[pkg-lxc-devel] Bug#970067: lxc-templates: bullseye: /updates -> -security
Paul Wise
pabs at debian.org
Fri Sep 11 06:18:36 BST 2020
Package: lxc-templates
Version: 3.0.4-3
Severity: serious
File: /usr/share/lxc/templates/lxc-debian
User: debian-devel at lists.debian.org
Usertags: bullseye-security
With the release of Debian bullseye and later, security updates are
provided in the bullseye-security suite instead of bullseye/updates.
The lxc-debian script appears to write an apt sources.list that will
not provide security updates for sources.list scripts created in order
to cater to Debian bullseye images. I suggest that this script check
the version of the Debian release in question using distro-info and
then if the release is 11 or higher, then use $release-security
otherwise use $release/updates as before. It is much better to use
distro-info than to hard-code the release version numbers. It might
even be a good idea to include the security suite information in
distro-info itself and look it up from there.
$ grep -A3 -B23 /updates /usr/share/lxc/templates/lxc-debian
write_sourceslist()
{
local rootfs="$1"; shift
local release="$1"; shift
local arch="$1"; shift
local prefix="deb"
if [ -n "${arch}" ]; then
prefix="deb [arch=${arch}]"
fi
if [ "$mainonly" = 1 ]; then
non_main=''
else
non_main=' contrib non-free'
fi
cat >> "${rootfs}/etc/apt/sources.list" << EOF
${prefix} $MIRROR ${release} main${non_main}
EOF
if [ "$release" != "unstable" -a "$release" != "sid" ]; then
cat >> "${rootfs}/etc/apt/sources.list" << EOF
${prefix} $SECURITY_MIRROR ${release}/updates main${non_main}
EOF
fi
}
--
bye,
pabs
https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20200911/473aa3a5/attachment.sig>
More information about the Pkg-lxc-devel
mailing list