Project

General

Profile

Bug #15837

APT is not configured to install packages from our repo

Added by segfault 9 months ago. Updated 8 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
08/24/2018
Due date:
% Done:

100%

QA Check:
Pass
Feature Branch:
bugfix/15837-fix-apt-preferences+force-all-tests
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

Packages are supposed to be pinned to our repo with pin priority 990 in config/chroot_apt/preferences:

Package: *
Pin: origin deb.tails.boum.org
Pin-Priority: 990

But this doesn't work, because the origin is actually not deb.tails.boum.org but tor+http://jenw7xbd6tf7vfhp.onion.

That is because we replace the deb.tails.boum.org in /etc/apt/sources.list.d/tails.list in config/chroot_local-includes/lib/live/config/1500-reconfigure-APT:

### Custom APT repository

s{
   ^
   (deb(?:-src)?\s+)
   tor[+]https?://deb[.]tails[.]boum[.]org
   /?
   (\s+)
}{$1tor+http://jenw7xbd6tf7vfhp.onion/$2}xms;

' | perl -pi - /etc/apt/sources.list /etc/apt/sources.list.d/*.list

This script is executed at the end of the build of a Tails image, so when the packages are installed during the build, they are correctly installed from our repo.

To fix this, we could make config/chroot_local-includes/lib/live/config/1500-reconfigure-APT also replace the origin in the APT preferences.


Related issues

Blocks Tails - Bug #15834: 3.9rc1: gvfs-bin (and presumably other) dependency tangles Resolved 08/23/2018
Blocks Tails - Feature #15334: Core work 2018Q3: Foundations Team Resolved 02/20/2018
Blocks Tails - Bug #15973: APT pinning broken for stretch-backports Resolved 09/23/2018

Associated revisions

Revision ccbed75e (diff)
Added by segfault 8 months ago

Reconfigure custom APT repo in APT preferences (refs: #15837)

We change our repository from deb.tails.boum.org to jenw7xbd6tf7vfhp.onion
in the APT sources, so we also have to change it in the APT preferences,
or else the pinning is ignored and packages from Debian repos are
installed with higher priority.

Revision 2ac25fcd (diff)
Added by segfault 8 months ago

Simplify regex (refs: #15837)

Revision f3912498
Added by intrigeri 8 months ago

Merge branch 'bugfix/15837-fix-apt-preferences+force-all-tests' into stable (Fix-committed: #15837, #15834)

History

#1 Updated by segfault 9 months ago

  • Blocks Bug #15834: 3.9rc1: gvfs-bin (and presumably other) dependency tangles added

#2 Updated by intrigeri 9 months ago

#3 Updated by intrigeri 9 months ago

  • Assignee set to segfault

Do you want to fix this as part of your FT work?

#4 Updated by segfault 9 months ago

intrigeri wrote:

Do you want to fix this as part of your FT work?

Sure

#5 Updated by segfault 9 months ago

  • Feature Branch set to bugfix/15837-fix-apt-preferences

#6 Updated by segfault 9 months ago

  • Target version changed from Tails_3.9 to Tails_3.10.1

#7 Updated by segfault 8 months ago

I pushed a commit to the feature branch which should fix this, but I have still to build and test it.

#8 Updated by segfault 8 months ago

  • Assignee changed from segfault to intrigeri
  • QA Check set to Ready for QA

but I have still to build and test it

seems to work

#9 Updated by intrigeri 8 months ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 50
  • Feature Branch changed from bugfix/15837-fix-apt-preferences to bugfix/15837-fix-apt-preferences+force-all-tests

Thanks! Pushed to Jenkins with the +force-all-tests suffix, let's see how it goes :)

#10 Updated by intrigeri 8 months ago

segfault wrote:

This script is executed at the end of the build of a Tails image

FYI this is incorrect: /lib/live/config/ stuff is executed at boot time by the live-config service.

#11 Updated by intrigeri 8 months ago

  • Assignee changed from intrigeri to segfault
  • QA Check changed from Ready for QA to Dev Needed

About this part of the regexp:

+   /?
+   (\s+)

… I don't understand what this is supposed to match; is a / even legal here? I would be tempted to replace these two lines with $.

#12 Updated by segfault 8 months ago

  • Assignee changed from segfault to intrigeri
  • QA Check changed from Dev Needed to Ready for QA

intrigeri wrote:

About this part of the regexp:

[...]

… I don't understand what this is supposed to match; is a / even legal here? I would be tempted to replace these two lines with $.

You're right, this doesn't make sense and can be removed. I copied it from above in config/chroot_local-includes/lib/live/config/1500-reconfigure-APT. I replaced it with $ now.

#13 Updated by segfault 8 months ago

  • Blocks Bug #15973: APT pinning broken for stretch-backports added

#14 Updated by intrigeri 8 months ago

  • % Done changed from 50 to 60

Yeah, cargo cult-- :) Code review passes, will now test.

#15 Updated by intrigeri 8 months ago

  • Status changed from In Progress to Fix committed
  • % Done changed from 60 to 100
  • QA Check changed from Ready for QA to Pass

Merged :)

#16 Updated by intrigeri 8 months ago

  • Assignee deleted (intrigeri)

#17 Updated by intrigeri 8 months ago

  • Target version changed from Tails_3.10.1 to Tails_3.9.1

#18 Updated by anonym 8 months ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF