Re: Bullseye security.debian.org codename misconfigured?
On 1/23/22, Stefan Fritsch wrote: > Am 22.01.22 um 21:07 schrieb Bjørn Mork: >> Stefan Fritsch writes: >> >>> # cat /etc/apt/apt.conf.d/11-default-release >>> APT::Default-Release "bullseye"; >> >> Just don't do that. It breaks all normal preferences and will end up >> preferring "bullseye" over anything else. Including >> "bullseye-security". > > This used to work until buster. But it turns out the release-notes > mention this problem and the correct syntax is now: > > APT::Default-Release "/^bullseye(|-security|-updates)$/"; > > > The failure mode of silently not installing security updates is bad, > though. But I don't see an easy way to fix that. Maybe apt should print > a warning if one uses a simple codename as Default-Release? Congratulations on finding the fix. That's cool. It falls in line with how the repositories are declared. With respect to a proposed warning, I spent years naively a-suming that security updates were part of the primary, single line repository declaration. A little 4-watt light bulb went off overhead during a Debian-User exchange a couple years ago. Prior to that thread, I'd been on outside security tech lists and had seen major update advisories but could never figure out why I was not seeing those same packages update on my Debian. This type of ongoing warning might upset some longstanding Users... unless there was a way to have it only be once a month.. or.. maybe have a way to trigger it off permanently via the command line interface for e.g. apt and apt-get. Another alternative could evolve into a teaching moment by having a warning state where to turn the warning OFF in e.g. an apt or apt-get config file. It could be something like the very fix found for this current thread. That might lead newer users to explore those types of files more and thus learn more about the inner workings of Debian. It was something along those lines that triggered my interest in regularly tearing into my own install's files a number of years ago now. :) Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with birdseed *
Re: Bullseye security.debian.org codename misconfigured?
Am 22.01.22 um 21:07 schrieb Bjørn Mork: Stefan Fritsch writes: # cat /etc/apt/apt.conf.d/11-default-release APT::Default-Release "bullseye"; Just don't do that. It breaks all normal preferences and will end up preferring "bullseye" over anything else. Including "bullseye-security". This used to work until buster. But it turns out the release-notes mention this problem and the correct syntax is now: APT::Default-Release "/^bullseye(|-security|-updates)$/"; The failure mode of silently not installing security updates is bad, though. But I don't see an easy way to fix that. Maybe apt should print a warning if one uses a simple codename as Default-Release?
Re: Bullseye security.debian.org codename misconfigured?
Stefan Fritsch writes: > # cat /etc/apt/apt.conf.d/11-default-release > APT::Default-Release "bullseye"; Just don't do that. It breaks all normal preferences and will end up preferring "bullseye" over anything else. Including "bullseye-security". Use preferences instead if you need to tweak anything. See apt_preferences(5) Bjørn
Re: Bullseye security.debian.org codename misconfigured?
On 22.01.22 11:09, Stefan Fritsch wrote: *** 5.10.84-1 990 The 990 looks like pinning for me. Best regards Ulf
Re: Bullseye security.debian.org codename misconfigured?
* [Sat, Jan 22, 2022 at 11:09:20AM +0100] Stefan Fritsch: I think the bullseye-security codename should be "bullseye" instead. Or am I missing something The repo naming scheme has changed with bullseye. I do not have the announcement at hands, however the old '/updates' is now '-security', see https://www.debian.org/security/. Hth, Gian Piero.
Re: Bullseye security.debian.org codename misconfigured?
Hi Viktor, Am 22.01.22 um 11:34 schrieb SZÉPE Viktor: Idézem/Quoting Stefan Fritsch : I have noticed that the latest linux security update is not installed on my box. The package is available in # apt-cache policy linux-image-amd64 linux-image-amd64: Installed: 5.10.84-1 Candidate: 5.10.84-1 Version table: 5.15.15-1 500 500 http://mirror.hetzner.de/debian/packages unstable/main amd64 Packages 5.10.92-1 500 500 http://security.debian.org bullseye-security/main amd64 Packages *** 5.10.84-1 990 990 http://mirror.hetzner.de/debian/packages bullseye/main amd64 Packages 100 /var/lib/dpkg/status Hello Stefan! Try adding deb http://deb.debian.org/debian-security bullseye-security main contrib non-free Please see https://wiki.debian.org/NewInBullseye#Changes This does not change anything and I did not expect it to. It would be rather strange if different URLs had different code-name settings. It is not that apt cannot load the lists, it just does not recognize that bullseye-security is the same as bullseye. Cheers, Stefan
Re: Bullseye security.debian.org codename misconfigured?
Idézem/Quoting Stefan Fritsch : Hi, I have noticed that the latest linux security update is not installed on my box. The package is available in # apt-cache policy linux-image-amd64 linux-image-amd64: Installed: 5.10.84-1 Candidate: 5.10.84-1 Version table: 5.15.15-1 500 500 http://mirror.hetzner.de/debian/packages unstable/main amd64 Packages 5.10.92-1 500 500 http://security.debian.org bullseye-security/main amd64 Packages *** 5.10.84-1 990 990 http://mirror.hetzner.de/debian/packages bullseye/main amd64 Packages 100 /var/lib/dpkg/status Hello Stefan! Try adding deb http://deb.debian.org/debian-security bullseye-security main contrib non-free Please see https://wiki.debian.org/NewInBullseye#Changes SZÉPE Viktor, webes alkalmazás üzemeltetés / Running your application https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md ~~~ ügyelet 🌶️ hotline: +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület smime.p7s Description: S/MIME Signature
Bullseye security.debian.org codename misconfigured?
Hi, I have noticed that the latest linux security update is not installed on my box. The package is available in # apt-cache policy linux-image-amd64 linux-image-amd64: Installed: 5.10.84-1 Candidate: 5.10.84-1 Version table: 5.15.15-1 500 500 http://mirror.hetzner.de/debian/packages unstable/main amd64 Packages 5.10.92-1 500 500 http://security.debian.org bullseye-security/main amd64 Packages *** 5.10.84-1 990 990 http://mirror.hetzner.de/debian/packages bullseye/main amd64 Packages 100 /var/lib/dpkg/status But apt-get dist-upgrade does not install it. I have # cat /etc/apt/apt.conf.d/11-default-release APT::Default-Release "bullseye"; and bullseye-security has # grep -i code /var/lib/apt/lists/security.debian.org_dists_bullseye-security_InRelease Codename: bullseye-security while on buster, it's: $ grep -i code /var/lib/apt/lists/security.debian.org_dists_buster_updates_InRelease Codename: buster No -security there. I have no apt pinning configured on my box. I think the bullseye-security codename should be "bullseye" instead. Or am I missing something Cheers, Stefan
