Bug#972747: sbuild: bullseye: /updates -> -security

Thu, 22 Oct 2020 22:15:52 -0700 

Package: sbuild
Version: 0.80.0
Severity: serious
File: /usr/share/sbuild/create-chroot
User: debian-de...@lists.debian.org
Usertags: bullseye-security

With the release of Debian bullseye and later, security updates are
provided in the bullseye-security suite instead of bullseye/updates.

The above script references {BASE}/updates but when bullseye is
released that should be replaced by {BASE}-security so it looks
like the script would generate an incorrect sources.list using /updates
instead of -security which would cause the new chroot to not get
security updates from bullseye in a timely manner.

I suggest that this script check the version of the Debian release in
question using distro-info and then if the release is 11 or higher,
then use {BASE}-security otherwise use {BASE}/updates as before.

It is much better to use distro-info than to hard-code the release
version numbers. It might even be a good idea to include the security
suite information in distro-info itself and look it up there.

   $ grep -A4 -B3 /updates /usr/share/sbuild/create-chroot
       if [ "$VARIANT" = "security" ]; then
           echo "I: Adding security entries to sources.list..."
           cat >> "${TEMPFILE}" <<EOT
   deb http://security-master.debian.org/debian-security ${BASE}/updates main 
contrib
   deb-src http://security-master.debian.org/debian-security ${BASE}/updates 
main contrib
   deb http://security-master.debian.org/buildd-${BASE} /
   deb-src http://security-master.debian.org/buildd-${BASE} /
   EOT
       fi

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.9.0-1-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sbuild depends on:
ii  adduser         3.118
ii  libsbuild-perl  0.80.0
ii  perl            5.30.3-4

Versions of packages sbuild recommends:
ii  autopkgtest  5.14
ii  debootstrap  1.0.123
ii  schroot      1.6.10-11

Versions of packages sbuild suggests:
pn  deborphan  <none>
ii  e2fsprogs  1.45.6-1
ii  kmod       27+20200310-2
ii  wget       1.20.3-1+b3

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to