[debian-mysql] Bug#977427: mariadb-10.5: bullseye: /updates -> -security

Paul Wise pabs at debian.org
Tue Dec 15 00:02:59 GMT 2020 

Source: mariadb-10.5
Version: 1:10.5.8-3
Severity: minor
File: storage/mroonga/packages/apt/build-deb.sh
User: debian-devel at lists.debian.org
Usertags: bullseye-security

With the release of Debian bullseye and later, security updates are
provided in the bullseye-security suite instead of bullseye/updates.

In the mariadb source package there appears to be a script that
generates a Debian chroot/container for building packages and that
script relies on appears to write an apt sources.list that will
not provide security updates for packages installed in the
chroot/container. I suggest that this script check the version of the
Debian release in question using distro-info and then if the release is
11 or higher, then use $release-security otherwise use $release/updates
as before. It is much better to use distro-info than to hard-code the
release version numbers. It might even be a good idea to include the
security suite information in distro-info itself and look it up there.

I filed this bug at severity minor since the script in question doesn't
appear to be used for any part of the Debian packages nor for building
the Debian packages, but only for some upstream packages.

   mariadb-10.5-10.5.8 $ grep -A6 -B10 /updates  storage/mroonga/packages/apt/build-deb.sh
   distribution=$(lsb_release --id --short | tr 'A-Z' 'a-z')
   case "${distribution}" in
     debian)
       component=main
       run cat <<EOF > /etc/apt/sources.list.d/groonga.list
   deb http://packages.groonga.org/debian/ ${code_name} main
   deb-src http://packages.groonga.org/debian/ ${code_name} main
   EOF
       if ! grep --quiet security /etc/apt/sources.list; then
         run cat <<EOF > /etc/apt/sources.list.d/security.list
   deb http://security.debian.org/ ${code_name}/updates main
   deb-src http://security.debian.org/ ${code_name}/updates main
   EOF
       fi
       run apt-get update
       run apt-get install -y --allow-unauthenticated groonga-keyring
       run apt-get update
       ;;

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-mysql-maint/attachments/20201215/54d36fe0/attachment-0001.sig>

More information about the pkg-mysql-maint mailing list