb-src http://security.debian.org/ squeeze/updates main contrib non-free

deb http://www.deb-multimedia.org squeeze main non-free

deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates contrib non-free main

deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free

deb http://mozilla.debian.net/ squeeze-backports iceweasel-release

Looks a lot better than the mess I had.
BTW, I used Synaptic to install 'gui-apt-key' because it was not installed.It is now in Applications> System Tools> Apt Key Manager

Ztcoracat · 09-11-2012, 09:54 PM

And even tho I fixed my sources list I'm still getting errors-
I don't understand this GPG error Signature could not be verified because the public key is not available NO_ Pubkey 07DC536D1F41B907.
Furthermore it's confusing on how to fix it please advise me I'm really struggeling-

widget · 09-11-2012, 09:55 PM

Quote:

Originally Posted by Randicus Draco Albus

Oops.I was going to mention the multiple duplicate entries, but widget posted before I did.

Yes you can use a text editor to do this. Have never used nano in a gui environment but it will probably work. Have never copy/pasted to it. As long as you can do that it will be fine. I would use gedit.

Open your terminal.

Code:

su

Give password. This should give you a root prompt (#).
Then;

Code:

nano /etc/apt/sources.list

Save the file as sources.list.def

Then blank out the whole thing and copy/paste the one I posted into it.
Save this as sources.list

As for your public key. I have no idea what the source of the command you used is or what it is for.

If you had looked at my sources.list you would have found the commands for getting a key. What you did seems to have blocked the key from being used.

I can't continue tonight at all. Worked 11.5 hours today, after about 3 hours of sleep, and then had the normal stuff to do here (including the disposal of a skunk caught in a live trap). Whipped. Sleep will help.

Also more stupid than normal. Sleep will help

Need to be at work again at 6 in the morning. May be a short day. May be long. Will be back on tomorrow evening, maybe afternoon.