Re: Holding packages compiled from source back from updates

To: debian-user@lists.debian.org
Subject: Re: Holding packages compiled from source back from updates
From: bob@proulx.com (Bob Proulx)
Date: Mon, 27 Jun 2005 23:49:04 -0600
Message-id: <[🔎] 20050628054904.GA23536@dementia.proulx.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 2d1f9a6b05062701007cf48985@mail.gmail.com>
References: <[🔎] 2d1f9a6b05062701007cf48985@mail.gmail.com>

Terry Burton wrote:
> I've compiled the mysql-4.1 packages from source to enable OpenSSL
> support. I understand that I therefore take responsibility for
> updating these packages with regard to security issues.
> 
> Firstly, what is the official debian method for holding source
> compiled packages back from apt-get upgrades? Is section 2.2.11 of
> http://www.debian.org/doc/manuals/reference/ch-system.en.html the
> relevant info.

  echo packagename hold | dpkg --set-selections

But even better would be to use an NMU format version.  This will make
your version later than the one in Debian sarge and there is no need
to hold the package.  This is preferred because your modified version
won't have the same version string while being different.

  http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-nmu-version

I advocate putting some identifying string for custom packages.  In
your case since mysql-client-4.1-4.1.11a-4 is in stable I would name
yours mysql-client-4.1-4.1.11a-4.burton.1 or something similar.  This
is a common and well used scheme.

> Secondly, is the package source code obtained from official Debian
> security deb-src servers kept up to date in response to security
> issues in the same way that binary packages obtained from the same
> source? Presumably yes.

Yes, if you get it from the security.debian.org site.

  deb http://security.debian.org/ stable/updates main
  deb-src http://security.debian.org/ stable/updates main

> Finally, is there yet a method of automatically informing Debian to
> rebuild packages from source (using a customised user-defined
> debian/rules file) so that apt-get upgrade (or similar) will also keep
> your source compiled packages up to date?

You are probably thinking of something like an autobuilder.  They
exist but are rather complicated to configure and maintainer.  But you
can get almost the same effect for single packages.

  fakeroot apt-get source -b packname

See also the apt-src package.  It may be just what you are looking
for.

Bob

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Holding packages compiled from source back from updates
  - From: Terry Burton <terry.burton@gmail.com>

References:
- Holding packages compiled from source back from updates
  - From: Terry Burton <terry.burton@gmail.com>

Prev by Date: Re: sarge install on hp DL320
Next by Date: Re: su & $PATH & gdm
Previous by thread: Holding packages compiled from source back from updates
Next by thread: Re: Holding packages compiled from source back from updates
Index(es):
- Date
- Thread