Project

General

Profile

Bug #8715

Cannot update APT package list without using torify

Added by kytv about 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
-
Target version:
Start date:
01/16/2015
Due date:
% Done:

100%

Feature Branch:
bugfix/8715-build-system-independent-APT-sources
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:

Description

In the current devel branch (revision 89d83695f5365f2868847bf7e3b4244c98cddeb2), updating the package list with apt-get update or from within synaptic fails.

torify apt-get update and torify synaptic both work.

(Found while running the tests for #8697.)


Related issues

Related to Tails - Feature #8726: Use homogenous Debian mirrors at build time Resolved 01/19/2015

Associated revisions

Revision 716fd0b7 (diff)
Added by Tails developers about 5 years ago

Switch to tor+http:// APT sources at boot time instead of at build time (Will-Fix: #8715).

live-build expects to be the only one that manages APT sources.
Since feature/8194-APT-socks was merged, we're breaking this assumption of its,
by mangling APT sources under live-build's feet via chroot_local-hooks.

More specifically, if:

  • $LB_MIRROR_CHROOT != $LB_MIRROR_BINARY or
    $LB_MIRROR_CHROOT_SECURITY != $LB_MIRROR_BINARY_SECURITY,
    as is the case when building with Vagrant or when following our manual
    build setup instructions accurately (live-build defaults to
    ftp.de.debian.org for some of its APT configuration),

or:

  • one has dropped .deb's in config/chroot_local-packages, as contributors
    without write access to our APT repository may want to do,

then after completing the chroot_local-hooks stage, lb_chroot_sources would
rewrite APT sources to match what we have previously configured (see the check
at lines 490-498 in live-build 2.x tree), and therefore the ISO image would have
http:// URLs configured instead of the expected tor+http://.

Therefore, let's mangle APT sources configuration at boot time instead.

Revision b4114bf5
Added by Tails developers almost 5 years ago

Merge remote-tracking branch 'origin/bugfix/8715-build-system-independent-APT-sources' into devel

Fix-committed: #8715

History

#1 Updated by intrigeri about 5 years ago

  • Assignee set to intrigeri

#2 Updated by intrigeri about 5 years ago

  • Priority changed from Normal to Elevated

#3 Updated by intrigeri about 5 years ago

  • Subject changed from Cannot update apt package list without using 'torify' to Cannot update APT package list without using torify
  • Assignee changed from intrigeri to kytv
  • QA Check set to Info Needed

I cannot reproduce this by hand in a current build from the devel branch:

  • set up an admin password
  • log in
  • start Terminal
  • sudo su -
  • apt-get update

What exact failure do you see?

#4 Updated by kytv about 5 years ago

I'll build a new iso and report back.

#5 Updated by intrigeri about 5 years ago

I also cannot reproduce that by running apt.feature from the devel branch on the latest devel ISO autobuild by our Jenkins.

#6 Updated by kytv about 5 years ago

  • Assignee changed from kytv to intrigeri
  • QA Check changed from Info Needed to Dev Needed

Hmm...

With a new ISO built from a clean workspace:

Script started on Fri 16 Jan 2015 11:23:16 PM UTC
]0;amnesia@amnesia: ~amnesia@amnesia:~$ sudo apt/get -get update
[sudo] password for amnesia: 

0% [Working]

Err http://ftp.us.debian.org experimental Release.gpg
      Could not resolve 'ftp.us.debian.org'

0% [Connecting to ftp.us.debian.org] [Connecting to security.debian.org] [Conne

Err http://deb.tails.boum.org devel Release.gpg
      Could not resolve 'deb.tails.boum.org'

0% [Connecting to ftp.us.debian.org] [Connecting to security.debian.org] [Conne

Err http://security.debian.org wheezy/updates Release.gpg
      Could not resolve 'security.debian.org'

0% [Connecting to ftp.us.debian.org] [Connecting to deb.torproject.org]

Err http://ftp.us.debian.org unstable Release.gpg
      Could not resolve 'ftp.us.debian.org'

0% [Connecting to ftp.us.debian.org] [Connecting to deb.torproject.org]

Err http://ftp.us.debian.org testing Release.gpg
      Could not resolve 'ftp.us.debian.org'

0% [Connecting to ftp.us.debian.org] [Connecting to deb.torproject.org]

Err http://ftp.us.debian.org wheezy-backports Release.gpg
      Could not resolve 'ftp.us.debian.org'

0% [Connecting to ftp.us.debian.org] [Connecting to deb.torproject.org]

Err http://deb.torproject.org wheezy Release.gpg
      Could not resolve 'deb.torproject.org'

0% [Connecting to ftp.us.debian.org]

Err http://deb.torproject.org sid Release.gpg
      Could not resolve 'deb.torproject.org'

0% [Connecting to ftp.us.debian.org]

Err http://ftp.us.debian.org wheezy Release.gpg
      Could not resolve 'ftp.us.debian.org'

0% [Working]

Reading package lists... 0%

Reading package lists... 0%

Reading package lists... 6%

Reading package lists... Done

W: Failed to fetch http://ftp.us.debian.org/debian/dists/wheezy/Release.gpg  Could not resolve 'ftp.us.debian.org'

W: Failed to fetch http://security.debian.org/dists/wheezy/updates/Release.gpg  Could not resolve 'security.debian.org'

W: Failed to fetch http://ftp.us.debian.org/debian/dists/experimental/Release.gpg  Could not resolve 'ftp.us.debian.org'

W: Failed to fetch http://ftp.us.debian.org/debian/dists/unstable/Release.gpg  Could not resolve 'ftp.us.debian.org'

W: Failed to fetch http://deb.tails.boum.org/dists/devel/Release.gpg  Could not resolve 'deb.tails.boum.org'

W: Failed to fetch http://ftp.us.debian.org/debian/dists/testing/Release.gpg  Could not resolve 'ftp.us.debian.org'

W: Failed to fetch http://deb.torproject.org/torproject.org/dists/wheezy/Release.gpg  Could not resolve 'deb.torproject.org'

W: Failed to fetch http://deb.torproject.org/torproject.org/dists/sid/Release.gpg  Could not resolve 'deb.torproject.org'

W: Failed to fetch http://ftp.us.debian.org/debian/dists/wheezy-backports/Release.gpg  Could not resolve 'ftp.us.debian.org'

W: Some index files failed to download. They have been ignored, or old ones used instead.
]0;amnesia@amnesia: ~amnesia@amnesia:~$ tails/v-version
1.3 - 20150116
89d83695f5365f2868847bf7e3b4244c98cddeb2
live-build: 3.0.5+really+is+2.0.12-0.tails1
live-boot: 3.0.1-1
live-config: 3.0.23-1+deb7u1
]0;amnesia@amnesia: ~amnesia@amnesia:~$ 
Script done on Fri 16 Jan 2015 11:23:34 PM UTC

#7 Updated by kytv about 5 years ago

  • Assignee changed from intrigeri to kytv
  • QA Check changed from Dev Needed to Info Needed

I'll try to figure out what's going on here, as I also cannot reproduce this with an ISO from jenkins.

#8 Updated by kytv about 5 years ago

  • Assignee changed from kytv to intrigeri
  • QA Check deleted (Info Needed)

In /var/log/syslog after running apt-get update

Jan 17 11:52:10 localhost kernel: [  603.031595] Dropped outbound packet: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=35371 DF PROTO=UDP SPT=40740 DPT=5353 LEN=41 UID=0 GID=0 
Jan 17 11:52:10 localhost kernel: [  603.031649] Dropped outbound packet: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=35372 DF PROTO=UDP SPT=35588 DPT=5353 LEN=41 UID=0 GID=0 
Jan 17 11:52:10 localhost kernel: [  603.031962] Dropped outbound packet: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=35373 DF PROTO=UDP SPT=38565 DPT=5353 LEN=41 UID=0 GID=0 
Jan 17 11:52:10 localhost kernel: [  603.032671] Dropped outbound packet: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=35374 DF PROTO=UDP SPT=33254 DPT=5353 LEN=41 UID=0 GID=0 
Jan 17 11:52:10 localhost kernel: [  603.032775] Dropped outbound packet: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=35375 DF PROTO=UDP SPT=50191 DPT=5353 LEN=41 UID=0 GID=0 
Jan 17 11:52:10 localhost kernel: [  603.032839] Dropped outbound packet: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=35376 DF PROTO=UDP SPT=55443 DPT=5353 LEN=41 UID=0 GID=0 
[...]

Perhaps another way of tackling this: How do apt-get/synaptic get access to the network without polipo and without apt-transport-tor?

#9 Updated by kytv about 5 years ago

The earlier builds were built within an lxc container. Later I tried building in the same KVM VM in which I have been running the test suite. I reproduced this problem there as well. As mentioned above I cannot reproduce the problem in this ticket with an ISO from http://nightly.tails.boum.org

I tried another build, freshly cloned from https://git-tails.immerda.ch/tails just in case something unwanted was merged into my local devel branch and for some unexplained reason git diff origin/devel did not show it. I was able to reproduce this problem in this resultant ISO as well.

#10 Updated by kytv about 5 years ago

Diffs between the squashfs files find this interesting discrepancy which explains why apt-get update does not work:

--- bad/etc/apt/sources.list    2015-01-16 23:24:39.000000000 +0000
+++ good/etc/apt/sources.list   2015-01-16 15:12:57.000000000 +0000
@@ -1,4 +1,4 @@
 # /etc/apt/sources.list

-deb http://http.debian.net/debian/ wheezy main contrib non-free
-deb http://security.debian.org/ wheezy/updates main contrib non-free
+deb tor+http://ftp.us.debian.org/debian/ wheezy main contrib non-free
+deb tor+http://security.debian.org/ wheezy/updates main contrib non-free
diff -Naur bad/etc/apt/sources.list.d/experimental.list good/etc/apt/sources.list.d/experimental.list
--- bad/etc/apt/sources.list.d/experimental.list        2015-01-16 23:24:39.000000000 +0000
+++ good/etc/apt/sources.list.d/experimental.list       2015-01-16 15:12:57.000000000 +0000
@@ -1 +1 @@
-deb http://ftp.us.debian.org/debian/ experimental main
+deb tor+http://ftp.us.debian.org/debian/ experimental main
diff -Naur bad/etc/apt/sources.list.d/sid.list good/etc/apt/sources.list.d/sid.list
--- bad/etc/apt/sources.list.d/sid.list 2015-01-16 23:24:39.000000000 +0000
+++ good/etc/apt/sources.list.d/sid.list        2015-01-16 15:12:57.000000000 +0000
@@ -1 +1 @@
-deb http://ftp.us.debian.org/debian/ unstable main contrib non-free
+deb tor+http://ftp.us.debian.org/debian/ unstable main contrib non-free
diff -Naur bad/etc/apt/sources.list.d/tails.list good/etc/apt/sources.list.d/tails.list
--- bad/etc/apt/sources.list.d/tails.list       2015-01-16 23:24:39.000000000 +0000
+++ good/etc/apt/sources.list.d/tails.list      2015-01-16 15:12:57.000000000 +0000
@@ -1 +1 @@
-deb http://deb.tails.boum.org/ devel main
+deb tor+http://deb.tails.boum.org/ devel main
diff -Naur bad/etc/apt/sources.list.d/testing.list good/etc/apt/sources.list.d/testing.list
--- bad/etc/apt/sources.list.d/testing.list     2015-01-16 23:24:39.000000000 +0000
+++ good/etc/apt/sources.list.d/testing.list    2015-01-16 15:12:57.000000000 +0000
@@ -1 +1 @@
-deb http://ftp.us.debian.org/debian/ testing main contrib non-free
+deb tor+http://ftp.us.debian.org/debian/ testing main contrib non-free
diff -Naur bad/etc/apt/sources.list.d/torproject.list good/etc/apt/sources.list.d/torproject.list
--- bad/etc/apt/sources.list.d/torproject.list  2015-01-16 23:24:39.000000000 +0000
+++ good/etc/apt/sources.list.d/torproject.list 2015-01-16 15:12:57.000000000 +0000
@@ -1,2 +1,2 @@
-deb http://deb.torproject.org/torproject.org wheezy main
-deb http://deb.torproject.org/torproject.org sid main
+deb tor+http://deb.torproject.org/torproject.org wheezy main
+deb tor+http://deb.torproject.org/torproject.org sid main
diff -Naur bad/etc/apt/sources.list.d/wheezy-backports.list good/etc/apt/sources.list.d/wheezy-backports.list
--- bad/etc/apt/sources.list.d/wheezy-backports.list    2015-01-16 23:24:39.000000000 +0000
+++ good/etc/apt/sources.list.d/wheezy-backports.list   2015-01-16 15:12:57.000000000 +0000
@@ -1 +1 @@
-deb http://ftp.us.debian.org/debian/ wheezy-backports main contrib non-free
+deb tor+http://ftp.us.debian.org/debian/ wheezy-backports main contrib non-free

But why they're different is still a mystery to me. In my git workspace:

$ git grep 'tor+http'
config/chroot_local-includes/usr/local/lib/apt-toggle-tor-http:    -E 's,\A ((?:\#)? \s* deb(?:-src)? \s+)http://,$1tor+http://,xms' \
wiki/src/contribute/design.mdwn:more elaborate version of) `s,http://,tor+http://` in APT sources.
wiki/src/contribute/design.mdwn:Then, APT will use the `tor+http` method, that is a simple torsocks
wiki/src/contribute/design.mdwn:- [[!tails_gitweb config/chroot_local-includes/usr/lib/apt/methods/tor+http]]

#11 Updated by kytv about 5 years ago

config/chroot_local-hooks/99-zzz_runtime_apt_configuration is run during the build.

Configuring APT for runtime
Truncating log files 
P: Begin executing hooks...
[...]

I'll add set -x to 99-zzz_runtime_apt_configuration and config/chroot_local-includes/usr/local/lib/apt-toggle-tor-http and run another build.

#12 Updated by kytv about 5 years ago

There's some sort of race condition.

I added the following patch:

diff --git a/config/chroot_local-includes/usr/local/lib/apt-toggle-tor-http b/config/chroot_local-includes/usr/local/lib/apt-toggle-tor-http
index 2ca1685..7f89c86 100755
--- a/config/chroot_local-includes/usr/local/lib/apt-toggle-tor-http
+++ b/config/chroot_local-includes/usr/local/lib/apt-toggle-tor-http
@@ -14,13 +14,15 @@ print_usage_and_exit () {
 case "$1" in
    on)
       perl -p -i \
-          -E 's,\A ((?:\#)? \s* deb(?:-src)? \s+)http://,$1tor+http://,xms' \
-          /etc/apt/sources.list /etc/apt/sources.list.d/*.list
+           -E 's,\A ((?:\#)? \s* deb(?:-src)? \s+)http://,$1tor+http://,xms' \
+           /etc/apt/sources.list /etc/apt/sources.list.d/*.list
+     cat /etc/apt/sources.list /etc/apt/sources.list.d/*.list
       ;;
    off)
       perl -p -i \
-          -E 's,\A ((?:\#)? \s* deb(?:-src)? \s+)tor[+]http://,$1http://,xms' \
-          /etc/apt/sources.list /etc/apt/sources.list.d/*.list
+           -E 's,\A ((?:\#)? \s* deb(?:-src)? \s+)tor[+]http://,$1http://,xms' \
+           /etc/apt/sources.list /etc/apt/sources.list.d/*.list
+     cat /etc/apt/sources.list /etc/apt/sources.list.d/*.list
       ;;
    *)
       print_usage_and_exit

and with this, the build log shows

Setting correct file permissions
Removing *.pyc 
Setting mtime on large files whose content generally do not change
Removing resolv.conf symbolic link
Configuring APT for runtime
# /etc/apt/sources.list

deb tor+http://ftp.de.debian.org/debian/ wheezy main contrib non-free
deb tor+http://security.debian.org/ wheezy/updates main contrib non-free
deb tor+http://ftp.us.debian.org/debian/ experimental main
deb tor+http://ftp.us.debian.org/debian/ unstable main contrib non-free
deb tor+http://deb.tails.boum.org/ devel main
deb tor+http://ftp.us.debian.org/debian/ testing main contrib non-free
deb tor+http://deb.torproject.org/torproject.org wheezy main
deb tor+http://deb.torproject.org/torproject.org sid main
deb tor+http://ftp.us.debian.org/debian/ wheezy-backports main contrib non-free
Truncating log files 
P: Begin executing hooks...
P: Begin executing hacks...

but I do not have the tor+http lines in the finished ISO.

#13 Updated by kytv about 5 years ago

  • QA Check set to Dev Needed
  • Starter set to No

#14 Updated by intrigeri about 5 years ago

There's some sort of race condition.

Wow, crazy. Can you please retry with the following patch applied?

--- a/auto/build
+++ b/auto/build
@@ -125,7 +125,7 @@ BUILD_END_FILENAME="${BUILD_DEST_FILENAME}.end.timestamp" 
 echo "Building $LB_BINARY_IMAGES image ${BUILD_BASENAME}..." 
 set -o pipefail
 date --utc '+%s' > "$BUILD_START_FILENAME" 
-time eatmydata lb build noauto ${@} 2>&1 | tee "${BUILD_LOG}" 
+time lb build noauto ${@} 2>&1 | tee "${BUILD_LOG}" 
 RET=$?
 if [ -e "${BUILD_FILENAME}.${BUILD_FILENAME_EXT}" ]; then
    if [ "$RET" -eq 0 ]; then

Note that we also run apt-toggle-tor-http on at the end of config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem.
Can you please add a cat after that call (last-but-one line in that hook) to see what's in sources.list at that stage?

#15 Updated by intrigeri about 5 years ago

  • Assignee changed from intrigeri to kytv
  • QA Check changed from Dev Needed to Info Needed

#16 Updated by kytv about 5 years ago

  • Assignee changed from kytv to intrigeri
  • QA Check changed from Info Needed to Dev Needed

To clarify, I used the following:

iff --git a/auto/build b/auto/build
index 1845bd6..5945b11 100755
--- a/auto/build
+++ b/auto/build
@@ -125,7 +125,7 @@ BUILD_END_FILENAME="${BUILD_DEST_FILENAME}.end.timestamp" 
 echo "Building $LB_BINARY_IMAGES image ${BUILD_BASENAME}..." 
 set -o pipefail
 date --utc '+%s' > "$BUILD_START_FILENAME" 
-time eatmydata lb build noauto ${@} 2>&1 | tee "${BUILD_LOG}" 
+time lb build noauto ${@} 2>&1 | tee "${BUILD_LOG}" 
 RET=$?
 if [ -e "${BUILD_FILENAME}.${BUILD_FILENAME_EXT}" ]; then
    if [ "$RET" -eq 0 ]; then
diff --git a/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem b/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
index 8fc75e1..1be92c6 100755
--- a/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
+++ b/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
@@ -50,5 +50,9 @@ Chroot chroot apt-get source syslinux="$(syslinux_deb_version_in_chroot)" 
 cp chroot/syslinux-*/bios/win32/syslinux.exe "$WIN32_BINARY_UTILS_DIR/" 
 rm -r chroot/syslinux*
 rm "$CHROOT_TEMP_APT_SOURCES" 
+echo "**********before apt-toggle-tor-http on**********" 
+cat chroot/etc/apt/sources.list chroot/etc/apt/sources.list.d/*.list
 Chroot chroot /usr/local/lib/apt-toggle-tor-http on
+echo "**********after apt-toggle-tor-http on**********" 
+cat chroot/etc/apt/sources.list chroot/etc/apt/sources.list.d/*.list
 Chroot chroot apt-get --yes purge dpkg-dev make # dpkg-dev depends on make

which led to the following result:

dpkg-source: warning: failed to verify signature on ./syslinux_6.03~pre20+dfsg-2~bpo70+1.dsc
dpkg-source: info: extracting syslinux in syslinux-6.03~pre20+dfsg
dpkg-source: info: unpacking syslinux_6.03~pre20+dfsg.orig.tar.xz
dpkg-source: info: unpacking syslinux_6.03~pre20+dfsg-2~bpo70+1.debian.tar.xz
dpkg-source: info: applying 0001-digest-sha.patch
dpkg-source: info: applying 0002-gfxboot-menu-label.patch
dpkg-source: info: applying 0003-extlinux-manpage.patch
dpkg-source: info: applying 0004-gnu-efi-git.patch
Fetched 7104 kB in 0s (14.5 MB/s)
**********before apt-toggle-tor-http on**********
# /etc/apt/sources.list

deb http://ftp.de.debian.org/debian/ wheezy main contrib non-free
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb http://ftp.us.debian.org/debian/ experimental main
deb http://ftp.us.debian.org/debian/ unstable main contrib non-free
deb http://deb.tails.boum.org/ devel main
deb http://ftp.us.debian.org/debian/ testing main contrib non-free
deb http://deb.torproject.org/torproject.org wheezy main
deb http://deb.torproject.org/torproject.org sid main
deb http://ftp.us.debian.org/debian/ wheezy-backports main contrib non-free
**********after apt-toggle-tor-http on**********
# /etc/apt/sources.list

deb tor+http://ftp.de.debian.org/debian/ wheezy main contrib non-free
deb tor+http://security.debian.org/ wheezy/updates main contrib non-free
deb tor+http://ftp.us.debian.org/debian/ experimental main
deb tor+http://ftp.us.debian.org/debian/ unstable main contrib non-free
deb tor+http://deb.tails.boum.org/ devel main
deb tor+http://ftp.us.debian.org/debian/ testing main contrib non-free
deb tor+http://deb.torproject.org/torproject.org wheezy main
deb tor+http://deb.torproject.org/torproject.org sid main
deb tor+http://ftp.us.debian.org/debian/ wheezy-backports main contrib non-free
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  dpkg-dev* make*
0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
After this operation, 2785 kB disk space will be freed.
(Reading database ... 136288 files and directories currently installed.)
Removing dpkg-dev ...

