[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: custom sec updates, was Bad press related to (missing) Debian security



also sprach Thomas Seliger <debsecsub@neovatar.org> [2005.06.28.1208 +0200]:
> Even if you did not use those techniques (.deb building, running an apt 
> source) up to now, I think its rewarding for you, especially if you run 
> a larger number of servers. I do not have any links ready to point you 
> to, but i'll check my (unsorted) bookmark file later ;)

man apt-ftparchive is all you basically need.

Put the files into a directory which apache can access, e.g.
/srv/apt --> http://server/apt, then run:

  apt-ftparchive packages . > Packages

and you're done. Make sure to set the proper permissions.

Now add

  deb http://server/apt ./

to your machines and `apt-get update`.

Finally, make sure to use the proper version incrememts. My
suggestion is the following shell function (part of
dpkg-reversion/debedit, which is not yet part of Debian):

  bump_version()
  {
    VERSTR='+0.local.'
    case $1 in
      *${VERSTR}[0-9]*)
        REV=${1##*${VERSTR}}
        echo ${1%${VERSTR}*}${VERSTR}$((++REV));;
      *-*)
        echo ${1}${VERSTR}1;;
      *)
        echo ${1}-0${VERSTR}1;;
    esac
  }

piper:~> bump_version 1.0-1
1.0-1+0.local.1
piper:~> dpkg --compare-versions 1.0-1 lt 1.0-1+0.local.1 && echo yes
yes
piper:~> dpkg --compare-versions 1.0-1+0.local.1 lt 1.0-2 && echo yes
yes

piper:~> bump_version 1.0
1.0-0+0.local.1
piper:~> dpkg --compare-versions 1.0 lt 1.0-0+0.local.1 && echo yes
yes
piper:~> dpkg --compare-versions 1.0-0+0.local.1 lt 1.0-1 && echo yes
yes
piper:~> dpkg --compare-versions 1.0-0+0.local.1 lt 1.1 && echo yes
yes

Alternatively, use APT pinning.

FWIW, my book[0] includes information about how to run your own
package repositories, and how to modify packages and properly
integrate them with APT.

  0. http://debiansystem.info

Cheers,

-- 
Please do not send copies of list mail to me; I read the list!
 
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
 
man muss noch chaos in sich haben
um einen tanzenden stern zu gebähren.
                                                -- friedrich nietzsche

Attachment: signature.asc
Description: Digital signature


Reply to: