Re: Definitive instructions for Buster LTS security updates

2022-02-22 Thread Keith Christian
> The OP is tilting at windmills.
>
> The example I posted has been used every three hours of my waking day
> for the past 2½ years. It fails when my cable company fails.
>
> The OP has quoted some hearsay off the web, period. And not a single
> reference with it. The OP calls this "pre-startup research", and
> will "verify [ … ] your suggestions" when the Oracle has handed down
> "the correct sources.list".
>
> Until then, the Buster machine will stay de-activated, the OP remains
> safe, and we await the Oracle.
>
> (Those who know their Classical history will realise that advice
> pulled from the Internet can be as ambiguous as the Oracle always was.)
>
> Cheers,
> David.

David,

Windmills, LOL.  I've always liked that one.
I brought up the old Buster machine and it's working fine with one mod
to he original sources list, uncommenting this line:
   deb http://security.debian.org/debian-security buster/updates main
Since I didn't know that Buster was not yet in LTS, and that there are
no changes needed, I thought I should ask first in case there were
repo changes.
Thanks for your comments.

Keith



Re: Definitive instructions for Buster LTS security updates

2022-02-22 Thread David Wright
On Tue 22 Feb 2022 at 13:50:20 (+), Tixy wrote:
> On Tue, 2022-02-22 at 06:00 -0700, Keith Christian wrote:
> > On Mon, Feb 21, 2022 at 7:33 AM Tixy  wrote:
> > > I assume because Buster isn't in Long Term Support yet, it's still in
> > > normal support by the security team. From the schedule on the wiki,
> > > it's due to go into LTS this July.
> > 
> > I remembered that I made a copy of the original sources.list file on
> > the day of install.
> > Here it is, I wonder why the security line failed to verify (Line 11) ?
> > The entire sources.list appears below.
> > 
> > # Line commented out by installer because it failed to verify:
> > #deb http://security.debian.org/debian-security buster/updates main
> > 
> > It seems this line should be uncommented?
> > 
> > #deb http://security.debian.org/debian-security buster/updates main
> 
> I just tried that URL and did an 'apt update' and it seemed to work,
> there were no errors and seemed to be download a new package list.
> Interesting that the one I had doesn't have the 'debian-security' bit.
> 
> Also, the online examples of sources.list for Buster have the URL
> 'http://deb.debian.org/debian-security', I beleive that uses the CDN.
> 
> So, for me, all three of these seem work...
> 
> deb http://security.debian.org/ buster/updates main
> deb http://security.debian.org/debian-security buster/updates main
> deb http://deb.debian.org/debian-security buster/updates main

The OP is tilting at windmills.

The example I posted has been used every three hours of my waking day
for the past 2½ years. It fails when my cable company fails.

The OP has quoted some hearsay off the web, period. And not a single
reference with it. The OP calls this "pre-startup research", and
will "verify [ … ] your suggestions" when the Oracle has handed down
"the correct sources.list".

Until then, the Buster machine will stay de-activated, the OP remains
safe, and we await the Oracle.

(Those who know their Classical history will realise that advice
pulled from the Internet can be as ambiguous as the Oracle always was.)

Cheers,
David.



Re: Definitive instructions for Buster LTS security updates

2022-02-22 Thread Tixy
On Tue, 2022-02-22 at 06:00 -0700, Keith Christian wrote:
> On Mon, Feb 21, 2022 at 7:33 AM Tixy  wrote:
> > I assume because Buster isn't in Long Term Support yet, it's still in
> > normal support by the security team. From the schedule on the wiki,
> > it's due to go into LTS this July.
> 
> Thanks Tixy,
> 
> I remembered that I made a copy of the original sources.list file on
> the day of install.
> Here it is, I wonder why the security line failed to verify (Line 11) ?
> The entire sources.list appears below.
> 
> # Line commented out by installer because it failed to verify:
> #deb http://security.debian.org/debian-security buster/updates main
> 
> It seems this line should be uncommented?
> 
> #deb http://security.debian.org/debian-security buster/updates main

I just tried that URL and did an 'apt update' and it seemed to work,
there were no errors and seemed to be download a new package list.
Interesting that the one I had doesn't have the 'debian-security' bit.

Also, the online examples of sources.list for Buster have the URL
'http://deb.debian.org/debian-security', I beleive that uses the CDN.

So, for me, all three of these seem work...

deb http://security.debian.org/ buster/updates main
deb http://security.debian.org/debian-security buster/updates main
deb http://deb.debian.org/debian-security buster/updates main

-- 
Tixy 



Re: Definitive instructions for Buster LTS security updates

2022-02-22 Thread Greg Wooledge
On Tue, Feb 22, 2022 at 06:00:53AM -0700, Keith Christian wrote:
> On Mon, Feb 21, 2022 at 7:33 AM Tixy  wrote:
> > I assume because Buster isn't in Long Term Support yet, it's still in
> > normal support by the security team. From the schedule on the wiki,
> > it's due to go into LTS this July.
> 
> Thanks Tixy,
> 
> I remembered that I made a copy of the original sources.list file on
> the day of install.
> Here it is, I wonder why the security line failed to verify (Line 11) ?
> The entire sources.list appears below.
> 
> # Line commented out by installer because it failed to verify:
> #deb http://security.debian.org/debian-security buster/updates main

Only someone who was present for the installation would know for sure,
but at the time, the installer was unable to contact that web site.
Could have been due to missing network interface firmware, or a transient
DNS problem, or ... who knows?

> It seems this line should be uncommented?
> 
> #deb http://security.debian.org/debian-security buster/updates main

Yes.

> 
> =LISTING START
> $ cat /etc/apt/sources.list.orig
> #
> 
> # deb cdrom:[Official Debian GNU/Linux Live 10.0.0 kde
> 2019-07-06T10:52]/ buster main
> 
> #deb cdrom:[Official Debian GNU/Linux Live 10.0.0 kde
> 2019-07-06T10:52]/ buster main
> 
> deb http://deb.debian.org/debian/ buster main
> deb-src http://deb.debian.org/debian/ buster main

But that one worked?  Interesting.  That points more toward an issue
with DNS or with the (small) set of security.debian.org servers, rather
than something like missing firmware which would have affected all
network activity during the installation.



Re: Definitive instructions for Buster LTS security updates

2022-02-22 Thread Keith Christian
On Mon, Feb 21, 2022 at 7:33 AM Tixy  wrote:
> I assume because Buster isn't in Long Term Support yet, it's still in
> normal support by the security team. From the schedule on the wiki,
> it's due to go into LTS this July.

Thanks Tixy,

I remembered that I made a copy of the original sources.list file on
the day of install.
Here it is, I wonder why the security line failed to verify (Line 11) ?
The entire sources.list appears below.

# Line commented out by installer because it failed to verify:
#deb http://security.debian.org/debian-security buster/updates main

It seems this line should be uncommented?

#deb http://security.debian.org/debian-security buster/updates main

=LISTING START
$ cat /etc/apt/sources.list.orig
#

# deb cdrom:[Official Debian GNU/Linux Live 10.0.0 kde
2019-07-06T10:52]/ buster main

#deb cdrom:[Official Debian GNU/Linux Live 10.0.0 kde
2019-07-06T10:52]/ buster main

deb http://deb.debian.org/debian/ buster main
deb-src http://deb.debian.org/debian/ buster main

# Line commented out by installer because it failed to verify:
#deb http://security.debian.org/debian-security buster/updates main
# Line commented out by installer because it failed to verify:
#deb-src http://security.debian.org/debian-security buster/updates main

# buster-updates, previously known as 'volatile'
# Line commented out by installer because it failed to verify:
#deb http://deb.debian.org/debian/ buster-updates main
# Line commented out by installer because it failed to verify:
#deb-src http://deb.debian.org/debian/ buster-updates main

# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.
=LISTING END

Keith



Re: Definitive instructions for Buster LTS security updates

2022-02-21 Thread Andrew M.A. Cater
On Mon, Feb 21, 2022 at 04:28:33PM +0100, Christian Britz wrote:
> 
> 
> On 2022-02-21 15:45 UTC+0100, David Wright wrote:
> 
> > AFAICT, running buster, nothing has yet changed. My sources.list
> > is attached (ignore the first line), and as of this morning it
> > yields:
> And I think nothing will change in the future. Take the Stretch example
> at https://wiki.debian.org/LTS/Using. The sources.list stayed the same.
> Maybe buster-updates will disappear, I do not know how this is handled.
> 
> IMO it makes totally sense to leave this unchanged - every system will
> automatically benefit from LTS.
> 

Things may change in the future - but as it stands, Buster is oldstable
and therefore supported for a year after the release of Bullseye with
no change in sources.list.

