On Tue, Jan 21, 2025 at 12:50:36PM +0100, Julian Andres Klode wrote: > Control: severity -1 important > > On Tue, Feb 28, 2023 at 02:43:22PM +0100, David Prévot wrote: > > Source: apt-setup > > Severity: wishlist > > > > Hi, > > > > Thank you for maintaining d-i! > > > > I may be late to the bookworm party but… It would be nice if d-i could > > provide deb822-style sources.list (by default) for newly installed > > machines. > > > > Apologies in advance if I missed a duplicate in a more appropriate > > module. > > This has been sitting for almost 2 years again; the style of sources > apt-setup generate now triggers complaints from apt as APT recommends > every source have a signed-by field (and it then goes on to tell you > to migrate to deb822 .sources too if a missing signed-by is in a > .list file). > > As such I'm bumping this to important.
My prefered solution is to use a template, for `debian.sources`:
# Official @VENDOR@ sources.
# Available types: deb (binaries) deb-src (source code)
# Available suites: @SUITE@ (release) @SUITE@-updates (urgent updates)
# Available components:
# - main (free software)
# - contrib (explanation)
# - non-free (explanation)
#
# Make sure to keep the security updates configured for the same set
# of components in the following paragraph.
Types: deb @DEBSRC@
URIs: @MIRROR@
Suites: @SUITE@ @SUITE_UPDATE@
Components: @COMPONENTS@
Signed-By: @SIGNED_BY@
# Security updates.
Types: deb @DEBSRC@
URIs: @MIRROR_SECURITY@
Suites: @SUITE_SECURITY@
Components: @COMPONENTS@
Signed-By: @SIGNED_BY@
Note that @SUITE_UPDATES@ and @DEBSRC@ can be empty. You need to delete
trailing whitespaces and collapse multiple whitespaces:
's/ */ /g;s/ $//'
Note that the canonical format that software-properties generates
only supports comments at the start and end of the section, otherwise
Types: deb # deb-src
also would work.
An alternative approach is to use fine-grained key specification with
the individual archive security keys in each signed-by, rather than
using debian-archive-keyring.gpg; this however significantly worsens
user experience when changing Suites and whatnot so it's not
recommended.
Another alternative is to use default values instead of template
variables and sed them out like you'd sed the template values;
this way the template also is itself a valid sources file.
I propose removing apt-setup-verify and keeping failed sources
enabled, this is both significantly easier to implement, and
also means users will actually see warnings on their systems
rather than have to dig through disabled sources.
for third-party sources, `$NAME.sources`:
Types: deb @DEBSRC@
URIs: @MIRROR@
Suites: @SUITE@
Components: @COMPONENTS@
Signed-By: @SIGNED_BY@
The cdrom sources should be added ephemerally in cdrom.sources,
I'd prefer for them to not stick around in the installed system
as the cdrom code is not well-tested.
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
signature.asc
Description: PGP signature
