Daniel Baumann wrote: > Chris Lamb wrote: > > I've committed a change to live-helper in Git which fixes this issue. > > this fix does actually do more harm than it solves - it injects the apt > settings into the binary image, which is not acceptable as it produces > tainted images.
Ugh, you are completely correct. I will revert it and commit a different
solution in a few moments.
However, there are two issues:
* First, we really do need to taint the binary when chroot_local-packages
are used otherwise local packages will be replaced. I don't think it even
matters too much as the changes are limited to /etc/apt/preferences and if
a user is using chroot_local-packages it is hardly Debian anyway.
The change I just commited locally and to git.chris-lamb.co.uk does this.
* Secondly, not tainting the chroot will mean that users with
LH_APT_INSTALL_RECOMMENDS="disabled" who run "apt-get dist-upgrade" on
bootup (to install security upgrades etc.) will get all recommended
packages installed (!).
Whilst I agree that we shouldn't taint the binary image, shouldn't we make
an exception for the recommends setting, or do we just document that they
should modify the apt configuration themselves? This doesn't seem to
follow "do the right thing" IMHO.
(Another solution would be to add an LH_BINARY_INSTALL_RECOMMENDS
config option.)
Regards,
--
Chris Lamb, UK [EMAIL PROTECTED]
GPG: 0x634F9A20
signature.asc
Description: PGP signature
