Source: marionnet
Version: 0.90.6+bzr508-1
Severity: minor
File: uml/pupisto.debian/pupisto.debian.sh
User: debian-devel@lists.debian.org
Usertags: bullseye-security
With the release of Debian bullseye and later, security updates are
provided in the bullseye-security suite instead of bullseye/updates.
In the marionnet source package there appears to be a script that
generates a Debian chroot/container for building packages and that
script relies on appears to write an apt sources.list that will
not provide security updates for packages installed in the
chroot/container. I suggest that this script check the version of the
Debian release in question using distro-info and then if the release is
11 or higher, then use $release-security otherwise use $release/updates
as before. It is much better to use distro-info than to hard-code the
release version numbers. It might even be a good idea to include the
security suite information in distro-info itself and look it up there.
I filed this bug at severity minor since the script in question doesn't
appear to be used for any part of the Debian packages nor for building
the Debian packages, but only for some upstream packages.
$ grep -B4 -A7 /updates uml/pupisto.debian/pupisto.debian.sh
function fix_apt_sources_update_and_upgrade {
# global DEBIANROOT HTTP_SERVER RELEASE
local ROOT=${1:-$DEBIANROOT}
local TARGET=$ROOT/etc/apt/sources.list
sudo_fprintf $TARGET "%s\n%s\n" "deb $HTTP_SERVER $RELEASE main" "deb http://security.debian.org/ $RELEASE/updates main"
# Update:
# sudo_careful_chroot ${ROOT} aptitude update
sudo_careful_chroot ${ROOT} apt-get update
# Upgrade:
# sudo_careful_chroot ${ROOT} aptitude -y safe-upgrade
sudo_careful_chroot ${ROOT} apt-get -y upgrade
}
--
bye,
pabs
https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part