Репозиторий packages.sury.org закрыл доступ к обновлениям для серверов с «рашистскими» ИП-адресами, но да нам ли быть в печали... Ваши сервера в наших руках, будь они рашистские/укронацистские или жидофашистские, всегда будут в рабочем состоянии ;)
ГУТен МОРГен камарадос..! Компрадоре капиталиста... Лос-Падлос обнаглендэ... Оху.., оху-эльйоу, офонарэнго.., гидросукина камарилья... Проклянтэ обмудос!
Возможно закрыли не для всех ИП-диапазонов РФ, согласно статистике сервера packages.sury.org на долю РФ припадает 03.01% трафика, но некоторые сервера таки испытывают проблемы с обновлением из этого репозитория.
На цифру 451 обратили внимание не сразу, а первым делом бросилась в глаза последняя строчка The repository 'https://packages.sury.org/php bullseye InRelease' is no longer signed
# apt-get dist-upgrade ... Err:21 https://packages.sury.org/php bullseye InRelease 451 [IP: 146.59.69.202 443] Reading package lists... Done N: Repository 'http://security.debian.org/debian-security bullseye-security InRelease' changed its 'Suite' value from 'stable-security' to 'oldstable-security' N: Repository 'http://deb.debian.org/debian bullseye InRelease' changed its 'Version' value from '11.7' to '11.10' N: Repository 'http://deb.debian.org/debian bullseye InRelease' changed its 'Suite' value from 'stable' to 'oldstable' N: Repository 'http://deb.debian.org/debian bullseye-updates InRelease' changed its 'Suite' value from 'stable-updates' to 'oldstable-updates' E: Failed to fetch https://packages.sury.org/php/dists/bullseye/InRelease 451 [IP: 146.59.69.202 443] E: The repository 'https://packages.sury.org/php bullseye InRelease' is no longer signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
Обновление gpg ключей разумеется не помогло:
# less /etc/apt/sources.list.d/sury-php.list deb https://packages.sury.org/php/ bullseye main https://deb.sury.org/ https://github.com/oerdnj/deb.sury.org https://packages.sury.org/php/README.txt # apt-get -y install apt-transport-https lsb-release ca-certificates # curl -sSLo /etc/apt/trusted.gpg.d/sury.gpg https://packages.sury.org/php/apt.gpg # curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb # dpkg -i /tmp/debsuryorg-archive-keyring.deb # sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/sury-php.list' # less /etc/apt/sources.list.d/php.list deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ bullseye main # apt-get update Hit:1 http://deb.debian.org/debian bullseye InRelease Hit:2 http://deb.debian.org/debian bullseye-updates InRelease Hit:3 http://security.debian.org/debian-security bullseye-security InRelease Err:4 https://packages.sury.org/php bullseye InRelease 451 [IP: 169.150.247.36 443] Hit:5 https://download.linphone.org/snapshots/debian bullseye InRelease Reading package lists... Done E: Failed to fetch https://packages.sury.org/php/dists/bullseye/InRelease 451 [IP: 169.150.247.36 443] E: The repository 'https://packages.sury.org/php bullseye InRelease' is no longer signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. # apt-key list | grep -A 5 sury Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). /etc/apt/trusted.gpg.d/debsuryorg-archive.gpg --------------------------------------------- pub rsa3072 2019-03-18 [SC] [expires: 2026-02-04] 1505 8500 A023 5D97 F5D1 0063 B188 E2B6 95BD 4743 uid [ unknown] DEB.SURY.ORG Automatic Signing Key <[email protected]> sub rsa3072 2019-03-18 [E] [expires: 2026-02-04] /etc/apt/trusted.gpg.d/sury.gpg ------------------------------- pub rsa3072 2019-03-18 [SC] [expires: 2026-02-04] 1505 8500 A023 5D97 F5D1 0063 B188 E2B6 95BD 4743 uid [ unknown] DEB.SURY.ORG Automatic Signing Key <[email protected]> sub rsa3072 2019-03-18 [E] [expires: 2026-02-04] /etc/apt/trusted.gpg.d/sury-php8.gpg ------------------------------------ pub rsa3072 2019-03-18 [SC] [expired: 2024-02-16] 1505 8500 A023 5D97 F5D1 0063 B188 E2B6 95BD 4743 uid [ expired] DEB.SURY.ORG Automatic Signing Key <[email protected]> Удаляем просроченный # rm -rf /etc/apt/trusted.gpg.d/sury-php8.gpg or $ sudo apt-key del 95BD4743 # apt-key list | grep -A 5 sury Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). /etc/apt/trusted.gpg.d/debsuryorg-archive.gpg --------------------------------------------- pub rsa3072 2019-03-18 [SC] [expires: 2026-02-04] 1505 8500 A023 5D97 F5D1 0063 B188 E2B6 95BD 4743 uid [ unknown] DEB.SURY.ORG Automatic Signing Key <[email protected]> sub rsa3072 2019-03-18 [E] [expires: 2026-02-04] /etc/apt/trusted.gpg.d/sury.gpg ------------------------------- pub rsa3072 2019-03-18 [SC] [expires: 2026-02-04] 1505 8500 A023 5D97 F5D1 0063 B188 E2B6 95BD 4743 uid [ unknown] DEB.SURY.ORG Automatic Signing Key <[email protected]> sub rsa3072 2019-03-18 [E] [expires: 2026-02-04]
Но воз остался и ныне там, и тогда присмотревший к неприметной цифре 451 без какого-либо описания подумалось про код HTTP ответа:
HTTP 451 - Wikipedia
https://en.wikipedia.org/wiki/HTTP_451In computer networking, HTTP 451 Unavailable For Legal Reasons is a proposed standard error status code of the HTTP protocol to be displayed when the user requests a resource which cannot be served for legal reasons, such as a web page censored by a government. The number 451 is a reference to Ray Bradbury's 1953 dystopian novel Fahrenheit 451, in which books are outlawed.[2] 451 provides more information than HTTP 403, which is often used for the same purpose.[3] This status code is currently a proposed standard in RFC 7725 but is not yet formally a part of HTTP, as of RFC 9110.