It should stay supported until 20220714 this way.

All the very best, as ever,

Andy Cater


> -- 
> http://www.cb-fraggle.de
> 



Re: Definitive instructions for Buster LTS security updates

2022-02-21 Thread Tixy
On Mon, 2022-02-21 at 15:48 +, Tixy wrote:
> On Mon, 2022-02-21 at 08:16 -0700, Keith Christian wrote:
> > The Buster machine I'm planning to re-activate is still powered off
> > until I find the exact security update lines for sources.list.
> 
> These won't have changed since you first installed Buster. As I said in
> my other reply, Buster isn't yet in Long Term Support, it's still
> getting updates from Debian's security team in the same way it did the
> very day after it was first released.

If you want to know what to know what to put in sources.list, here's
what's in mine...

deb http://ftp.debian.org/debian/ buster main
#deb-src http://ftp.debian.org/debian/ buster main

deb http://security.debian.org/ buster/updates main
#deb-src http://security.debian.org/ buster/updates main

-- 
Tixy




Re: Definitive instructions for Buster LTS security updates

2022-02-21 Thread Tixy
On Mon, 2022-02-21 at 08:16 -0700, Keith Christian wrote:
> The Buster machine I'm planning to re-activate is still powered off
> until I find the exact security update lines for sources.list.

These won't have changed since you first installed Buster. As I said in
my other reply, Buster isn't yet in Long Term Support, it's still
getting updates from Debian's security team in the same way it did the
very day after it was first released.

-- 
Tixy




Re: Definitive instructions for Buster LTS security updates

2022-02-21 Thread Chuck Zmudzinski

On 2/21/2022 10:28 AM, Christian Britz wrote:


On 2022-02-21 15:45 UTC+0100, David Wright wrote:


AFAICT, running buster, nothing has yet changed. My sources.list
is attached (ignore the first line), and as of this morning it
yields:

And I think nothing will change in the future. Take the Stretch example
at https://wiki.debian.org/LTS/Using. The sources.list stayed the same.
Maybe buster-updates will disappear, I do not know how this is handled.

IMO it makes totally sense to leave this unchanged - every system will
automatically benefit from LTS.



I also experienced the same behavior with Jessie and now with Stretch.
I did not need to change anything in sources.list, and I received the
LTS updates for Jessie and I still receive them for Stretch while it is 
still

getting LTS updates. So I would expect buster to also not need any changes
to sources.list to receive LTS updates.

Regards,

Chuck Zmudzinski



Re: Definitive instructions for Buster LTS security updates

2022-02-21 Thread Christian Britz



On 2022-02-21 15:45 UTC+0100, David Wright wrote:

> AFAICT, running buster, nothing has yet changed. My sources.list
> is attached (ignore the first line), and as of this morning it
> yields:
And I think nothing will change in the future. Take the Stretch example
at https://wiki.debian.org/LTS/Using. The sources.list stayed the same.
Maybe buster-updates will disappear, I do not know how this is handled.

IMO it makes totally sense to leave this unchanged - every system will
automatically benefit from LTS.

-- 
http://www.cb-fraggle.de



Re: Definitive instructions for Buster LTS security updates

2022-02-21 Thread Keith Christian
On Mon, Feb 21, 2022 at 6:31 AM Greg Wooledge  wrote:
>
> On Mon, Feb 21, 2022 at 06:25:35AM -0700, Keith Christian wrote:
> > My first search brought me to wiki.debian.org, where I landed on the
> > /LTS/Using page, but it contained no Buster-specific instructions.
>
> See also  which says:
>
> Q) Where do I get buster packages?
> Use the following sources for buster:
>
> deb http://deb.debian.org/debian/ buster main
> deb http://security.debian.org/debian-security buster/updates main
>
> > E: The repository 'http://deb.debian.org/debian buster/updates
> > Release' does not have a Release file.
>
> You've got an error here.  Either you meant this to be a security line,
> and you've forgotten to use "debian-security" at the tail end of the
> URL field, or else you meant this to be a "buster-updates" line, and
> accidentally used a / instead of a - character in the third field.
>
> (I'm not sure if a  buster-updates repository section still exists for
> that release, but if it does, it'll be spelled with a hyphen.)
>


Thanks Greg,
The Buster machine I'm planning to re-activate is still powered off
until I find the exact security update lines for sources.list.
This error that you mention below is an example from my "pre-startup
research," showing a user's report.
When I find the correct sources.list lines I'll verify them with your
suggestions below.

> > E: The repository 'http://deb.debian.org/debian buster/updates
> > Release' does not have a Release file.
>
> You've got an error here.  Either you meant this to be a security line,
> and you've forgotten to use "debian-security" at the tail end of the
> URL field, or else you meant this to be a "buster-updates" line, and
> accidentally used a / instead of a - character in the third field.

Keith



Re: Definitive instructions for Buster LTS security updates

2022-02-21 Thread David Wright
On Mon 21 Feb 2022 at 08:30:54 (-0500), Greg Wooledge wrote:
> On Mon, Feb 21, 2022 at 06:25:35AM -0700, Keith Christian wrote:
> > My first search brought me to wiki.debian.org, where I landed on the
> > /LTS/Using page, but it contained no Buster-specific instructions.
> 
> See also  which says:
> 
> Q) Where do I get buster packages?
> Use the following sources for buster:
> 
> deb http://deb.debian.org/debian/ buster main
> deb http://security.debian.org/debian-security buster/updates main
> 
> > E: The repository 'http://deb.debian.org/debian buster/updates
> > Release' does not have a Release file.
> 
> You've got an error here.  Either you meant this to be a security line,
> and you've forgotten to use "debian-security" at the tail end of the
> URL field, or else you meant this to be a "buster-updates" line, and
> accidentally used a / instead of a - character in the third field.
> 
> (I'm not sure if a  buster-updates repository section still exists for
> that release, but if it does, it'll be spelled with a hyphen.)

AFAICT, running buster, nothing has yet changed. My sources.list
is attached (ignore the first line), and as of this morning it
yields:

 Feb 21 02:17 deb.debian.org_debian_dists_buster-updates_InRelease
 Jan 24 14:34 
deb.debian.org_debian_dists_buster-updates_main_Contents-amd64.diff_Index
 Jan 24 14:34 deb.debian.org_debian_dists_buster-updates_main_Contents-amd64.lz4
 Jan 24 14:34 
deb.debian.org_debian_dists_buster-updates_main_binary-amd64_Packages
 Jan 24 14:34 
deb.debian.org_debian_dists_buster-updates_main_binary-amd64_Packages.diff_Index
 Jan 24 14:34 
deb.debian.org_debian_dists_buster-updates_main_i18n_Translation-en
 Jan 24 14:34 
deb.debian.org_debian_dists_buster-updates_main_i18n_Translation-en.diff_Index
 Jan 24 14:34 deb.debian.org_debian_dists_buster-updates_main_source_Sources
 Jan 24 14:34 
deb.debian.org_debian_dists_buster-updates_main_source_Sources.diff_Index
 Oct  9 05:55 deb.debian.org_debian_dists_buster_InRelease
 Feb  6  2021 deb.debian.org_debian_dists_buster_contrib_Contents-amd64.lz4
 Oct  9 05:19 deb.debian.org_debian_dists_buster_contrib_binary-amd64_Packages
 Feb  6  2021 deb.debian.org_debian_dists_buster_contrib_i18n_Translation-en
 Oct  9 05:19 deb.debian.org_debian_dists_buster_contrib_source_Sources
 Oct  9 05:22 deb.debian.org_debian_dists_buster_main_Contents-amd64.lz4
 Oct  9 05:19 deb.debian.org_debian_dists_buster_main_binary-amd64_Packages
 Oct  9 05:19 deb.debian.org_debian_dists_buster_main_i18n_Translation-en
 Oct  9 05:19 deb.debian.org_debian_dists_buster_main_source_Sources
 Oct  9 05:20 deb.debian.org_debian_dists_buster_non-free_Contents-amd64.lz4
 Oct  9 05:19 deb.debian.org_debian_dists_buster_non-free_binary-amd64_Packages
 Oct  9 05:19 deb.debian.org_debian_dists_buster_non-free_i18n_Translation-en
 Oct  9 05:19 deb.debian.org_debian_dists_buster_non-free_source_Sources
 Feb 20 06:12 security.debian.org_debian-security_dists_buster_updates_InRelease
 Feb 19 13:44 
security.debian.org_debian-security_dists_buster_updates_main_binary-amd64_Packages
 Feb 18 12:55 
security.debian.org_debian-security_dists_buster_updates_main_i18n_Translation-en
 Feb 19 21:32 
security.debian.org_debian-security_dists_buster_updates_main_source_Sources
 Jun 26  2021 
security.debian.org_debian-security_dists_buster_updates_non-free_binary-amd64_Packages
 Nov 13  2019 
security.debian.org_debian-security_dists_buster_updates_non-free_i18n_Translation-en
 Jun 26  2021 
security.debian.org_debian-security_dists_buster_updates_non-free_source_Sources

(Contents files courtesy of apt-file, I assume.)

Cheers,
David.
# buster

# deb cdrom:[Debian GNU/Linux 10.0.0 _Buster_ - Official amd64 NETINST 
20190706-10:23]/ buster contrib main non-free

#deb cdrom:[Debian GNU/Linux 10.0.0 _Buster_ - Official amd64 NETINST 
20190706-10:23]/ buster contrib main non-free

deb http://deb.debian.org/debian/ buster main non-free contrib
deb-src http://deb.debian.org/debian/ buster main non-free contrib

deb http://security.debian.org/debian-security buster/updates main contrib 
non-free
deb-src http://security.debian.org/debian-security buster/updates main contrib 
non-free

# buster-updates, previously known as 'volatile'
deb http://deb.debian.org/debian/ buster-updates main contrib non-free
deb-src http://deb.debian.org/debian/ buster-updates main contrib non-free

# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.


Re: Definitive instructions for Buster LTS security updates

2022-02-21 Thread Tixy
On Mon, 2022-02-21 at 06:25 -0700, Keith Christian wrote:
> I plan to bring a Buster machine which has been shut down for quite a
> while online again.
> Before connecting it to the internet, I looked for instructions on how
> to add the LTS security updates entries to sources.list.
> 
> My first search brought me to wiki.debian.org, where I landed on the
> /LTS/Using page, but it contained no Buster-specific instructions.

I assume because Buster isn't in Long Term Support yet, it's still in
normal support by the security team. From the schedule on the wiki,
it's due to go into LTS this July.

-- 
Tixy



Re: Definitive instructions for Buster LTS security updates

2022-02-21 Thread Greg Wooledge
On Mon, Feb 21, 2022 at 06:25:35AM -0700, Keith Christian wrote:
> My first search brought me to wiki.debian.org, where I landed on the
> /LTS/Using page, but it contained no Buster-specific instructions.

See also  which says:

Q) Where do I get buster packages?
Use the following sources for buster:

deb http://deb.debian.org/debian/ buster main
deb http://security.debian.org/debian-security buster/updates main

> E: The repository 'http://deb.debian.org/debian buster/updates
> Release' does not have a Release file.

You've got an error here.  Either you meant this to be a security line,
and you've forgotten to use "debian-security" at the tail end of the
URL field, or else you meant this to be a "buster-updates" line, and
accidentally used a / instead of a - character in the third field.

(I'm not sure if a  buster-updates repository section still exists for
that release, but if it does, it'll be spelled with a hyphen.)



Definitive instructions for Buster LTS security updates

2022-02-21 Thread Keith Christian
I plan to bring a Buster machine which has been shut down for quite a
while online again.
Before connecting it to the internet, I looked for instructions on how
to add the LTS security updates entries to sources.list.

My first search brought me to wiki.debian.org, where I landed on the
/LTS/Using page, but it contained no Buster-specific instructions.

After more searches, I saw numerous posts containing messages like
these, and I decided to double check the procedure to obtain LTS
updates.

E: The repository 'http://deb.debian.org/debian buster/updates
Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
configuration details.

Seeing the above, I decided to ask here for the latest info.

Thanks!