Packaging: Updating Grafana 9.2.3 -> 9.2.4 not possible via APT

[Becker884]

Ubuntu Server (headless) 22.04.1 LTS / 5.15.0-52-generic

apt-get update:

Paketlisten werden gelesen… Fertig
E: Für das Depot »https://packages.grafana.com/oss/deb stable InRelease« wurde der »Origin«-Wert von »grafana stable« in ». stable« geändert.
E: Für das Depot »https://packages.grafana.com/oss/deb stable InRelease« wurde der »Label«-Wert von »grafana stable« in ». stable« geändert.
N: Sie müssen dies explizit bestätigen, bevor Aktualisierungen von diesem Depot angewendet werden können. Lesen Sie die apt-secure(8)-Handbuchseite, wenn Sie weitere Informationen benötigen.

any idea ?

[lnicola]

To make things easier for anyone searching for this:

E: Repository 'https://packages.grafana.com/oss/deb stable InRelease' changed its 'Origin' value from 'grafana stable' to '. stable'
E: Repository 'https://packages.grafana.com/oss/deb stable InRelease' changed its 'Label' value from 'grafana stable' to '. stable'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

I still get the option to accept it and upgrade. It's probably a cosmetic issue, but doesn't hurt to double-check.

[Becker884]

I don´t get the option to accept !

edit: solution -> "apt-get update --allow-releaseinfo-change"

[lnicola]

Maybe you have DEBIAN_FRONTEND=noninteractive somewhere? I don't know much about apt.

[weastur]

Hi, why change labels at all? It breaks updates with automotive systems like Ansible and Puppet.

I'm not sure, but change 'grafana stable' to '. stable' looks like a bug, isn't it?

[weastur]

https://community.grafana.com/t/grafana-oss-debian-repo-changes-origin-label-is-this-intended/75330/3

[daenney]

I"m getting a certificate validation issue on Ubuntu 20.04:

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 151.101.86.217 443]

The chain from ISRG X3 looks valid, but I'm guessing the fallback chain isn't anymore?

Both apt-transport-https and ca-certificates are up to date.

Argh, package pinning caused a ca-certificates update to not have been pulled. I missed that the first time around.

---

There's something funky with DNS. Querying Fastly's NS server:

~ ❯❯❯ dog -t A dualstack.e.sni.global.fastly.net. @ns1.fastly.net.
 A dualstack.e.sni.global.fastly.net.      30s   151.101.86.217

But Google or Cloudflare:

~ ❯❯❯ dog -t A packages.grafana.com @1.1.1.1
CNAME packages.grafana.com.              5m59s   "dualstack.e.sni.global.fastly.net."
    A dualstack.e.sni.global.fastly.net.   30s   151.101.2.217
    A dualstack.e.sni.global.fastly.net.   30s   151.101.66.217
    A dualstack.e.sni.global.fastly.net.   30s   151.101.130.217
    A dualstack.e.sni.global.fastly.net.   30s   151.101.194.217
~ ❯❯❯ dog -t A packages.grafana.com @8.8.8.8
CNAME packages.grafana.com.              3m28s   "dualstack.e.sni.global.fastly.net."
    A dualstack.e.sni.global.fastly.net.    9s   151.101.2.217
    A dualstack.e.sni.global.fastly.net.    9s   151.101.66.217
    A dualstack.e.sni.global.fastly.net.    9s   151.101.130.217
    A dualstack.e.sni.global.fastly.net.    9s   151.101.194.217

Even when explicitly configuring my recursor to use Cloudflare or Google as the upstream and it resolving to one of those 4 IPs, I still see the cert validation issue.

[kosza]

Hi,

Check https://packages.grafana.com/enterprise/.

1. Replaced the link to https://apt.grafana.com in /etc/apt/sources.list.d/grafana.list
2. apt update, apt could download the index files
3. apt upgrade

[tonypowa]

As pointed out by @weastur please find the details of the cause and solution by @julienduchesne here
https://community.grafana.com/t/grafana-oss-debian-repo-changes-origin-label-is-this-intended/75330/2