Re: Security updates for wheezy breaking my FAI-installation
Chris Bannister cbannis...@slingshot.co.nz writes: On Wed, May 06, 2015 at 02:27:06PM +1000, Alexis wrote: Christian Seiler christ...@iwakd.de writes: Ok, since there appears to be some kind of confusion, I'll explain. [snip comprehensive explanatory/summary of what the various official Debian repos are used for] Thank you very much for all this - it's greatly appreciated! i'd like to suggest that this summary (or at least some parts thereof) be put on the Debian Wiki, e.g. as an 'OfficialRepositories' page (which seems to not exist, currently), and that it be linked to from various relevant pages. i feel this information is too valuable to perhaps get lost amongst the welter of emails to this list. :-) Anyone can edit or add to the wiki, even you. True. But i'm not willing to copy-and-paste someone's content to the Wiki without their permission. And trying to put it in my own words is very likely to introduce inaccuracies, given my inadequate knowledge in this area (as demonstrated by this thread). i would suggest that the people who should be editing the Wiki are those who have good knowledge of the subject area they're editing, not those of us still coming to grips with that subject area. Alexis. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87iobx19k3@gmail.com
Re: Security updates for wheezy breaking my FAI-installation
On Wed, May 06, 2015 at 02:27:06PM +1000, Alexis wrote: Christian Seiler christ...@iwakd.de writes: Ok, since there appears to be some kind of confusion, I'll explain. [snip comprehensive explanatory/summary of what the various official Debian repos are used for] Thank you very much for all this - it's greatly appreciated! i'd like to suggest that this summary (or at least some parts thereof) be put on the Debian Wiki, e.g. as an 'OfficialRepositories' page (which seems to not exist, currently), and that it be linked to from various relevant pages. i feel this information is too valuable to perhaps get lost amongst the welter of emails to this list. :-) Anyone can edit or add to the wiki, even you. -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150512140333.GN24560@tal
Re: Security updates for wheezy breaking my FAI-installation
Christian Seiler christ...@iwakd.de writes: Ok, since there appears to be some kind of confusion, I'll explain. [snip comprehensive explanatory/summary of what the various official Debian repos are used for] Thank you very much for all this - it's greatly appreciated! i'd like to suggest that this summary (or at least some parts thereof) be put on the Debian Wiki, e.g. as an 'OfficialRepositories' page (which seems to not exist, currently), and that it be linked to from various relevant pages. i feel this information is too valuable to perhaps get lost amongst the welter of emails to this list. :-) Thanks again! Alexis. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87twvqib51@gmail.com
Security updates for wheezy breaking my FAI-installation
Hello, recently I've encountered this problem when doing a server-installation with FAI from CD. There seems to be some security updates that break the dependencies I rely on. As of now I've disabled the security repository on the install-CD and enable it when the server is rebooted and do a regular apt-get update apt-get upgrade at which point I can install the security updates as expected. -- The following packages have unmet dependencies: libmysqlclient18 : Depends: libc6 (= 2.14) but 2.13-38+deb7u6 is installed. libcurl3 : Depends: libc6 (= 2.17) but 2.13-38+deb7u6 is installed. Depends: librtmp1 (= 2.4+20131018.git79459a2-3~) which is a virtual package. Depends: libssh2-1 (= 1.2.6) but it is not going to be installed. libgd2-xpm : Conflicts: libgd2 which is a virtual package. Conflicts: libgd2-noxpm but 2.0.36~rc1~dfsg-6.1 is to be installed. libcurl3-gnutls : Depends: libc6 (= 2.17) but 2.13-38+deb7u6 is installed. Depends: libgnutls-deb0-28 (= 3.3.0) but it is not going to be installed. Depends: librtmp1 (= 2.4+20131018.git79459a2-3~) which is a virtual package. Depends: libssh2-1 (= 1.2.6) but it is not going to be installed. libgd2-noxpm : Conflicts: libgd2 which is a virtual package. Conflicts: libgd2-xpm but 2.0.36~rc1~dfsg-6.1 is to be installed. The following actions will resolve these dependencies: Keep the following packages at their current version: 1) bsd-mailx [Not Installed] 2) etckeeper [Not Installed] 3) exim4 [Not Installed] 4) exim4-daemon-heavy [Not Installed] 5) fusiondirectory [Not Installed] 6) fusiondirectory-plugin-asterisk [Not Installed] 7) fusiondirectory-plugin-autofs [Not Installed] 8) fusiondirectory-plugin-database-connector [Not Installed] 9) fusiondirectory-plugin-dhcp [Not Installed] 10) fusiondirectory-plugin-sudo [Not Installed] 11) fusiondirectory-plugin-systems [Not Installed] 12) git [Not Installed] 13) icinga [Not Installed] 14) icinga-cgi [Not Installed] 15) icinga-common [Not Installed] 16) icinga-core [Not Installed] 17) libcurl3 [Not Installed] 18) libcurl3-gnutls [Not Installed] 19) libgd2-xpm [Not Installed] 20) libmysqlclient18 [Not Installed] 21) php-mdb2-driver-mysql [Not Installed] 22) php5-curl [Not Installed] 23) php5-gd [Not Installed] 24) php5-mysql [Not Installed] - My sources.list: deb http://http.debian.net/debian/ wheezy main deb http://security.debian.org/ stable/updates main deb http://http.debian.net/debian/ wheezy-updates main ## Backports repository: deb http://http.debian.net/debian/ wheezy-backports main # fusiondirectory repository deb http://repos.fusiondirectory.org/debian wheezy main # fusiondirectory debian-extra repository deb http://repos.fusiondirectory.org/debian-extra wheezy main - Any ideas on how to fix this? Seems to me to be a problem with the security updates, but perhaps I've just missed something. If you wish to test this behaviour, go to http://sverigelinux.github.io and download the torrent iso-file and do an install from that image. Kindest regards, Mathias
