Mixed distributions on Debian Live images (and bug in ssl-cert 1.0.15)
Greetings, all!
I've been developing a web kiosk project with Debian Live (live-helper) for
a few months now, and finally decided to take a look into allowing mixed
distributions on the live CD (that is, both testing and unstable packages
accessible).
I've been building lenny images on a lenny host, and over the last few
months have encountered a few show-stopping bugs (user-setup,
flashplugin-nonfree, to name a couple). What normally happens is an
undetected bug in unstable makes its way over to testing, and when a fix is
released in unstable, we testing users have to wait at least 10 days for the
migration. With most bugs, I've gotten around this by downloading the
unstable packages manually and placing them in
"config/chroot_local-packages". However, a recent bug in ssl-cert would
cause the installation process to freeze"
I discovered that live-helper would try to install the (broken) version from
the testing repositories before attempting to use the version in
chroot_local-packages. I tried a number of ways to get around this including
replacing the cached version of the file with the fixed version, and
attempting to have lh_chroot load lh_chroot_(local-)packages before
lh_chroot_(local-)packageslists, but this just raised errors due to missing
packages (the minimal / standard package list hadn't been installed yet).
In the end, I worked out a way to make unstable available during the build
process, but still have testing with a higher priority.
Firstly, it was necessary to edit lh_chroot_sources and add lines for
unstable. Changing every instance of:
echo "deb(-src) ${LH_MIRROR_BOOTSTRAP} ${LH_DISTRIBUTION} ${LH_SECTIONS}" >
chroot/etc/apt/sources.list
... to:
echo "deb(-src) ${LH_MIRROR_BOOTSTRAP} ${LH_DISTRIBUTION} ${LH_SECTIONS}" >
chroot/etc/apt/sources.list
echo "deb(-src) ${LH_MIRROR_BOOTSTRAP} unstable ${LH_SECTIONS}" >>
chroot/etc/apt/sources.list
... except for the security updates.
Next, I needed to include a custom apt preferences file, but if you notice
in lh_chroot, "lh_chroot_apt remove ${*}" is called after
"lh_chroot_local-includes ${*}", and "lh_chroot_apt install ${*}" so it was
necessary to edit the remove function in lh_chroot_apt and comment the line
"rm -f chroot/etc/apt/preferences" in order to have this custom preferences
file to stick around.
The custom preferences file is included in config/chroot_apt/preferences:
Package: *
Pin: release a=testing
Pin-Priority: 900
Package: *
Pin: release a=unstable
Pin-Priority: 800
Now, testing packages are installed by default, but I can easily include an
unstable package. For instance, to get around the ssl-cert bug, I edited my
custom package list to include "ssl-cert/unstable". I now easily build
images with the unstable version of ssl-cert.
Considering the number of times this has happened (Re: packages broken in
testing while the fix is available in unstable, but there's that 10 day
grace period) I would like to suggest this "mixed distribution" feature be
implemented by default. If not my method, there ought to be a simple way of
including a package from unstable without using chroot_(local-)packages,
since these packages are only installed after chroot_(local-)packageslists.
If there aready is such a method that I completely missed, please let me
know!!!
One idea I had would be to include a directory that serves as a sort of
local repository. If an updated version of a package is included in this
directory, it would be given precedence over the standard repositories.
The downside of my method is that the resulting image is slightly bloated
due to having the extra repositories cached, but this is easily remedied.
Sorry for the overly-detailed explanation. I'm going to clean up my
implementation a bit when I have the time (with checks and all!) and add a
bit to the wiki. I may do it in patch form, but that's new territory for me.
Cheers!
--
Desmond Cox
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/debian-live-devel/attachments/20080227/cbcf633d/attachment.htm
Reply to: