[Bug 1835645] Re: apt sources should be able to understand release variables

Sun Jul 7 15:02:02 UTC 2019

The third-party repository story is clearly defined how it should work:

For providers:

For single package repositories, a single .deb should be provided that
contains the program, the key in trusted.gpg.d, and a sources.list.d
snippet.

For multi-package repositories, a .deb should be provided that contains
the sources.list.d snippet, and the key in trusted.gpg.d. This config
deb should be shipped in that archive, so the archive key can be
rotated. It could be named myrepo-config, for example.

The key shall have the same name as the sources.list.d snippet (e.g.
myrepo.gpg and myrepo.list)

For users:

Single package: User installs and is done

Multi-package: User installs config package, than uses apt update and
apt install to install the packages.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1835645

Title:
  apt sources should be able to understand release variables

Status in apt package in Ubuntu:
  Opinion
Status in apt package in Debian:
  New

Bug description:
  apt sources conventionally use a fixed release name. But this causes
  both adding repos as well as upgrading an unnecessarily painful
  experience. For instance, adding a simple package requires adding the
  keys with `apt-key` and then adding the repo, and then apt update/apt
  install. 3 different steps also complicate install scripts. Distros
  like fedora, RHEL handle this rather gracefully with `releasever`
  which makes for a consistent experience.

  Similarly, updating ubuntu on desktops every 6 months causes
  unnecessary waste of time, having to upgrade the sources with say
  "bionic" to "disco", and such in the apt sources. Currently, ubuntu
  attempts this on a superficial level by just changing swapping out the
  release names for what it can, and disabling the others. This is both
  fragile and causes an inconsistent upgrade experience.

  I think it's time that this is simplified, and potentially handled by
  apt utilising release variables and names from `/etc/os-release`.

  In case of upgrades, I personally think it's completely okay to use a
  releasever variable based external repo that doesn't exist yet (and
  might start working once upstream catches up), rather than just
  disable it. However, using ubuntu release models, releasever ideally
  has the option of utilising an option of LTS, so some external
  packages that only does this conservatively on LTS can target a repo
  source url that does just that (while this seems fragile technically,
  practically it works as most LTS repos work rather well)

  In case of Debian, the above problem is actually not as magnified due
  to slower release and consistent names like `stable`, `oldstable` and
  `testing`, which makes upgrading not as big a task, however affects
  ubuntu release models far more significantly.

  I'm marking this as a bug, since I think this is a significant UX dent
  for today's distros - so much that other most significant other
  distros don't have such a painful experience.

  ProblemType: Bug
  DistroRelease: Ubuntu 19.04
  Package: apt 1.8.1
  ProcVersionSignature: Ubuntu 5.0.0-20.21-generic 5.0.8
  Uname: Linux 5.0.0-20-generic x86_64
  ApportVersion: 2.20.10-0ubuntu27
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Sun Jul  7 13:05:04 2019
  InstallationDate: Installed on 2019-06-23 (13 days ago)
  InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
  SourcePackage: apt
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.apport.crashdb.conf: [modified]
  mtime.conffile..etc.apport.crashdb.conf: 2019-06-29T23:49:14.971566

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1835645/+subscriptions