Re: Security updates for wheezy breaking my FAI-installation
Am 2015-05-04 09:48, schrieb Mathias Friman: recently Ive encountered this problem when doing a server-installation with FAI from CD. There seems to be some security updates that break the dependencies I rely on. As of now Ive disabled the security repository on the install-CD and enable it when the server is rebooted and do a regular apt-get update apt-get upgrade at which point I can install the security updates as expected. My sources.list: deb http://http.debian.net/debian/ wheezy main deb http://security.debian.org/ stable/updates main There's your problem. Wheezy isn't stable anymore since the release of Jessie, so if you reference stable, it will try to pull in the security updates for Jessie - and not Wheezy. And those require packages from Jessie (e.g. newer libc). Explicitly write wheezy/updates instead of stable/updates and your problem will go away. (You could also write oldstable in theory.) Personally, I generally don't like putting stable in sources.list but rather reference the code name explicitly. This has the advantage that I can dist-upgrade on my own timetable. (testing is a different matter, some people want to stay on testing and then you do want to put the alias in there and not the code name.) Christian -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/a50d321d3c53c1073af36fb4586a1...@iwakd.de
Re: Security updates for wheezy breaking my FAI-installation
Mathias Friman math...@workplays.se writes: My sources.list: deb http://http.debian.net/debian/ wheezy main deb http://security.debian.org/ stable/updates main deb http://http.debian.net/debian/ wheezy-updates main ## Backports repository: deb http://http.debian.net/debian/ wheezy-backports main # fusiondirectory repository deb http://repos.fusiondirectory.org/debian wheezy main # fusiondirectory debian-extra repository deb http://repos.fusiondirectory.org/debian-extra wheezy main - Any ideas on how to fix this? Seems to me to be a problem with the security updates, but perhaps I've just missed something. Probably: 'stable' now refers to jessie, not wheezy. So try changing the line: deb http://security.debian.org/ stable/updates main to: deb http://security.debian.org/ wheezy/updates main And my guess is that you should also remove the line: deb http://http.debian.net/debian/ wheezy-updates main Alexis. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/871tiwk5y0@gmail.com
Re: Security updates for wheezy breaking my FAI-installation
Am 2015-05-04 12:11, schrieb Alexis: And my guess is that you should also remove the line: deb http://http.debian.net/debian/ wheezy-updates main Why that? wheezy-updates still exists and if it was in there before, it was probably wanted explicitly. See: https://wiki.debian.org/StableUpdates Christian -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/85cf5f93ce951b93197c0957bfa62...@iwakd.de
Re: Security updates for wheezy breaking my FAI-installation
Christian Seiler christ...@iwakd.de writes: Am 2015-05-04 12:11, schrieb Alexis: And my guess is that you should also remove the line: deb http://http.debian.net/debian/ wheezy-updates main Why that? wheezy-updates still exists and if it was in there before, it was probably wanted explicitly. Not necessarily; people regularly cargo-cult config lines. I'll add this too, just in case. The fact that the config in question makes references to /both/ 'stable' /and/ 'wheezy' suggests to me that the config wasn't put together with a comprehensive understanding of how the Debian repos work. Further, afaik, the wheezy-updates line should refer to the same set of packages as the wheezy/updates line from security.debian.org. If that's so, then having two different lines refer to the same package set is merely confusing the config further. If not, then i would certainly be interested to know what the difference between the two archives is! Alexis. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87zj5kiqj5@gmail.com
Re: Security updates for wheezy breaking my FAI-installation
On Monday 04 May 2015 11:30:06 Alexis wrote: Further, afaik, the wheezy-updates line should refer to the same set of packages as the wheezy/updates line from security.debian.org. If that's so, then having two different lines refer to the same package set is merely confusing the config further. If not, then i would certainly be interested to know what the difference between the two archives is! One is security, as it says. The other is what used to be called volatile and is needed if you have e.g. a virus scanner of any kind. I certainly always use both and advise using both. They are quite different. Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201505041140.45440.lisi.re...@gmail.com
