Source: mariadb-10.5 Version: 1:10.5.8-3 Severity: minor File: storage/mroonga/packages/apt/build-deb.sh User: [email protected] Usertags: bullseye-security
With the release of Debian bullseye and later, security updates are
provided in the bullseye-security suite instead of bullseye/updates.
In the mariadb source package there appears to be a script that
generates a Debian chroot/container for building packages and that
script relies on appears to write an apt sources.list that will
not provide security updates for packages installed in the
chroot/container. I suggest that this script check the version of the
Debian release in question using distro-info and then if the release is
11 or higher, then use $release-security otherwise use $release/updates
as before. It is much better to use distro-info than to hard-code the
release version numbers. It might even be a good idea to include the
security suite information in distro-info itself and look it up there.
I filed this bug at severity minor since the script in question doesn't
appear to be used for any part of the Debian packages nor for building
the Debian packages, but only for some upstream packages.
mariadb-10.5-10.5.8 $ grep -A6 -B10 /updates
storage/mroonga/packages/apt/build-deb.sh
distribution=$(lsb_release --id --short | tr 'A-Z' 'a-z')
case "${distribution}" in
debian)
component=main
run cat <<EOF > /etc/apt/sources.list.d/groonga.list
deb http://packages.groonga.org/debian/ ${code_name} main
deb-src http://packages.groonga.org/debian/ ${code_name} main
EOF
if ! grep --quiet security /etc/apt/sources.list; then
run cat <<EOF > /etc/apt/sources.list.d/security.list
deb http://security.debian.org/ ${code_name}/updates main
deb-src http://security.debian.org/ ${code_name}/updates main
EOF
fi
run apt-get update
run apt-get install -y --allow-unauthenticated groonga-keyring
run apt-get update
;;
--
bye,
pabs
https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
