found 610457 4.2-1 retitle 610457 xen-tools: no possibility to use a local security mirror for Ubuntu and Debian kthxbye
Hi Bruce, thanks for the bug report. Bruce Edge wrote: > When creating a lucid VM with the command line > > /usr/bin/xen-create-image --hostname lucid-build --mac=00:90:66:00:17:90 > --dist=lucid --force --dhcp --mirror=http://wlvmirror.lsi.com/ubuntu > --size=14Gb --memory=2Gb --arch=amd64 --partitions=dpm-build > --lvm=uss004 --role=builder --boot > > It hangs up trying to download packages.gz from: > http://security.ubuntu.com/ubuntu as the file > /usr/lib/xen-tools/lucid.d/20-setup-apt contains the following: > > deb-src ${mirror} ${dist} main restricted universe > deb ${mirror} ${dist}-updates main restricted universe multiverse > deb-src ${mirror} ${dist}-updates main restricted universe > deb http://security.ubuntu.com/ubuntu ${dist}-security main restricted > universe > deb-src http://security.ubuntu.com/ubuntu ${dist}-security main > restricted universe > > Note that the last 2 lines ignore the mirror setting. This is more or less on purpose since Ubuntu (and Debian) do the same on normal installations, too: Even if you choose a local mirror, security updates won't be fetched from there but from the official security repository. Additionally, with Debian or Ubuntu, normal mirrors don't have a copy of the security repository, so setting it up the way you expected or want it would break most other installations. > This means that if one is using a proxy, it will hang and eventually > timeout. xen-tools instructs apt to use an HTTP proxy, if one was configured in the Dom0. See lines 31-38 of /usr/lib/xen-tools/lucid.d/20-setup-apt. This is possibly a workaround you could use. It's though not yet configurable via configuration file or command line options, just via /etc/apt/apt.conf in the Dom0. But I can (now :-) imagine where this setup is not possible. But that's not the kind of proxy you use (something apt-proxy, apt-cacher, etc.). That kind of proxy is indeed currently not supported for security repositories. So this issue and the related Acquire::HTTP::Proxy issue pointed out above would be fixed by adding the following new features respectively configuration options: 1) Allowing to override the security mirror used for Ubuntu and Debian. 2) Allow to disable the usage of an security mirror even if the Dom0 has one configured. 3) Allow to manually configure the usage of Acquire::HTTP::Proxy in the DomU. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org