[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#970069: marked as done (marionnet: bullseye: /updates -> -security)

Your message dated Fri, 5 May 2023 18:18:59 +0200
with message-id <5bc1122a-6f61-d9ff-dedb-d7cf90fe65c4@debian.org>
and subject line Re: marionnet: bullseye: /updates -> -security
has caused the Debian Bug report #970069,
regarding marionnet: bullseye: /updates -> -security
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
970069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970069
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: marionnet
Version: 0.90.6+bzr508-1
Severity: minor
File: uml/pupisto.debian/pupisto.debian.sh
User: debian-devel@lists.debian.org
Usertags: bullseye-security

With the release of Debian bullseye and later, security updates are
provided in the bullseye-security suite instead of bullseye/updates.

In the marionnet source package there appears to be a script that
generates a Debian chroot/container for building packages and that
script relies on appears to write an apt sources.list that will
not provide security updates for packages installed in the
chroot/container. I suggest that this script check the version of the
Debian release in question using distro-info and then if the release is
11 or higher, then use $release-security otherwise use $release/updates
as before. It is much better to use distro-info than to hard-code the
release version numbers. It might even be a good idea to include the
security suite information in distro-info itself and look it up there.

I filed this bug at severity minor since the script in question doesn't
appear to be used for any part of the Debian packages nor for building
the Debian packages, but only for some upstream packages.

   $ grep -B4 -A7 /updates  uml/pupisto.debian/pupisto.debian.sh
   function fix_apt_sources_update_and_upgrade {
    # global DEBIANROOT HTTP_SERVER RELEASE
    local ROOT=${1:-$DEBIANROOT}
    local TARGET=$ROOT/etc/apt/sources.list
    sudo_fprintf $TARGET "%s\n%s\n" "deb $HTTP_SERVER $RELEASE main" "deb http://security.debian.org/ $RELEASE/updates main"
    # Update:
    # sudo_careful_chroot ${ROOT} aptitude update
    sudo_careful_chroot ${ROOT} apt-get update
    # Upgrade:
    # sudo_careful_chroot ${ROOT} aptitude -y safe-upgrade
    sudo_careful_chroot ${ROOT} apt-get -y upgrade
   }

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
--- Begin Message --- 
Version: 0.90.6+bzr508-1+rm

--- End Message ---
Reply to: