Re: Compatibility of security mirror
Lee Winter <lee.j.i.winter@gmail.com> writes:
> The security mirror at security.debian.org appears to have a structure
> that is compatible with the main debian mirrors. If that appearance
> is an accurate reflection of reality then the updates/main/* tree
> should be compatible with the main/* tree. I use the term compatible
> to mean that a local mirror could be composed of the main archive plus
> the security updates and thus require a single entry in the client
> machine's sources.list file.
>
> Is that appearance accurate? Can security update be stored in the
> same directory tree and accessed by clients transparently? If so, is
> it possible to merge the updates/* folders into the main repository or
> do they need to remain underneath updates/ ?
>
> Thanks for any info or suggestions,
>
> Lee Winter
> NP Engineering
> Nashua, New Hampshire
Yes and no.
You can easily use reprepro to fetch packages from both ftp.debian.org
and security.debian.org and combine them into a single apt
repository. That works reasonably well with the exception of screwups
where different builds of the same source are uploaded to security and
stable-proposed-updates. This has happened a few times in the past and
can need a one time manual intervention in reprepro.
This has one minor drawback though: The combined apt repository will
be unsigned (you do not want to do that) or signed by a local
key. This has 2 effects:
1) You need to "apt-key add" your local key on every client (or
build a keyring deb and install that).
2) The Debian-Installer will not work from the local mirror.
You need to do the initial install from an official mirror or use
a netinst or full CD1/DVD1 image. Netboot and business card
images will not work.
You can not create 1:1 mirrors of ftp.debian.org and
security.debian.org in the same place because the Release and
Release.gpg files overlap. If you need a true mirror then you need to
keep them seperate and have 2 lines in sources.list.
MfG
Goswin
PS: reprepro can also trivially handle locally compiled debs, e.g. in
a local/ section.
Reply to: