Bug#871780: live-build: support for apt-transport-https
Seems I forgot something. What we are using for our project is --debootstrap-options "--include=apt-transport-https,ca-certificates,openssl" That should work. Andreas signature.asc Description: OpenPGP digital signature
Bug#871780: live-build: support for apt-transport-https
(sorry for double-posting, forgot to keep the bug in cc) Hi > This issue can be solved by supplying '--debootstrap-options > "--include=apt-transport-https"' to lb config on the command line or > in auto/config. Thanks for the suggestion! It looks like the '--debootstrap-options' switch was already implemented in jessie but was undocumented. Now it's even in the lb_config manpage. Cool. Unfortunately, it still doesn't work with the additional switch. The build process ignores/errs on https archive with error messages similar to this one: --- P: Configuring file /etc/apt/sources.list OK Ign:1 https://download.jitsi.org stable/ InRelease Ign:2 https://download.jitsi.org stable/ Release Ign:3 https://download.jitsi.org stable/ Packages Ign:4 https://download.jitsi.org stable/ Translation-en Ign:3 https://download.jitsi.org stable/ Packages Ign:4 https://download.jitsi.org stable/ Translation-en Ign:3 https://download.jitsi.org stable/ Packages Ign:4 https://download.jitsi.org stable/ Translation-en Ign:3 https://download.jitsi.org stable/ Packages Ign:4 https://download.jitsi.org stable/ Translation-en Ign:3 https://download.jitsi.org stable/ Packages Get:5 http://security.debian.org stretch/updates InRelease [62.9 kB] Ign:4 https://download.jitsi.org stable/ Translation-en Get:6 http://security.debian.org stretch/updates/main Sources [54.3 kB]Err:3 https://download.jitsi.org stable/ PackagesGet:7 http://security.debian.org stretch/updates/main amd64 Packages [139 kB] Ign:4 https://download.jitsi.org stable/ Translation-en Get:8 http://security.debian.org stretch/updates/main Translation-en [60.0 kB] Ign:9 http://ftp.debian.org/debian stretch InRelease Get:10 http://ftp.debian.org/debian stretch-updates InRelease [88.5 kB] Hit:11 http://ftp.debian.org/debian stretch Release Get:13 http://ftp.debian.org/debian stretch/main Sources [6749 kB] Get:14 http://ftp.debian.org/debian stretch/main Translation-en [5393 kB] Fetched 12.5 MB in 18s (661 kB/s) Reading package lists... Done W: The repository 'https://download.jitsi.org stable/ Release' does not have a Release file. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch https://download.jitsi.org/stable/Packages E: Some index files failed to download. They have been ignored, or old ones used instead. P: Begin unmounting filesystems... P: Saving caches... Reading package lists... Done Building dependency tree... Done --- Attached is a simple script to reproduce the error above. Just create an empty directory, put the script inside it and run it as root. Could you reproduce the issue? Is there another command line switch, configuration or patch necessary to support https archives? Best Ronny apt-https-test.sh Description: application/shellscript
Re: Bug#871780: live-build: support for apt-transport-https
Hi > This issue can be solved by supplying '--debootstrap-options > "--include=apt-transport-https"' to lb config on the command line or > in auto/config. Thanks for the suggestion! It looks like the '--debootstrap-options' switch was already implemented in jessie but was undocumented. Now it's even in the lb_config manpage. Cool. Unfortunately, it still doesn't work with the additional switch. The build process ignores/errs on https archive with error messages similar to this one: --- P: Configuring file /etc/apt/sources.list OK Ign:1 https://download.jitsi.org stable/ InRelease Ign:2 https://download.jitsi.org stable/ Release Ign:3 https://download.jitsi.org stable/ Packages Ign:4 https://download.jitsi.org stable/ Translation-en Ign:3 https://download.jitsi.org stable/ Packages Ign:4 https://download.jitsi.org stable/ Translation-en Ign:3 https://download.jitsi.org stable/ Packages Ign:4 https://download.jitsi.org stable/ Translation-en Ign:3 https://download.jitsi.org stable/ Packages Ign:4 https://download.jitsi.org stable/ Translation-en Ign:3 https://download.jitsi.org stable/ Packages Get:5 http://security.debian.org stretch/updates InRelease [62.9 kB] Ign:4 https://download.jitsi.org stable/ Translation-en Get:6 http://security.debian.org stretch/updates/main Sources [54.3 kB] Err:3 https://download.jitsi.org stable/ Packages Get:7 http://security.debian.org stretch/updates/main amd64 Packages [139 kB] Ign:4 https://download.jitsi.org stable/ Translation-en Get:8 http://security.debian.org stretch/updates/main Translation-en [60.0 kB] Ign:9 http://ftp.debian.org/debian stretch InRelease Get:10 http://ftp.debian.org/debian stretch-updates InRelease [88.5 kB] Hit:11 http://ftp.debian.org/debian stretch Release Get:13 http://ftp.debian.org/debian stretch/main Sources [6749 kB] Get:14 http://ftp.debian.org/debian stretch/main Translation-en [5393 kB] Fetched 12.5 MB in 18s (661 kB/s) Reading package lists... Done W: The repository 'https://download.jitsi.org stable/ Release' does not have a Release file. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch https://download.jitsi.org/stable/Packages E: Some index files failed to download. They have been ignored, or old ones used instead. P: Begin unmounting filesystems... P: Saving caches... Reading package lists... Done Building dependency tree... Done --- Attached is a simple script to reproduce the error above. Just create an empty directory, put the script inside it and run it as root. Could you reproduce the issue? Is there another command line switch, configuration or patch necessary to support https archives? Best Ronny apt-https-test.sh Description: application/shellscript
Bug#871780: live-build: support for apt-transport-https
Am 11.08.2017 um 15:06 schrieb Ronny Standtke: > Package: live-build > Version: 1:20170807 > Severity: normal > Tags: patch > > Debian Live currently doesn't support https archives (needed for e.g. the > upstream archives of itch.io or jitsi). > > The attached patch fixes this issue. > > Cheers > > Ronny > Hello, I appreciate your work, but I think your approach is too complex. This issue can be solved by supplying '--debootstrap-options "--include=apt-transport-https"' to lb config on the command line or in auto/config. If you want that to be the default, I am sure this can be set somewhere in the source, but I wouldn't include that in an "official" release. Including apt-transport-https in the bootstrap stage ensures that it does not fail because of https-repositories. Debootstrap uses only the main repository, which is non-https by default. This eliminates the need to patch the sources.list files. Bye, Andreas signature.asc Description: OpenPGP digital signature
Bug#871780: live-build: support for apt-transport-https
Package: live-build Version: 1:20170807 Severity: normal Tags: patch Debian Live currently doesn't support https archives (needed for e.g. the upstream archives of itch.io or jitsi). The attached patch fixes this issue. Cheers Ronny diff --git a/functions/apt-transport-https.sh b/functions/apt-transport-https.sh new file mode 100755 index 000..fcd55da --- /dev/null +++ b/functions/apt-transport-https.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +## live-build(7) - System Build Scripts +## Copyright (C) 2017 Ronny Standtke +## +## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING. +## This is free software, and you are welcome to redistribute it +## under certain conditions; see COPYING for details. + + +Enable_apt_transport_https () +{ + # Install apt-transport-https (if it is not installed yet) and we have repositories that use HTTPS + if [ ! -x "chroot/usr/lib/apt/methods/https" ] + then + for FILE in chroot/etc/apt/sources.list.d/*.list + do + # Check if repository contains HTTPS URLs + if grep -q "^deb https" "${FILE}" + then +# temporarily disable https repositories so that calling "apt-get update" doesn't fail before installing apt-transport-https +sed -i "s/^deb https/#bootstrapping deb https/" "${FILE}" +_APT_HTTPS="true" + fi + done + if [ "${_APT_HTTPS}" = "true" ] + then + Chroot chroot "apt-get ${APT_OPTIONS} update" + Chroot chroot "apt-get ${APT_OPTIONS} --force-yes install apt-transport-https" + # re-enable https repositories + for FILE in chroot/etc/apt/sources.list.d/*.list + do +sed -i "s/#bootstrapping deb https/deb https/" "${FILE}" + done + Chroot chroot "apt-get ${APT_OPTIONS} update" + fi + fi +} diff --git a/scripts/build/bootstrap_archives b/scripts/build/bootstrap_archives index f7bf7d8..3314628 100755 --- a/scripts/build/bootstrap_archives +++ b/scripts/build/bootstrap_archives @@ -240,6 +240,8 @@ then done fi +Enable_apt_transport_https + # Installing aptitude if [ "${LB_APT}" = "aptitude" ] && [ ! -x chroot/usr/bin/aptitude ] then diff --git a/scripts/build/chroot_archives b/scripts/build/chroot_archives index 85ad35b..ff46b5f 100755 --- a/scripts/build/chroot_archives +++ b/scripts/build/chroot_archives @@ -212,6 +212,8 @@ EOF fi done + Enable_apt_transport_https + # Configure local package repository if Find_files config/packages.chroot/*.deb || Find_files config/packages/*.deb then @@ -649,6 +651,8 @@ EOF fi done + Enable_apt_transport_https + # Updating indices Apt chroot update