Re: Security updates for wheezy breaking my FAI-installation
Am 2015-05-04 12:30, schrieb Alexis: Further, afaik, the wheezy-updates line should refer to the same set of packages as the wheezy/updates line from security.debian.org. If that's so, then having two different lines refer to the same package set is merely confusing the config further. If not, then i would certainly be interested to know what the difference between the two archives is! I linked a wiki page in my previous email describing precisely what wheezy-updates is (and it is NOT the regular security update repository): https://wiki.debian.org/StableUpdates Christian -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/a02ac31c76d8abd2f3ee9c01258cc...@iwakd.de
Re: Security updates for wheezy breaking my FAI-installation
2015-05-04 13:03 GMT+02:00 Christian Seiler christ...@iwakd.de: Am 2015-05-04 12:30, schrieb Alexis: Further, afaik, the wheezy-updates line should refer to the same set of packages as the wheezy/updates line from security.debian.org. If that's so, then having two different lines refer to the same package set is merely confusing the config further. If not, then i would certainly be interested to know what the difference between the two archives is! I linked a wiki page in my previous email describing precisely what wheezy-updates is (and it is NOT the regular security update repository): https://wiki.debian.org/StableUpdates Christian Thank you all for the feedback, your tips indeed did the trick. :) Thanks also to gusnan @ #debian.se who solved it too. Sometimes one does stare too long at a problem not seeing the obvious... Kindest regards, Mathias
Re: Security updates for wheezy breaking my FAI-installation
Christian Seiler christ...@iwakd.de writes: I linked a wiki page in my previous email describing precisely what wheezy-updates is (and it is NOT the regular security update repository): https://wiki.debian.org/StableUpdates Yes, i read that: * Since it mentions things like updates to virus scanners, it seemed plausible to me that it was indeed the same repo. If, as you assert, it's not, then i think it's concerning that there are /two/ distinct repos one needs to enable in order to get all relevant security updates. * The page doesn't explain if 'wheezy-updates' is distinct from 'wheezy-backports', and if so, again, why there are two repos apparently addressing the same issue. (To wit, how to get more recent versions of packages than were released with stable.) * The phrase When a new package is made available via wheezy-updates is ambiguous to me; it can be read as either a new package [that wasn't included in the initial release of wheezy], or a new [version of a] package [that was included in the initial release of wheezy]. So, no, from my perspective, that page does /not/ describe precisely what wheezy-updates is. Alexis. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87wq0oinow@gmail.com
Re: Security updates for wheezy breaking my FAI-installation
Lisi Reisz lisi.re...@gmail.com writes: One is security, as it says. The other is what used to be called volatile and is needed if you have e.g. a virus scanner of any kind. Sorry, but as i alluded to in my last email to Christian, this doesn't make sense to me. Shouldn't people reasonably expect virus-scanner-related updates to be available via the /security/ repo? I certainly always use both and advise using both. They are quite different. Given that, i would like to suggest that the StableUpdates Wiki page be updated by someone who can fully address the points i raised in my last email to Christian. Alexis. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87vbg8imjt@gmail.com
Re: Security updates for wheezy breaking my FAI-installation
Am 2015-05-04 13:31, schrieb Alexis: * Since it mentions things like updates to virus scanners, it seemed plausible to me that it was indeed the same repo. If, as you assert, it's not, then i think it's concerning that there are /two/ distinct repos one needs to enable in order to get all relevant security updates. * The page doesn't explain if 'wheezy-updates' is distinct from 'wheezy-backports', and if so, again, why there are two repos apparently addressing the same issue. (To wit, how to get more recent versions of packages than were released with stable.) * The phrase When a new package is made available via wheezy-updates is ambiguous to me; it can be read as either a new package [that wasn't included in the initial release of wheezy], or a new [version of a] package [that was included in the initial release of wheezy]. So, no, from my perspective, that page does /not/ describe precisely what wheezy-updates is. Ok, since there appears to be some kind of confusion, I'll explain. There are 5 official repositories for Debian wheezy: (1) debian wheezy (2) debian-security wheezy/updates (3) debian wheezy-updates (4) debian wheezy-backports (5) debian wheezy-backports-sloppy (Same for jessie. squeeze