Quoting Johannes Schauer (2019-09-14 18:26:57) > Hi, > > Quoting Patrick Schleizer (2019-09-14 08:00:00) > > cowbuilder (or pbuilder?) calls debootstrap with: > > > > + args='--include=apt --variant=buildd --force-check-gpg buster > > /var/cache/pbuilder/base.cow_amd64 http://HTTPS///deb.debian.org/debian' > > > > I.e. it is possible to pass an apt repository URI through command line > > (above last argument). > > > > However, I am translating that in the wrapper to: > > > > --verbose --architectures=amd64 > > --aptopt=/home/user/whonix_binary/aptgetopt.conf > > --include=apt,sudo,devscripts,debhelper,strip-nondeterminism,fakeroot,apt-transport-tor,apt-transport-https,python,eatmydata,aptitude,cowdancer > > buster /var/cache/pbuilder/base.cow_amd64 > > /home/user/Whonix/build_sources/debian_stable_current_clearnet.list > > > > Using a file > > /home/user/Whonix/build_sources/debian_stable_current_clearnet.list > > which contains both, Debian "standard" repository as well as Debian > > security repository. > > > > This is to make use of mmdebstrap excellent security feature to > > bootstrap from two repositories at once. If the APT version in Debian > > "standard" repository had a vulnerability, then the vulnerable version > > would be installed first before vulnerable APT would be used to upgrade > > in a later step from Debian security repository. > > > > "Incompatibility" is perhaps a far stretched term. How do we "teach" > > grml-debootstrap, cowbuilder (or pbuilder?) "use both, Debian "standard" > > repository and Debian security repository when using mmdebstrap"? > > > > It's like "the ecosystem does not take advantage of mmdebstrap" yet. > > Okay, but as far as I can see there is nothing that can be done in > mmdebstrap about this, right?
If mmdebstrap were to support curl-style URL expansion, then current wrappers for debootstrap supporting only a single string could be abused to pass an expandable set of strings, like this: Perhaps mmdebstrab could support curl-style glob expansion of URLs + suite splitting, to allow passing multiple apt lines through wrappers which expects only a single base URL, like this: https://{deb.debian.org/debian/dists/{buster,buster-updates},security.debian.org/debian-security/dists/buster/updates} expanding to this: https://deb.debian.org/debian buster https://deb.debian.org/debian buster-updates https://security.debian.org/debian-security buster/updates Here's a quick one-line that maybe better explains what I mean: echo 'https://{deb.debian.org/debian/dists/{buster,buster-updates},security.debian.org/debian-security/dists/buster/updates}' | perl -MFile::Glob=:bsd_glob -nE 'say map { s,/dists/, ,r } bsd_glob($_, GLOB_BRACE | GLOB_NOMAGIC )' - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature