Debian 12 “bookworm” was officially released two days ago, yay!
And just like me, this morning your attempt to update the apt package cache may have been met by an odd notification similar to this one:
E: Repository 'http://deb.debian.org/debian testing InRelease' changed its 'Codename' value from 'bookworm' to 'trixie'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
Why it’s happening
I have this source configured in apt:
deb-src http://deb.debian.org/debian/ testing main contrib non-free
The source refers to the distribution “testing”. The codename for testing is the same of the next Debian release. Before the release of Debian 12 it was “bookworm”. Now that bookworm is released, that codename switched to “trixie”. In my particular case, this is more or less harmless, as this source is not going to trigger the installation of any package. But if I was using “testing” or “stable” in my apt sources, that would make a difference: I may unintentionally install packages from Debian 12 on my Debian 11 and make a mess of my system.
The error and the notification are there to warn you that there was a codename change, and that you should consider if this is expected and you actually want to continue, or if you’d rather lock your sources to the current codename instead (that would be “bullseye” in Debian 11’s case).
What to do
Lock your package sources to the correct codename. E.g. if you are running Debian 11 and you have “stable” in your apt sources for the official Debian repositories, replace “stable” with “bullseye”. Note that for third party repos this may be different, check with the vendor for instructions.
If, like in my case, the change is harmful, you need to let apt know that you approve the change. That’s what we’ll see below in detail.
Accepting the codename change
The notification points to apt-secure. If you are like me, the next command you ran was man apt-secure
. That helped finding more about the reason why this was happening, but not with the solution, alas:
INFORMATION CHANGES
A Release file contains beside the checksums for the files in
the repository also general information about the repository
like the origin, codename or version number of the release.
This information is shown in various places so a repository
owner should always ensure correctness. Further more user
configuration like apt_preferences(5) can depend and make use
of this information. Since version 1.5 the user must therefore
explicitly confirm changes to signal that the user is
sufficiently prepared e.g. for the new major release of the
distribution shipped in the repository (as e.g. indicated by
the codename).
This is nice. Except that it doesn’t mention how one is supposed to explicitly confirm changes.
Some more digging and the man page of apt-get
provided the solution:
--allow-releaseinfo-change
Allow the update command to continue downloading data from
a repository which changed its information of the release
contained in the repository indicating e.g a new major
release. APT will fail at the update command for such
repositories until the change is confirmed to ensure the
user is prepared for the change. See also apt-secure(8) for
details on the concept and configuration.
Specialist options (--allow-releaseinfo-change-field) exist
to allow changes only for certain fields like origin,
label, codename, suite, version and defaultpin. See also
apt_preferences(5). Configuration Item:
Acquire::AllowReleaseInfoChange.
Running apt-get update –allow-releaseinfo-change returned the notification part again (the message prefixed with “N:
“) but not the error (“E:
“). Subsequent runs of apt/apt-get ran as usual. Problem solved 🙂