On 01/18/2011 12:00 PM, Axel Beckert wrote:
found 610457 4.2-1
retitle 610457 xen-tools: no possibility to use a local security mirror for
Ubuntu and Debian
kthxbye
Hi Bruce,
thanks for the bug report.
Bruce Edge wrote:
When creating a lucid VM with the command line
/usr/bin/xen-create-image --hostname lucid-build --mac=00:90:66:00:17:90
--dist=lucid --force --dhcp --mirror=http://wlvmirror.lsi.com/ubuntu
--size=14Gb --memory=2Gb --arch=amd64 --partitions=dpm-build
--lvm=uss004 --role=builder --boot
It hangs up trying to download packages.gz from:
http://security.ubuntu.com/ubuntu as the file
/usr/lib/xen-tools/lucid.d/20-setup-apt contains the following:
deb-src ${mirror} ${dist} main restricted universe
deb ${mirror} ${dist}-updates main restricted universe multiverse
deb-src ${mirror} ${dist}-updates main restricted universe
deb http://security.ubuntu.com/ubuntu ${dist}-security main restricted
universe
deb-src http://security.ubuntu.com/ubuntu ${dist}-security main
restricted universe
Note that the last 2 lines ignore the mirror setting.
This is more or less on purpose since Ubuntu (and Debian) do the same
on normal installations, too: Even if you choose a local mirror,
security updates won't be fetched from there but from the official
security repository.
Additionally, with Debian or Ubuntu, normal mirrors don't have a copy
of the security repository, so setting it up the way you expected or
want it would break most other installations.
This means that if one is using a proxy, it will hang and eventually
timeout.
xen-tools instructs apt to use an HTTP proxy, if one was configured in
the Dom0. See lines 31-38 of /usr/lib/xen-tools/lucid.d/20-setup-apt.
This is possibly a workaround you could use. It's though not yet
configurable via configuration file or command line options, just via
/etc/apt/apt.conf in the Dom0. But I can (now :-) imagine where this
setup is not possible.
But that's not the kind of proxy you use (something apt-proxy,
apt-cacher, etc.). That kind of proxy is indeed currently not
supported for security repositories.
So this issue and the related Acquire::HTTP::Proxy issue pointed out
above would be fixed by adding the following new features respectively
configuration options:
1) Allowing to override the security mirror used for Ubuntu and
Debian.
2) Allow to disable the usage of an security mirror even if the Dom0
has one configured.
3) Allow to manually configure the usage of Acquire::HTTP::Proxy in
the DomU.
Regards, Axel
I vote for a "--security-mirror=" option as that's already used by some
other app that I can't think of now.
I don't like the inheritance of the dom0 apt settings as they are
correct only if the target VM is of the same type as dom0. IOW, using a
debian dom0's apt setup to build an ubuntu VM is probably wrong as the
mirror/proxy could be different.
Leaving it as a cmdline arg would be preferable IMHO.
Thanks
-Bruce
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
