Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VsCode breaks apt (adding a second file which causes conflict of keys) #189274

Closed
Tracked by #189320
DimanNe opened this issue Jul 30, 2023 · 1 comment
Closed
Tracked by #189320

VsCode breaks apt (adding a second file which causes conflict of keys) #189274

DimanNe opened this issue Jul 30, 2023 · 1 comment
Assignees
@Tyriar @rzhao271
Labels
*duplicate Issue identified as a duplicate of another issue(s)

Comments

@DimanNe
Copy link

DimanNe commented Jul 30, 2023

Does this issue occur when all extensions are disabled?: Yes

  • VS Code Version:
Version: 1.80.2
Commit: 2ccd690cbff1569e4a83d7c43d45101f817401dc
Date: 2023-07-27T20:41:52.615Z
Electron: 22.3.14
ElectronBuildId: 22695494
Chromium: 108.0.5359.215
Node.js: 16.17.1
V8: 10.8.168.25-electron.0
OS: Linux x64 5.15.0-78-generic
  • OS Version:
Description:    Ubuntu 22.04.2 LTS
Release:        22.04

Steps to Reproduce

  1. Install VsCode using by *.sources files in apt:

    $ sudo nano /etc/apt/sources.list.d/packages.microsoft.com.sources

Enabled: yes
Types: deb
URIs: https://packages.microsoft.com/repos/code
Suites: stable
Components: main
Signed-By: /usr/share/keyrings/gpgsecurity.microsoft.com.gpg
Architectures: amd64

  2. Copy the key: sudo cp gpgsecurity.microsoft.com.gpg /usr/share/keyrings/gpgsecurity.microsoft.com.gpg

  3. Install vscode: sudo apt update && sudo apt install code

  4. Next time you try to update your system, you discover that it has been broken:

sudo apt update
E: Conflicting values set for option Signed-By regarding source https://packages.microsoft.com/repos/code/ stable: /usr/share/keyrings/gpgsecurity.microsoft.com.gpg != 
E: The list of sources could not be read.

This happens because vscode decided that

  • it was a good idea to import its own key in system apt keyring, which is not a good idea from the point of view of security. this is how Google does it, for example:

    cat gvisor.list
deb [arch=amd64 signed-by=/usr/share/keyrings/gvisor-archive-keyring.gpg] https://storage.googleapis.com/gvisor/releases release main

    (note, they are using signed-by, which explicitly associates their key with their repo)

  • and then it decided that it was a good idea to create a 2nd apt-source file:

    cat /etc/apt/sources.list.d/vscode.list
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code stable main

At the very least, it would be nice to use the signed-by option in vscode.list.

It would be even better not to introduce a second vscode.list file. Why do you need to do it, if vscode has already been installed anyway?

System information
Item Value
GPU 0 NVIDIA GeForce RTX 3080
CPUs AMD Ryzen 9 5950X 16-Core Processor (32 x 2200)
GPU Status 2d_canvas: unavailable_software canvas_oop_rasterization: disabled_off direct_rendering_display_compositor: disabled_off_ok gpu_compositing: disabled_software multiple_raster_threads: enabled_on opengl: disabled_off rasterization: disabled_software raw_draw: disabled_off_ok video_decode: disabled_software video_encode: disabled_software vulkan: disabled_off webgl: unavailable_software webgl2: unavailable_software webgpu: disabled_off
Load (avg) 0, 1, 1
Memory (System) 125.70GB (108.83GB free)
Process Argv --disable-extensions /home/dimanne/devel/scripts/contrib/llvm-project/llvm/lib/Target/Sparc/AsmParser/SparcAsmParser.cpp --crash-reporter-id 1b2bf8d1-5d0e-42d4-a5d9-6e937acf6abe
Screen Reader no
VM 0%
Extensions Extensions are disabled
A/B Experiments 
vsliv368cf:30146710
vsreu685:30147344
python383:30185418
vspor879:30202332
vspor708:30202333
vspor363:30204092
vslsvsres303:30308271
vserr242cf:30382550
pythontb:30283811
vsjup518:30340749
pythonptprofiler:30281270
vshan820:30294714
vstes263:30335439
vscoreces:30445986
vscod805:30301674
binariesv615:30325510
bridge0708:30335490
bridge0723:30353136
vsaa593cf:30376535
pythonvs932:30410667
py29gd2263cf:30792227
vsclangdf:30486550
c4g48928:30535728
dsvsc012:30540252
pynewext54:30695312
azure-dev_surveyone:30548225
2e4cg342:30602488
f6dab269:30613381
showlangstatbar:30737416
vsctsb:30748421
03d35959:30757346
pythonfmttext:30731395
pythoncmv:30756943
fixshowwlkth:30771522
hideindicator:30785051
pythongtdpath:30769146
i26e3531:30792625
pythonnosmt12:30797651
pythonnoceb:30797650
e537b577:30795824
dsvsc013:30795093
dsvsc014:30797589
cmakestatusbarv2:30779594
@Tyriar
Copy link
Member

Tyriar commented Jul 31, 2023

This is a duplicate of #22145, you can see that issue for why it's like that but ultimately the issue stayed open for over 2 years and there was little to no interest in getting it fixed.

@Tyriar Tyriar closed this as completed Jul 31, 2023
@Tyriar Tyriar added the *duplicate Issue identified as a duplicate of another issue(s) label Jul 31, 2023
@beto811 beto811 mentioned this issue Jul 31, 2023
Closed
@github-actions github-actions bot locked and limited conversation to collaborators Sep 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Tyriar Tyriar

@rzhao271 rzhao271

Labels
*duplicate Issue identified as a duplicate of another issue(s)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DimanNe @Tyriar @rzhao271