Project

General

Profile

Bug #12452

Offline build fails when the InRelease file gets too old

Added by arnaud over 2 years ago. Updated almost 2 years ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Build system
Target version:
-
Start date:
04/17/2017
Due date:
% Done:

0%

Feature Branch:
wip/12452-ignore-apt-valid-until-build-option
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

When doing offline builds, no downloads are performed, and instead files are taken from the cache of apt-cacher-ng.

Some of these files have an expiry date, as you can see in the VM with this command:

grep -rn Valid-Until /var/cache/apt-cacher-ng/

Different files have different expiry dates. As a consequence, offline builds fail after a few days, because 'apt-get update' returns this kind of errors:

E: Release file for http://ftp.us.debian.org/debian/dists/jessie-backports/InRelease is expired (invalid since 2d 0h 22min 54s). Updates for this repository will not be applied.

My first attempt to solve that is to tell apt to ignore the expiry date. I attach the patch so that you get the idea.

It worked for me, but I don't think it works in every situation. Here I just patched the file 'setup-tails-builder', but the truth is that there are 'apt-get update' scattered all along the build process, and my patch doesn't address them. So there will be situation where the build will fail even with this patch.

I'm not sure that it's a good idea to modify every file where 'apt-get update' is involved. It seems a bit messy, and I have no idea if the environment variable 'TAILS_OFFLINE_MODE' is propagated into the chroot.

History

#1 Updated by intrigeri over 2 years ago

  • Assignee set to anonym

My first attempt to solve that is to tell apt to ignore the expiry date. I attach the patch so that you get the idea.

(Without looking at the actual patch) IMO this should require toggling an explicit and opt-in setting, and not done automatically when offline mode is enabled: I want to be able to use TAILS_OFFLINE_MODE in a safe way, and most of the time I'm fine if it tells me that it can't be done.

#2 Updated by mercedes508 almost 2 years ago

Any news on this anonym?

#3 Updated by u almost 2 years ago

  • QA Check set to Info Needed

ping?

#4 Updated by anonym almost 2 years ago

  • Status changed from New to Confirmed

#5 Updated by anonym almost 2 years ago

intrigeri wrote:

My first attempt to solve that is to tell apt to ignore the expiry date. I attach the patch so that you get the idea.

(Without looking at the actual patch) IMO this should require toggling an explicit and opt-in setting, and not done automatically when offline mode is enabled: I want to be able to use TAILS_OFFLINE_MODE in a safe way, and most of the time I'm fine if it tells me that it can't be done.

Agreed. That option will also be useful when trying to reproduce a Tails release whose APT lists have expired.

#6 Updated by anonym almost 2 years ago

  • QA Check changed from Info Needed to Dev Needed
  • Feature Branch set to wip/12452-ignore-apt-valid-until-build-option

The WIP branch is basically a TODO. I think the generation of the base box, which would have to move to use tagged snapshots, makes this pretty difficult to implement. Damn. It's still worthwhile to implement this option without that part, for the reason arnaud opened this ticket, but it will not be helpful for reproducing a Tails version a long time after it was released.

#7 Updated by intrigeri almost 2 years ago

FTR I don't think this is part of our Core work or of the reprobuilds deliverable so feel free to set this as low prio and deassign yourself (=> the closest we have to good idea, wishlist, great patches are welcome).

Also available in: Atom PDF