On Tue, 21 Jan 2025 15:43:19 +0100 Julian Andres Klode <j...@debian.org> wrote: > My prefered solution is to use a template, for `debian.sources`: > > # Official @VENDOR@ sources. > # Available types: deb (binaries) deb-src (source code) > # Available suites: @SUITE@ (release) @SUITE@-updates (urgent updates) > # Available components: > # - main (free software) > # - contrib (explanation) > # - non-free (explanation) > # > # Make sure to keep the security updates configured for the same set > # of components in the following paragraph. > Types: deb @DEBSRC@ > URIs: @MIRROR@ > Suites: @SUITE@ @SUITE_UPDATE@ > Components: @COMPONENTS@ > Signed-By: @SIGNED_BY@ > > # Security updates. > Types: deb @DEBSRC@ > URIs: @MIRROR_SECURITY@ > Suites: @SUITE_SECURITY@ > Components: @COMPONENTS@ > Signed-By: @SIGNED_BY@ > > Note that @SUITE_UPDATES@ and @DEBSRC@ can be empty. You need to delete > trailing whitespaces and collapse multiple whitespaces: > > 's/ */ /g;s/ $//' > > Note that the canonical format that software-properties generates > only supports comments at the start and end of the section, otherwise
Which is fairly similar to what I have here: ------ Types: deb URIs: https://deb.debian.org/debian-security Suites: bookworm-security Components: main contrib non-free non-free-firmware Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Types: deb URIs: https://deb.debian.org/debian Suites: bookworm-updates bookworm bookworm-backports Components: main contrib non-free non-free-firmware Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Types: deb URIs: https://deb.debian.org/debian-debug Suites: bookworm-debug bookworm-backports-debug Components: main contrib non-free non-free-firmware Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg ------ The key advantage to the above combined sources file is that it remains extremely compact and mostly easy to read for someone migrating from the old format. In the above, 'bookworm' could also be replaced by 'stable' if someone doesn't wanna manually edit the file at every new Debian release. Since 'backports' is pinned at a lower priority by APT by default, no package will be fetched from there unless explicitly told using e.g. 'apt-get install package/backports' or pinned using /etc/apt/preferences. On Hurd (read: any architecture supported only via Ports), I have a slightly more complex file due to having to source both Debian (all, sources) and Debian-Ports (hurd-i386) which uses 2 keyrings and permanently tracks 'unstable' since Hurd doesn't offer any 'stable' release because it's a non-supported port. ------ Types: deb deb-src URIs: http://deb.debian.org/debian-ports/ Suites: unreleased Components: main Signed-By: /usr/share/keyrings/debian-ports-archive-keyring.gpg Types: deb URIs: http://deb.debian.org/debian-ports/ Suites: unstable Components: main Signed-By: /usr/share/keyrings/debian-ports-archive-keyring.gpg Types: deb deb-src URIs: http://deb.debian.org/debian/ Suites: unstable Components: main Architectures: all Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg ------ There's good chances that 'crosshurd' will adopt this debian.sources file as a default on time for Trixie. Btw, 'dselect' will need upgrading since it tries to create a new /etc/apt/sources.list if none exists even if /etc/apt/sources.list.d/ is populated. See #1104283. Martin-Éric
