Repository changed its 'Suite' value from 'stable' to 'oldstable'

Question

When trying to update a Devuan Beowulf system (in preparation for the upgrade to Chimeara), I'm getting the following errors:

root@oxygen:~ # apt-get update 
Get:1 http://pkgmaster.devuan.org/merged beowulf InRelease [33.8 kB]
Get:2 http://pkgmaster.devuan.org/merged beowulf-updates InRelease [26.7 kB]
Get:3 http://pkgmaster.devuan.org/merged beowulf-security InRelease [26.5 kB]
Get:4 http://pkgmaster.devuan.org/merged beowulf-backports InRelease [26.9 kB]
Reading package lists... Done
E: Repository 'http://pkgmaster.devuan.org/merged beowulf InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
E: Repository 'http://pkgmaster.devuan.org/merged beowulf-updates InRelease' changed its 'Suite' value from 'stable-updates' to 'oldstable-updates'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
E: Repository 'http://pkgmaster.devuan.org/merged beowulf-security InRelease' changed its 'Suite' value from 'stable-security' to 'oldstable-security'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
E: Repository 'http://pkgmaster.devuan.org/merged beowulf-backports InRelease' changed its 'Suite' value from 'stable-backports' to 'oldstable-backports'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

I understand that Beowulf has been made oldstable when Chimaera became stable, but I've never seen this behavior before with Debian-based systems, and it's preventing the update.

Answer 1

The error message is referring to this section of man 8 apt-secure:

INFORMATION CHANGES
A Release file contains beside the checksums for the files in the repository also general information about the repository like the origin, codename or version number of the release.

This information is shown in various places so a repository owner should always ensure correctness. Further more user configuration like apt_preferences(5) can depend and make use of this information. Since version 1.5 the user must therefore explicitly confirm changes to signal that the user is sufficiently prepared e.g. for the new major release of the distribution shipped in the repository (as e.g. indicated by the codename).

which explains the behavior, but not why it has never occurred before or how to fix it.

There are a couple bug reports for this in the Debian bug tracker, including this lengthy discussion. The gist seems to be that this was introduced as a security feature in Debian Buster (and thus Devuan Beowulf), but apparently without consideration for user experience or update management in automated systems.

The fix can be found in the apt-get man page:

--allow-releaseinfo-change
Allow the update command to continue downloading data from a repository which changed its information of the release contained in the repository indicating e.g a new major release. APT will fail at the update command for such repositories until the change is confirmed to ensure the user is prepared for the change. See also apt-secure(8) for details on the concept and configuration.

Basically, run apt-get update --allow-releaseinfo-change once to fix the issue. Alternatively you can run apt update, which will interactively ask for confirmation.

For automated systems consider adding

Acquire::AllowReleaseInfoChange::Suite "true";

to your Apt config (e.g. as /etc/apt/apt.conf.d/90releaseinfo-change).