Examples of situations where an HTTP 451 error code could be displayed include web pages deemed a danger to national security, or web pages deemed to violate copyright, privacy, blasphemy laws, or any other law or court order.
HTTP 451 — Википедия
https://ru.wikipedia.org/wiki/HTTP_451Ошибка 451 или «Недоступно по юридическим причинам» (англ. Unavailable For Legal Reasons) — стандартный код ответа HTTP, означающий, что доступ к ресурсу закрыт, например, по требованию органов государственной власти или правообладателя в случае нарушения авторских прав. Был одобрен IESG 21 декабря 2015 года[1] и опубликован как RFC 7725 в феврале 2016 года. Код ошибки является отсылкой к роману Рэя Брэдбери «451 градус по Фаренгейту»[2]. Можно сказать, что код HTTP 451 — это уточняющая версия кода HTTP 403[3].
И тут всё сразу стало ясно и понятно откуда растут ноги.., но нам ли быть в печали!
# apt-get install tsocks tor # vi /etc/tsocks.conf # Default server # For connections that aren't to the local subnets or to 150.0.0.0/255.255.0.0 # the server at 192.168.0.1 should be used (again, hostnames could be used # too, see note above) server = 192.168.0.1 # Server type defaults to 4 so we need to specify it as 5 for this one server_type = 5 # The port defaults to 1080 but I've stated it here for clarity server_port = 1080 to # Default server # For connections that aren't to the local subnets or to 150.0.0.0/255.255.0.0 # the server at 192.168.0.1 should be used (again, hostnames could be used # too, see note above) #server = 192.168.0.1 server = 127.0.0.1 # Server type defaults to 4 so we need to specify it as 5 for this one server_type = 5 # The port defaults to 1080 but I've stated it here for clarity #server_port = 1080 server_port = 9050
Если получили libtsocks(1904166): Need a password in tsocks.conf or $TSOCKS_PASSWORD, тогда делаем так:
# TSOCKS_PASSWORD="" tsocks apt-get update Hit:1 http://deb.debian.org/debian bullseye InRelease Hit:2 http://deb.debian.org/debian bullseye-updates InRelease Hit:3 http://security.debian.org/debian-security bullseye-security InRelease Get:5 https://packages.sury.org/php bullseye InRelease [7,551 B] Get:6 https://packages.sury.org/php bullseye/main amd64 Packages [250 kB] Hit:4 https://download.linphone.org/snapshots/debian bullseye InRelease Fetched 258 kB in 32s (8,089 B/s) Reading package lists... Done
Потом вот так:
# TSOCKS_PASSWORD="" tsocks apt-get dist-upgrade ... php8.2 php8.2-apcu php8.2-bcmath php8.2-bz2 php8.2-cli php8.2-common php8.2-curl php8.2-dev php8.2-fpm php8.2-gd php8.2-gmp php8.2-igbinary php8.2-imagick php8.2-intl php8.2-mbstring php8.2-mcrypt php8.2-memcache php8.2-memcached php8.2-msgpack php8.2-mysql php8.2-opcache php8.2-readline php8.2-redis php8.2-soap php8.2-xml php8.2-zip postfix python3-idna python3-reportbug reportbug systemd systemd-sysv systemd-timesyncd tar tzdata udev util-linux util-linux-locales uuid-dev 229 upgraded, 36 newly installed, 0 to remove and 0 not upgraded. Need to get 205 MB of archives. After this operation, 366 MB of additional disk space will be used. Do you want to continue? [Y/n] y
И вуаля, «рашистский» сервант полностью готов к дальнейшему труду и обороне.
Ваши сервера в наших руках, будь они рашистские/укронацистские или жидофашистские, всегда будут в рабочем состоянии! ;)