Fixing problem Repository ceres InRelease changed its Label value from Master to Devuan


rm /var/lib/apt/lists/*

The fix

If you encounter an error that resembles the following, on Devuan GNU/Linux, there is a fix for it!

# sudo apt-get update
Reading package lists... Done
E: Repository ' ceres InRelease' changed its 'Label' value from 'Master' to 'Devuan'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

There’s a new label in use, it seems. Big deal, except for the fact you can’t really get around it. The apt-secure(8) page does not seem to provide any answers.

To view the current labels for the enabled repos:

# apt policy
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 ceres/non-free i386 Packages
     release v=1.0.0,o=Devuan,a=unstable,n=ceres,l=Master,c=non-free,b=i386
 500 ceres/contrib i386 Packages
     release v=1.0.0,o=Devuan,a=unstable,n=ceres,l=Master,c=contrib,b=i386
 500 ceres/main i386 Packages
     release v=1.0.0,o=Devuan,a=unstable,n=ceres,l=Master,c=main,b=i386
Pinned packages:

The fix is to remove the cached lists for the repositories and fetch it all again.

rm /var/lib/apt/lists/*

That’s all there is to it! Then run apt-get update again, and you’re back on your way.



  1. man page apt_preferences(5)

Local resources

  1. bash autocomplete for apt and apt-get

Unattended software updates on Devuan

updated 2019-06-02

Devuan, as a fork of debian that uses sysvinit (or another– your choice), still uses debian-based utilities. I come from the Fedora/Red Hat/CentOS rpm-based family of distributions, and I struggle with the dpkg-based package management on occasion.

I really dislike how the software upgrades will sometimes pause in the middle, to display the changelog. If I wanted a changelog, I’d go read it! When I issue a command to update packages, I want to walk away, and come back, and it be done, not get stuck at 20% because openssh changed some defaults and wants to tell me. It emails me anyway! I find the defaults of apt-get to be not sane.

Here is how to configure apt-get to run without pausing to display duplicate information or ask you questions.

export DEBIAN_FRONTEND=noninteractive
apt-get -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade




Find which package provides a file – Yum and Apt

Last updated 2019-06-26

Yum-based distros

On Fedora-like systems, the default package manager is yum (or dnf for Fedora 22+). The main way you use it is to install packages and auto-resolve the dependencies.

yum install irfan

Similarly, apt-get on the Debian family of GNU/Linux installs packages with this command.

apt-get install irfan

Now, let’s say you are looking for which package installs a particular file. The command for yum is:

yum provides */filename

If you want to use rpm, that is available too.

rpm -qf /etc/sudoers

Apt-based distros

On apt-based distros (Debian, Devuan, Ubuntu, etc.), you need to install the package apt-file before you can do similar lookup commands.

apt-get install apt-file

Now you can search with:

apt-file search */filename

You can use the lower-level package manager:

dpkg-query -S /usr/share/filename

Building an apt repository on CentOS

Apt is a dpkg management tool used by Debian and its offpsring, particularly Ubuntu and Linux Mint.
CentOS is from the RHEL/Fedora side of the Linux family tree and uses yum (and dnf nowadays).
Making a simple, signed apt repository on centos (or manually, on any system really) is possible. This is how to do it.

Building an apt repository

So you have packages you want to make available for your LAN or wherever. This document will show you how to make a directory with all the right parts for an apt repository that is gpg-signed (to stave off that annoying “Do you trust the source?” question).

Preparing gpg keys

Note: generating new keys can require some time orand entropy generation.

# as root; no sudo!
gpg --gen-key

The first time you run gpg –gen-key, break it after it has generated some directories and files.
Add the SHA256 requirement to the gpg conf.

cat <<'EOF' >> ~/.gnupg/gpg.conf
cert-digest-algo SHA256
digest-algo SHA256

Reference: Weblink 3
Run gpg again and this time follow the prompts to generate a key.

gpg --gen-key

If you need to generate extra entropy, consider running some mundane tasks in another terminal.

while true; do dd if=/dev/sda of=/dev/zero; find / | xargs file >/dev/null 2>&1; done

Just break it off when you get the gpg keys you need.
Export the keys as needed with these commands.

gpg --list-keys
# take the key name shown and do this:
gpg --output debian-repo-public.gpg --armor --export 123456AB
gpg --output debian-repo-private.gpg --armor --export-secret-key 123456AB

So the end state of this section is to have the public key as a file, preferably in the repository directory.

Installing required packages

Install epel-release which wil lget you the dpkg-dev and tar packages you need (just in case tar isn’t on your system).

yum –y install epel-release
yum –y install dpkg-dev tar

Building the repository building script

Make a script that automates building the Release and Package files.

cat <<'EOFSH' >${updatescript}

# working directory
cd ${repodir}

# create the package index
dpkg-scanpackages -m . > Packages
cat Packages | gzip -9c > Packages.gz

# create the Release file
PKGS=$(wc -c Packages)
PKGS_GZ=$(wc -c Packages.gz)
cat <<EOF > Release
Architectures: all
Date: \$(date -R)
 $(md5sum Packages  | cut -d" " -f1) $PKGS
 $(md5sum Packages.gz  | cut -d" " -f1) $PKGS_GZ
 $(sha1sum Packages  | cut -d" " -f1) $PKGS
 $(sha1sum Packages.gz  | cut -d" " -f1) $PKGS_GZ
 $(sha256sum Packages | cut -d" " -f1) $PKGS
 $(sha256sum Packages.gz | cut -d" " -f1) $PKGS_GZ
gpg -abs -o Release.gpg Release
chmod 755 ${updatescript}

It might be useful to modify the script to chmod 444 *.deb or something similar.
When running the script, make sure you use the correct key to sign the release file. Note that this script calls gpg, which will interactively ask the user to enter the passphrase for the key.

Managing the repository

The repository is ready to receive files and be updated.
The example location is /mnt/mirror/ubuntu/example-debian/.

Adding packages to the repo

Move any .deb packages you want to the repo directory.
Run the update-repo script form root (because the gpg keys were generated as root).


Provide the passphrase.

Configuring a client

For each system you want to add the repository to, you need to follow these steps.
Import the public key into apt and add the repo to the sources.

sudo wget --quiet -O /root/example-debian.gpg
sudo apt-key add /root/example-debian.gpg	
sudo wget --quiet -O /etc/apt/sources.list.d/example-debian.list

Update the available package list.

apt-get update

The system is now ready to install packages from your repository.


  1. Main layout of entire document
  2. Manipulating gpg keys
  3. Using SHA256 for apt
  4. Extra information about debian repos
  5. Discussion of various debian repo utilities
  6. Alternate method for making a repo
  7. How to make a super simple, unsigned repo