| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | PostgreSQL on Debian and Ubuntu <pgsql-pkg-debian(at)lists(dot)postgresql(dot)org> |
| Subject: | should postgresql-common depend on ca-certificates? |
| Date: | 2025-10-05 13:33:14 |
| Message-ID: | e0554b5d-12c2-430b-8b53-a8637a2ec595@eisentraut.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-debian |
If I follow the Quickstart at
https://wiki.postgresql.org/wiki/Apt#Quickstart but use
--no-install-recommends, things don't quite work. (I realize I'm going
off the well-trodden path, but this is useful for CI setups to avoid
installing packages you don't strictly need.) For example, on Ubuntu 24.04:
apt-get update
apt-get -y --no-install-recommends install gnupg postgresql-common
/usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y
Then you get warnings like this:
Certificate verification failed: The certificate is NOT trusted. The
certificate issuer is unknown. Could not handshake: Error in the
certificate verification. [IP: 151.101.3.52 443]
W: https://apt.postgresql.org/pub/repos/apt/dists/noble-pgdg/InRelease:
No system certificates available. Try installing ca-certificates.
When you install ca-certificates, then the whole thing works.
Apparently, there is a "recommends" dependency somewhere down the chain,
but postgresql-common itself doesn't mention it.
I don't know what the right solution is, but maybe a combination of
1) postgresql-common at least "suggests" ca-certificates.
2) apt.postgresql.org.sh should do more checking that the setup it
creates actually works.
3) The wiki page quickstart makes more explicit mention of
ca-certificates. (It is mentioned for the manual setup.)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Avahita Heidarnezhad | 2025-10-06 10:24:28 | missing apt postgresql-18-pgauditlogtofile |
| Previous Message | apt.postgresql.org Repository Update | 2025-10-04 15:14:01 | barman updated to version 3.16.0-1.pgdg+1 |