The resultant ISO did not have the desired lines in sources.list*.

#17 Updated by intrigeri about 5 years ago

Test results from Kill Your TV and anonym:

  • aufs doesn't seem to be the only culprit:
    • our Jenkins does use aufs for building but isn't affected
    • dropping aufs bits from the Vagrant build system didn't help
  • removing noatime from the mounts in the build script doesn't help
  • removing noxino from the aufs mounts in the build script doesn't help

#18 Updated by anonym about 5 years ago

This will fix the Vagrant builds after a rake vm:provision:

--- a/vagrant/provision/setup-tails-builder
+++ b/vagrant/provision/setup-tails-builder
@@ -102,5 +102,15 @@ update_live_build_conf()
 }

 # Force APT repositories to a fixed mirror
+update_live_build_conf LB_PARENT_MIRROR_BOOTSTRAP "http://ftp.us.debian.org/debian/" 
+update_live_build_conf LB_PARENT_MIRROR_BOOTSTRAP_SECURITY "http://security.debian.org/" 
+update_live_build_conf LB_MIRROR_BOOTSTRAP "http://ftp.us.debian.org/debian/" 
+update_live_build_conf LB_MIRROR_BOOTSTRAP_SECURITY "http://security.debian.org/" 
+update_live_build_conf LB_PARENT_MIRROR_CHROOT "http://ftp.us.debian.org/debian/" 
+update_live_build_conf LB_PARENT_MIRROR_CHROOT_SECURITY "http://security.debian.org/" 
+update_live_build_conf LB_MIRROR_CHROOT "http://ftp.us.debian.org/debian/" 
+update_live_build_conf LB_MIRROR_CHROOT_SECURITY "http://security.debian.org/" 
+update_live_build_conf LB_PARENT_MIRROR_BINARY "$LB_PARENT_MIRROR_CHROOT" 
+update_live_build_conf LB_PARENT_MIRROR_BINARY_SECURITY "$LB_PARENT_MIRROR_CHROOT_SECURITY" 
 update_live_build_conf LB_MIRROR_BINARY "http://ftp.us.debian.org/debian/" 
-update_live_build_conf LB_PARENT_MIRROR_BINARY "http://ftp.us.debian.org/debian/" 
+update_live_build_conf LB_MIRROR_BINARY_SECURITY "http://security.debian.org/" 

I leave the explaining to intrigeri. :)

#19 Updated by intrigeri about 5 years ago

  • Related to Feature #8726: Use homogenous Debian mirrors at build time added

#20 Updated by intrigeri about 5 years ago

  • Status changed from New to In Progress
  • Priority changed from Elevated to High
  • % Done changed from 0 to 10

The simple fix for this will be to replace the apt-toggle-tor-http logics at build-time entirely with a live-config hook.

#21 Updated by Tails about 5 years ago

Applied in changeset commit:01d00d12173f6669af5120eff0fbdc0a7414cc6a.

#22 Updated by Tails about 5 years ago

Applied in changeset commit:85a5f2e5ac19b350df3b890e72fb5a7cbd73861e.

#23 Updated by intrigeri about 5 years ago

  • Assignee deleted (intrigeri)
  • % Done changed from 10 to 50
  • QA Check changed from Dev Needed to Ready for QA
  • Feature Branch set to bugfix/8715-build-system-independent-APT-sources

#24 Updated by Tails almost 5 years ago

  • Status changed from In Progress to 11
  • % Done changed from 50 to 100

Applied in changeset commit:86e69440e64ef0b76c95b49eb69367b6fe30028c.

#25 Updated by anonym almost 5 years ago

  • QA Check changed from Ready for QA to Pass

#26 Updated by BitingBird almost 5 years ago

  • Status changed from 11 to Resolved

Also available in: Atom PDF