is very similar, but backports is at a different location for historical reasons.) Repository (1) contains the packages of the latest wheezy point release (currently 7.8). Every time a new point release is made, e.g. 7.9 in the near future, this repository will be updated with new packages, but otherwise remains static. Repository (2) contains security updates, i.e. updates to packages that fix known security holes. Each update is accompanied with an advisory describing the security hole. Repository (3) contains a select number of packages from the pending point release, but is available immediately after the packages have been uploaded and accepted, not just at the time the point release is made. Every time a point release is made, the packages in this repository will also be found in repository (1). The reason this repository exists is to provide quicker for some specific packages. I already mentioned the examples of virus scanner definitions and timezone database updates. Note that virus scanner definition updates do NOT qualify as security updates per se, since it's not a security bug that's fixed by this. Repository (4) contains backports from jessie to wheezy. These are packages that will _never_ be part of a wheezy point release. They are provided for convenience reasons, because sometimes you need more recent versions of certain software packages. For example, wheezy-backports contains a more recent version of LibreOffice and the same kernel version as Jessie has. Backports do not necessarily receive the same amount of support the release itself receives, there it depends on the backporter as to how well maintained it is. (The examples I mentioned are well-maintained in backports from my experience, but with other packages YMMV.) Repository (5) contains backports from stretch (jessie + 1) and sid to wheezy. The policy of backports (4) is to be able to upgrade a system from wheezy + wheezy-backports to jessie (without jessie-backports), whereas backports-sloppy (5) also contains packages that are either not in jessie or newer versions than even jessie has. Now what to put in your sources.list? - At the very minimum, add the main repository (1) + the security updates (2). This means that you will have to take care of upgrades at every new point release only - or when one of the packages you are using has a security flaw and needs to be fixed. - If you are running software such as virus scanners or something that relies on accurate time zone information (say you are running a web site that needs to know about time zones because lots of people internationally use it - and you want to be able to keep up with countries that decide with just 1 or 2 days of advance notice when they change their time zone rules - like Egypt recently did), also add the wheezy-updates repository (3) to get updates to those things faster, not only at point releases. You will need to update slightly more often. After each point release, you will have the same set of packages as before. - If you need a more recent version of a package, you might find it in wheezy-backports (4). Note that if you are using backports, you should be a bit more knowlegable when it comes to using apt and solving dependency conflicts. And you should definitely read the changelogs and NEWS files of packages before taking the backports version, else you might run into a few surprises. (Example: package A drops support for feature B in Jessie. Wheezy's version still had that feature, but Jessie's doesn't anymore. Since the package in wheezy-backports comes from Jessie, it will also not have feature B anymore. This case is mentioned in the release
Re: Security updates for wheezy breaking my FAI-installation
On Monday 04 May 2015 12:31:27 Alexis wrote: Christian Seiler christ...@iwakd.de writes: I linked a wiki page in my previous email describing precisely what wheezy-updates is (and it is NOT the regular security update repository): https://wiki.debian.org/StableUpdates Yes, i read that: * Since it mentions things like updates to virus scanners, it seemed plausible to me that it was indeed the same repo. If, as you assert, it's not, then i think it's concerning that there are /two/ distinct repos one needs to enable in order to get all relevant security updates. * The page doesn't explain if 'wheezy-updates' is distinct from 'wheezy-backports', and if so, again, why there are two repos apparently addressing the same issue. (To wit, how to get more recent versions of packages than were released with stable.) * The phrase When a new package is made available via wheezy-updates is ambiguous to me; it can be read as either a new package [that wasn't included in the initial release of wheezy], or a new [version of a] package [that was included in the initial release of wheezy]. So, no, from my perspective, that page does /not/ describe precisely what wheezy-updates is. Why not start with what a repo is? That seems to be your problem. Or perhaps start with what a package is. Then what the versions are. Pwerhaps what Debian is? Backports and volatile (to use its old name for the sake of clarity) are totally different. Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201505041452.50472.lisi.re...@gmail.com
