From 11e647a08515df4c4d75c933357d66fccaeb16a6 Mon Sep 17 00:00:00 2001 From: Chris Wolfgang <210299580+Chris-Wolfgang@users.noreply.github.com> Date: Mon, 4 May 2026 21:51:32 -0400 Subject: [PATCH] pr.yaml: add [trusted=yes] to focal-security apt source The 'Install OpenSSL 1.1 for .NET 5.0' step was failing on newer GitHub-hosted Ubuntu runners with: E: Package 'libssl1.1' has no installation candidate Root cause: the focal Ubuntu archive signing key is not always present on newer runner images. apt silently Ign's the source ('Ign:55 ... focal-security InRelease') and apt-get update succeeds without it, so libssl1.1 isn't in the package index when install runs. Adding [trusted=yes] to the apt source line skips signature verification, letting the source be used regardless of key availability. Testing this fix locally before propagating to canonical and the other ~19 affected repos. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/pr.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 411e8d6..f41c03b 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -327,7 +327,11 @@ jobs: # repository so APT verifies the package via GPG instead of a plain wget download. - name: Install OpenSSL 1.1 for .NET 5.0 run: | - echo "deb https://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list + # [trusted=yes] skips GPG signature verification — the focal Ubuntu archive + # signing key is not always present on newer GitHub-hosted runners, which + # caused the apt source to be silently ignored and 'libssl1.1' to fail with + # 'has no installation candidate'. + echo "deb [trusted=yes] https://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list sudo apt-get update -q sudo apt-get install --yes libssl1.1 sudo rm /etc/apt/sources.list.d/focal-security.list